Developer Documentation
Citrix Secure Private Access Hybrid REST API Differences

Access Policies: Hybrid REST API mode differences

August 14, 2025
Contributed by: 
C

This page provides guidance for handling access policies using the Secure Private Access Hybrid REST APIs, highlighting only the differences from the standard API.

Key differences for Access Policies in hybrid mode

When using the Hybrid REST API mode for access policy extraction:

  • The following parameters and behaviors differ from the standard API:
    • Only one access rule is allowed per policy in hybrid mode. If multiple access rules are present, only the first will be included in the response.
    • The userAndGroups field under conditions is not applicable and will not be present in responses.
    • The tagSource value ThirdPartyDevicePosture is not allowed under rules and will not appear in any response.
    • The advancedSettings parameter (under accessRules) is not applicable and will not be present in responses.
    • The priority parameter remains required and is present as in the standard API.
  • All other properties, endpoint paths, and response behaviors are consistent with the standard API.

Example: Extract Access Policies (hybrid mode)

Request:

GET https://{hybridHostUrl}/accesssecurity/accessPolicy
Accept: application/json
Authorization: Bearer {token}
Citrix-CustomerId: {customerId}
...
<!--NeedCopy-->

Response sample (Hybrid Mode):

{
    "items": [
        {
            "id": "1f738e0a-7342-4f65-aa6c-af50c56dbfc7",
            "modified": "2022-10-27T09:05:58Z",
            "apps": [
                "1a1d2dce-f567-4369-8997-d4834fc64464"
            ],
            "name": "TestPolicy 1",
            "description": "TestPolicy Description",
            "priority": 73945,
            "active": false,
            "accessRules": [
                {
                    // Only one rule per policy; no userAndGroups, tagSource restricted, no advancedSettings
                }
            ]
        }
        // ... additional policy objects
    ],
    "totalNum": 4
}
<!--NeedCopy-->

Migration tip

If you are migrating from the standard API, ensure your automation and scripts account for:

  • Only one access rule per policy.
  • Removal of unsupported fields (userAndGroups, advancedSettings, restricted tagSource values).

Reference

For all other usage details, request/response handling, and additional examples, refer to the main Handling Access Policies with Secure Private Access API.

This document lists only the differences and requirements for Hybrid REST API mode.

Resources
Citrix Secure Private Access Hybrid REST API Differences OpenAPI Specification
Copy Download
Access Policies: Hybrid REST API mode differences
August 14, 2025
Contributed by: 
C
August 14, 2025
Contributed by: 
C

In this article

Resources
Citrix Secure Private Access Hybrid REST API Differences OpenAPI Specification
Copy Download
Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.