CSP origins

CSP origins allow you to configure domains, or origins, that Qlik Sense client visualizations/extensions are allowed to communicate with.

Download specification

List CSPs

Retrieves all content security policies for a tenant.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories embed

Query Parameters

  • childSrcboolean

    Filter resources by directive 'childSrc', true/false.

  • connectSrcboolean

    Filter resources by directive 'connectSrc', true/false.

  • connectSrcWSSboolean

    Filter resources by directive 'connectSrcWSS', true/false.

  • fontSrcboolean

    Filter resources by directive 'fontSrc', true/false.

  • formActionboolean

    Filter resources by directive 'formAction', true/false.

  • frameAncestorsboolean

    Filter resources by directive 'frameAncestors', true/false.

  • frameSrcboolean

    Filter resources by directive 'frameSrc', true/false.

  • imgSrcboolean

    Filter resources by directive 'imgSrc', true/false.

  • limitnumber

    Maximum number of CSP-Origins to retrieve.

    minimum = 1, maximum = 100, default = 20, default = 20

  • mediaSrcboolean

    Filter resources by directive 'mediaSrc', true/false.

  • namestring

    Filter resources by name (wildcard and case insensitive).

  • nextstring

    Cursor to the next page.

  • objectSrcboolean

    Filter resources by directive 'objectSrc', true/false.

  • originstring

    Filter resources by origin (wildcard and case insensitive).

  • prevstring

    Cursor to previous next page.

  • scriptSrcboolean

    Filter resources by directive 'scriptSrc', true/false.

  • sortstring

    Field to sort by, prefix with -/+ to indicate order.

    Can be one of: "name""-name""origin""-origin""createdDate""-createdDate""modifiedDate""-modifiedDate"

  • styleSrcboolean

    Filter resources by directive 'styleSrc', true/false.

  • workerSrcboolean

    Filter resources by directive 'workerSrc', true/false.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • dataarray of objects
      Show data properties
      • namestring

        The name for this entry.

        maxLength = 512

      • imgSrcboolean

        Specifies valid sources of images and favicons.

      • originstring
        Required

        The origin that the CSP directives should be applied to.

        maxLength = 256

      • fontSrcboolean

        Specifies valid sources for loading fonts.

      • childSrcboolean

        Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

      • frameSrcboolean

        Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

      • mediaSrcboolean

        Specifies valid sources for loading media using the audio and video elements.

      • styleSrcboolean

        Specifies valid sources for stylesheets.

      • objectSrcboolean

        Specifies valid sources for the object, embed, and applet elements.

      • scriptSrcboolean

        Specifies valid sources for JavaScript.

      • workerSrcboolean

        Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

      • connectSrcboolean

        Restricts the URLs that can be loaded using script interfaces.

      • formActionboolean

        Allow forms to be submitted to the origin.

      • createdDatestring

        The UTC timestamp when the CSP entry was created.

        format = "date-time"

      • descriptionstring

        The reason for adding this origin to the Content Security Policy.

        maxLength = 1024

      • modifiedDatestring

        The UTC timestamp when the CSP entry was last modified.

        format = "date-time"

      • connectSrcWSSboolean

        Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

      • frameAncestorsboolean

        Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

      • idstring

        The CSP entry's unique identifier.
    • linksobject
      Show links properties
      • nextobject
        Show next properties
        • hrefstring
          Required

          URL to a resource request.
      • prevobject
        Show prev properties
        • hrefstring
          Required

          URL to a resource request.
      • selfobject
        Show self properties
        • hrefstring
          Required

          URL to a resource request.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.
GET /v1/csp-origins 
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/csp-origins',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik csp-origin ls

Response

{
  "data": [
    {
      "name": "string",
      "imgSrc": true,
      "origin": "string",
      "fontSrc": true,
      "childSrc": true,
      "frameSrc": true,
      "mediaSrc": true,
      "styleSrc": true,
      "objectSrc": true,
      "scriptSrc": true,
      "workerSrc": true,
      "connectSrc": true,
      "formAction": true,
      "createdDate": "2018-10-30T07:06:22Z",
      "description": "string",
      "modifiedDate": "2018-10-30T07:06:22Z",
      "connectSrcWSS": true,
      "frameAncestors": true,
      "id": "string"
    }
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    },
    "self": {
      "href": "string"
    }
  }
}

Create a new CSP

Creates a new content security policy for an origin.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories embed

Request Body

Required

application/json

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

      maxLength = 512

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

      maxLength = 256

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

      maxLength = 1024

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

Responses

201

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

      maxLength = 512

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

      maxLength = 256

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • createdDatestring

      The UTC timestamp when the CSP entry was created.

      format = "date-time"

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

      maxLength = 1024

    • modifiedDatestring

      The UTC timestamp when the CSP entry was last modified.

      format = "date-time"

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

    • idstring

      The CSP entry's unique identifier.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.
POST /v1/csp-origins 
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins" \
-X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '{"name":"string","imgSrc":true,"origin":"string","fontSrc":true,"childSrc":true,"frameSrc":true,"mediaSrc":true,"styleSrc":true,"objectSrc":true,"scriptSrc":true,"workerSrc":true,"connectSrc":true,"formAction":true,"description":"string","connectSrcWSS":true,"frameAncestors":true}'
const https = require('https')
  const data = JSON.stringify({"name":"string","imgSrc":true,"origin":"string","fontSrc":true,"childSrc":true,"frameSrc":true,"mediaSrc":true,"styleSrc":true,"objectSrc":true,"scriptSrc":true,"workerSrc":true,"connectSrc":true,"formAction":true,"description":"string","connectSrcWSS":true,"frameAncestors":true})
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/csp-origins',
    'method': 'POST',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  req.write(data)
qlik csp-origin create \
--childSrc=true \
--connectSrc=true \
--connectSrcWSS=true \
--description="string" \
--fontSrc=true \
--formAction=true \
--frameAncestors=true \
--frameSrc=true \
--imgSrc=true \
--mediaSrc=true \
--name="string" \
--objectSrc=true \
--origin="string" \
--scriptSrc=true \
--styleSrc=true \
--workerSrc=true

Request

{
  "name": "string",
  "imgSrc": true,
  "origin": "string",
  "fontSrc": true,
  "childSrc": true,
  "frameSrc": true,
  "mediaSrc": true,
  "styleSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "workerSrc": true,
  "connectSrc": true,
  "formAction": true,
  "description": "string",
  "connectSrcWSS": true,
  "frameAncestors": true
}

Response

{
  "name": "string",
  "imgSrc": true,
  "origin": "string",
  "fontSrc": true,
  "childSrc": true,
  "frameSrc": true,
  "mediaSrc": true,
  "styleSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "workerSrc": true,
  "connectSrc": true,
  "formAction": true,
  "createdDate": "2018-10-30T07:06:22Z",
  "description": "string",
  "modifiedDate": "2018-10-30T07:06:22Z",
  "connectSrcWSS": true,
  "frameAncestors": true,
  "id": "string"
}

Get a CSP

Returns details for a specific content security policy.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories embed

Path Parameters

  • idstring
    Required

    The CSP entry's unique identifier.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

      maxLength = 512

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

      maxLength = 256

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • createdDatestring

      The UTC timestamp when the CSP entry was created.

      format = "date-time"

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

      maxLength = 1024

    • modifiedDatestring

      The UTC timestamp when the CSP entry was last modified.

      format = "date-time"

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

    • idstring

      The CSP entry's unique identifier.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

404

application/json

Not found

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.
GET /v1/csp-origins/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/csp-origins/{id}',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik csp-origin get <csp-originId>

Response

{
  "name": "string",
  "imgSrc": true,
  "origin": "string",
  "fontSrc": true,
  "childSrc": true,
  "frameSrc": true,
  "mediaSrc": true,
  "styleSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "workerSrc": true,
  "connectSrc": true,
  "formAction": true,
  "createdDate": "2018-10-30T07:06:22Z",
  "description": "string",
  "modifiedDate": "2018-10-30T07:06:22Z",
  "connectSrcWSS": true,
  "frameAncestors": true,
  "id": "string"
}

Update a CSP

Updates a content security policy.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories embed

Path Parameters

  • idstring
    Required

    The CSP entry's unique identifier.

Request Body

Required

application/json

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

      maxLength = 512

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

      maxLength = 256

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

      maxLength = 1024

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

      maxLength = 512

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

      maxLength = 256

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • createdDatestring

      The UTC timestamp when the CSP entry was created.

      format = "date-time"

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

      maxLength = 1024

    • modifiedDatestring

      The UTC timestamp when the CSP entry was last modified.

      format = "date-time"

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

    • idstring

      The CSP entry's unique identifier.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

404

application/json

Not found

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.
PUT /v1/csp-origins/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
-X PUT \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '{"name":"string","imgSrc":true,"origin":"string","fontSrc":true,"childSrc":true,"frameSrc":true,"mediaSrc":true,"styleSrc":true,"objectSrc":true,"scriptSrc":true,"workerSrc":true,"connectSrc":true,"formAction":true,"description":"string","connectSrcWSS":true,"frameAncestors":true}'
const https = require('https')
  const data = JSON.stringify({"name":"string","imgSrc":true,"origin":"string","fontSrc":true,"childSrc":true,"frameSrc":true,"mediaSrc":true,"styleSrc":true,"objectSrc":true,"scriptSrc":true,"workerSrc":true,"connectSrc":true,"formAction":true,"description":"string","connectSrcWSS":true,"frameAncestors":true})
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/csp-origins/{id}',
    'method': 'PUT',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  req.write(data)
qlik csp-origin update <csp-originId> \
--childSrc=true \
--connectSrc=true \
--connectSrcWSS=true \
--description="string" \
--fontSrc=true \
--formAction=true \
--frameAncestors=true \
--frameSrc=true \
--imgSrc=true \
--mediaSrc=true \
--name="string" \
--objectSrc=true \
--origin="string" \
--scriptSrc=true \
--styleSrc=true \
--workerSrc=true

Request

{
  "name": "string",
  "imgSrc": true,
  "origin": "string",
  "fontSrc": true,
  "childSrc": true,
  "frameSrc": true,
  "mediaSrc": true,
  "styleSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "workerSrc": true,
  "connectSrc": true,
  "formAction": true,
  "description": "string",
  "connectSrcWSS": true,
  "frameAncestors": true
}

Response

{
  "name": "string",
  "imgSrc": true,
  "origin": "string",
  "fontSrc": true,
  "childSrc": true,
  "frameSrc": true,
  "mediaSrc": true,
  "styleSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "workerSrc": true,
  "connectSrc": true,
  "formAction": true,
  "createdDate": "2018-10-30T07:06:22Z",
  "description": "string",
  "modifiedDate": "2018-10-30T07:06:22Z",
  "connectSrcWSS": true,
  "frameAncestors": true,
  "id": "string"
}

Delete a CSP

Deletes a specific content security policy.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories embed

Path Parameters

  • idstring
    Required

    The CSP entry's unique identifier.

Responses

204

No Content response.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

404

application/json

Not found

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.
DELETE /v1/csp-origins/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
-X DELETE \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/csp-origins/{id}',
    'method': 'DELETE',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik csp-origin rm <csp-originId>

Retrieve CSP header

Retrieves the full content security policy header (including all configured policies and origins) for the tenant.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories embed

Header Parameters

  • Acceptstring

    The Accept request HTTP header indicates which content types, expressed as MIME types, the client is able to understand

    Can be one of: "application/json""text/plain"

    default = "application/json"

Responses

200

text/plain

OK Response

  • text/plainstring

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • Content-Security-Policystring

      The compiled CSP header.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

406

application/json

Not Acceptable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.
GET /v1/csp-origins/actions/generate-header 
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/actions/generate-header" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/csp-origins/actions/generate-header',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik csp-origin generate-header

Response

"string"