Cisco
Login
Search
Software Secure Workload
Activity Configure

Secure Workload OpenAPIs Workspaces and Security Policies Workspaces Create a Workspace

Last updated: Jun 09, 2025

Create a Workspace

This endpoint creates a workspace (“application”). It is possible to define policies by posting a JSON body containing the cluster and policy definitions.


 

If a primary workspace exists for the same scope and new policies are provided, the policies will be added as a new version to the existing workspace.

 
POST /openapi/v1/applications

Parameters: The JSON query body contains the following keys

Name

Type

Description

app_scope_id

string

The scope ID to assign to the workspace.

name

string

(optional) A name for the workspace.

description

string

(optional) A description for the workspace.

alternate_query_mode

boolean

(optional) Indicates if ‘dynamic mode’ is used for the workspace. In the dynamic mode, an automatic policy discovery run creates one or more candidate queries for each cluster. Default value is true.

strict_validation

boolean

(optional) Will return an error if there are unknown keys or attributes in the uploaded data. Useful for catching misspelled keys. Default value is false.

primary

string

(optional) Set to ‘true’ to if this workspace should be primary for the associated scope. Default is true

Extra optional parameters may be included describing policies to be created within the workspace.


 

The scheme corresponds to that returned during export from the UI and the Details endpoint.

Name

Type

Description

clusters

array of clusters

Groups of nodes to be used to define policies.

inventory_filters

array of inventory filters

Filters on datacenter assets.

absolute_policies

array of policies

Ordered policies to be created with the absolute rank.

default_policies

array of policies

Ordered policies to be created with the default rank.

catch_all_action

string

“ALLOW” or “DENY”

Cluster object attributes:

Name

Type

Description

id

string

Unique identifier to be used with policies.

name

string

Displayed name of the cluster.

description

string

Description of the cluster.

nodes

array of nodes

Nodes or endpoints that are part of the

cluster.

consistent_uuid

string

Must be unique to a given workspace. After an automatic policy discovery run, the similar/same clusters in the next version will maintain the consistent_uuid.

Node object attributes:

Name

Type

Description

ip

string

IP or subnet of the node. For example 10.0.0.0/8 or 1.2.3.4

name

string

Displayed name of the node.

Inventory Filter object attributes:

Name

Type

Description

id

string

Unique identifier to be used with policies.

name

string

Displayed name of the cluster.

query

object

JSON object representation of an inventory filter query.

Policy object attributes:

Name

Type

Description

consumer_filter_id

string

ID of a cluster, user inventory filter or app scope.

provider_filter_id

string

ID of a cluster, user inventory filter or app scope.

action

string

“ALLOW” or “DENY”

l4_params

array of l4params

List of allowed ports and protocols.

L4Params object attributes:

Name

Type

Description

proto

integer

Protocol Integer value (NULL means all protocols).

port

array

Inclusive range of ports. For example, [80, 80] or [5000, 6000].

approved

boolean

(optional) Indicates if the policy is approved. Default is False.

Response object: Returns the newly created workspace object.

Sample python code 


  name = 'test'
  scope_id = '5ce480cc497d4f1b4b9a9e8d'
  filter_id = '5ce480cd497d4f1b4b9a9ea4'
  application = {
      'app_scope_id': scope_id,
      'name': name,
      'absolute_policies': [
          {
	      # consumer/provider filter IDs can be ID of a cluster identified during automatic policy discovery (formerly known as ADM),
	      # user inventory filter or app scope.
              'provider_filter_id': filter_id,
              'consumer_filter_id': filter_id,
              'action': 'ALLOW',
	      # ALLOW policy for TCP on port 80.
              'l4_params': [
                  {
                      'proto': 6, # TCP
                      'port': [80, 80],  # port range
                  }
              ],
          }
      ],
      'catch_all_action': 'ALLOW'
  }
  restclient.post('/applications', json_body=json.dumps(application))
Previous topic Retrieve a Single Workspace Next topic Import a New Version