Deleting disabled policies with Secure Private Access API

This use case details the instructions to delete all disabled access policies that have last been modified over a year ago. This is done first by getting the list of disabled policies, selecting those modified over a year ago, and then by deleting each of them with a different request.

Prerequisites

• {{Citrix-CustomerId}} for the specific Citrix Cloud customer that owns the applications/access policies that must be extracted.
• Bearer token. For details, see Getting started with Secure Private Access API.

Get the list of policies

The list of policies can be extracted by a GET request to the following endpoint, with the headers as described. The orderby=modified query parameter can be used so that the list returns sorted by the modification date. This sorting makes it easier to separate the policies modified over a year ago.

GET https://api.cloud.com/accesssecurity/accessPolicy?orderby=modified

Request header sample

Accept: application/json
Citrix-CustomerId: \{\{customerId\}\}
Authorization: CWSAuth Bearer=\{\{bearerToken\}\}
Citrix-TransactionId: \{\{Citrix-TransactionId\}\}
<!--NeedCopy-->

The Citrix-TransactionId header can be omitted.

Successful response sample

A 200 OK response contains a JSON body like the following:

{
    "items": [
        {
            "id": "1f738e0a-7342-4f65-aa6c-af50c56dbfc7",
            "modified": "2022-10-27T09:05:58Z",
            "apps": [
                "1a1d2dce-f567-4369-8997-d4834fc64464"
            ],
            "name": "TestPolicy 1",
            "description": "TestPolicy Description",
            "priority": 73945,
            "active": false,
            "accessRules": [...]
        },
        {
            "id": "7a738d4d-c6fb-46bf-8cdd-ba19097d25e6",
            "modified": "2022-12-06T12:41:55Z",
            "apps": [
                "b1030399-2312-4374-85a4-da6910da253e"
            ],
            "name": "TestPolicy 2",
            "description": "TestPolicy Description",
            "priority": 22920,
            "active": true,
            "accessRules": [...]
        },
        {
            "id": "e04f4bcb-807e-4743-8d4d-6a19e805f0c5",
            "modified": "2023-01-31T08:37:31Z",
            "apps": [
                "b1030399-2312-4374-85a4-da6910da253e"
            ],
            "name": "TestPolicy 3",
            "description": "TestPolicy Description",
            "priority": 12604,
            "active": false,
            "accessRules": [...]
        },
        {
            "id": "f75a4eab-5c5c-46cf-9155-42ee0e067902",
            "modified": "2023-02-03T13:13:23Z",
            "apps": [
                "b1030399-2312-4374-85a4-da6910da253e"
            ],
            "name": "TestPolicy 4",
            "description": "TestPolicy Description",
            "priority": 12202,
            "active": true,
            "accessRules": [...]
        }
    ],
    "totalNum": 4
}
<!--NeedCopy-->

The JSON object can be parsed and the policies retrieved from the items array. Each policy can be checked for active==false and modified>={(currentDate - 365 days) in ISO8601 format} thus separating the policies that are disabled and modified over a year ago. As the list is sorted, the user can break the loop if it reaches a modified date lesser than currentDate - 365 days. For each policy that meets the criteria, the user needs to only keep its ID which is required to delete the policy.

Delete selected policies

For each one of the policies selected from the preceding process request, the user must do a DELETE request to delete it. The policy UUID is appended to the request URL for each request:

DELETE https://api.cloud.com/accesssecurity/accessPolicy/{{policyUUID}}`

Request header sample

Accept: application/json
Citrix-CustomerId: \{\{customerId\}\}
Authorization: CWSAuth Bearer=\{\{bearerToken\}\}
Citrix-TransactionId: \{\{Citrix-TransactionId\}\}
<!--NeedCopy-->

The Citrix-TransactionId header can be omitted but it is recommended to use the Citrix-TransactionId returned by the previous GET request so that this particular stream of requests can be traced, in case support is needed. If the DELETE was successful a 204 NO CONTENT response is returned.

• For more details about the GET requests to get the policies list, the query parameters and the schema of the response, see Handling Policies with Secure Private Access API - Get List of Policies.
• For more details about the delete requests, see Handling Policies with Secure Private Access API - Delete Policy.

Delete policies from the Secure Private Access service user interface

1. Log in to Citrix Cloud.

2. Click the Manage tab in the Secure Private Access tile.

   

3. In the navigation pane, click Access Policies. You can see the list of the policies.

   

4. To delete a specific access policy, click the ellipsis button, and then click Delete.

5. 

For more information about handling access policies from the UI, see Create access policies.