{ "openapi": "3.0.2", "info": { "title": "StoreFront Web API", "version": "3.1" }, "servers": [ { "url": "https://storefront.example.com/Citrix/StoreWeb", "description": "The URL of the store website" } ], "tags": [ { "name": "Client Configuration", "description": "Obtain the client configuration settings for the site" }, { "name": "Session Keep Alive", "description": "Extend the duration of a session" }, { "name": "Authentication Methods", "description": "Determine which authentication methods are available, prior to initiating authentication." }, { "name": "Domain Pass-Through and Smart Card Authentication", "description": "Authenticate a user either using pass through authentication or a smart card device." }, { "name": "Explicit Forms Authentication", "description": "Authenticate a user using explicit forms authentication, where the user manually enters credentials." }, { "name": "SAML Single Sign-On", "description": "Authenticate a user using a configured external identity provider (IdP)." }, { "name": "Post Credentials Authentication", "description": "Authenticate a user by supplying the user’s credentials directly via HTTP POST" }, { "name": "NetScaler Gateway Single Sign-On", "description": "Automatically authenticate a user who has authenticated to NetScaler Gateway." }, { "name": "User Information", "description": "Obtain information about the user, such as the user’s name and the objectGuid of the user in AD if available." }, { "name": "Log Off", "description": "Log off a user's web session" }, { "name": "Resource Enumeration", "description": "Get a list of all the resources available for a user" }, { "name": "ICA Launch", "description": "Check if a resource is ready to launch, or to get an ICA file for launching a resource" }, { "name": "Icons", "description": "Retrieve icon image data relating to one or more resources" }, { "name": "Machine Power Off", "description": "Trigger a power off operation for the specified resource" }, { "name": "Resource Subscription", "description": "Perform resource subscription and unsubscription, and to update the relative position (as shown in the UI) of subscribed resources" }, { "name": "Session Enumeration", "description": "Use these requests to enumerate the authenticated user’s ICA sessions that are not connected to by the current client. Once enumerated, these sessions can be reconnected by using the session launch API." }, { "name": "Session Launch", "description": "Use these requests to reconnect to an existing session (either disconnected or active on some other client), as specified by session id" }, { "name": "Session Disconnect and Logoff", "description": "Use these requests to disconnect or logoff the user’s currently connected sessions at the server" }, { "name": "Session Control", "description": "Manage the listing, disconnecting and logging off the user's sessions. Added in the CR 2311 release." }, { "name": "Machine Control", "description": "List machines associated with the user's resources. Trigger and monitor power operations for these machines, such as ShutDown, PowerOff and Suspend." } ], "paths": { "/Machines/List": { "post": { "tags": [ "Machine Control" ], "summary": "Lists machines associated with the given resources.", "security": [], "operationId": "Machine Control List", "description": "* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n*A maximum of 200 resource Ids can be provided per request.", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "requestBody": { "description": "JSON object specifying the list of resource ids to return machines for.", "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/machineControlListStatusParams" }, "example": "{ \"resourceIds\" : [ \"Controller.Resource1\", \"Controller.Resource2\" ] }" } } }, "responses": { "200": { "description": "Returns the result of the operation.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/machineControlListStatusResult" }, "example": "{\r\n \"machines\": [\r\n {\r\n \"machineData\": {\r\n \"lastUpdatedTime\": \"2025-09-26T08:12:05.1485812Z\",\r\n \"machineId\": \"Controller.S-1-5-21-1788343907-83030196-1888898617-11259\",\r\n \"machineName\": \"Desktop 1 $P1\",\r\n \"powerActionInProgress\": false,\r\n \"powerState\": \"On\",\r\n \"registrationState\": \"Registered\",\r\n \"sessionSupport\": \"SingleSession\",\r\n \"shutDownSupported\": true,\r\n \"suspendSupported\": true,\r\n \"turnOffSupported\": true\r\n },\r\n \"maxLastUpdatedTime\": \"2025-09-26T08:10:05.1329592Z\",\r\n \"resourceId\": \"Controller.Desktop 1\"\r\n }\r\n ]\r\n}" } } } } } }, "/Machines/PowerOff": { "post": { "tags": [ "Machine Control" ], "summary": "Powers off machines returned from the /Machines/List or /Sessions/List APIs.", "security": [], "operationId": "Machine Control Power Off", "description": "* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* This operation can be slow to complete. If a continuationId is returned in the response use that value in the continuationToken variant of the request to poll the status of the operation. ", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "requestBody": { "description": "JSON object specifying the machine id to power off or a continuation token for a slow operation that needs to be polled.", "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/machineControlOperation" }, "examples": { "byMachineId": { "summary": "Request using a machineId from the /Session/List API", "value": "{ \"machineId\" : \"Controller.S-1-5-21-3729792978-2641905665-2579007459-1105\"}" }, "byContinuationToken": { "summary": "Request using a continuationToken from a prior call to /MachineControl/PowerOff", "value": "{ \"continuationToken\" : \"c4068ad9-e9f2-48c3-9c1e-d6ae87006e7e.3621\"}" } } } } }, "responses": { "200": { "description": "Returns the result of the operation.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/machineControlOperationResult" }, "examples": { "powerOffCompletion": { "summary": "Power off success response", "value": "{ \"isSuccess\" : true, \"actionStatus\" : \"Completed\", \"continuationId\" : null, \"retryDelayHint\" : null, \"status\" : null }" }, "powerOffFailed": { "summary": "Power off failed response.", "value": "{ \"isSuccess\" : false, \"actionStatus\" : \"Failed|Canceled|Deleted|Lost\", \"continuationId\" : null, \"retryDelayHint\" : null, \"status\" : null }" }, "powerOffInProgress": { "summary": "Power off in progress. Delay and then retry the request with the continuationId provided.", "value": "{ \"isSuccess\" : null, \"actionStatus\" : \"Pending|Started\", \"continuationId\" : \"c4068ad9-e9f2-48c3-9c1e-d6ae87006e7e.3621\", \"retryDelayHint\" : null, \"status\" : null }" } } } } } } } }, "/Machines/ShutDown": { "post": { "tags": [ "Machine Control" ], "summary": "Shuts down machines returned from the /Machines/List or /Sessions/List APIs.", "security": [], "operationId": "Machine Control Shut Down", "description": "* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* This operation can be slow to complete. If a continuationId is returned in the response use that value in the continuationToken variant of the request to poll the status of the operation. ", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "requestBody": { "description": "JSON object specifying the machine id to shutdown or a continuation token for a slow operation that needs to be polled. Note the returned retryDelayHint and status properties are obsolete and should not be used.", "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/machineControlOperation" }, "examples": { "byMachineId": { "summary": "Request using a machineId from the /Session/List API", "value": "{ \"machineId\" : \"Controller.S-1-5-21-3729792978-2641905665-2579007459-1105\"}" }, "byContinuationToken": { "summary": "Request using a continuationToken from a prior call to /MachineControl/ShutDown", "value": "{ \"continuationToken\" : \"c4068ad9-e9f2-48c3-9c1e-d6ae87006e7e.3621\"}" } } } } }, "responses": { "200": { "description": "Returns the result of the operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/machineControlOperationResult" }, "examples": { "shutDownCompletion": { "summary": "Shut down success response", "value": "{ \"isSuccess\" : true, \"actionStatus\" : \"Completed\", \"continuationId\" : null, \"retryDelayHint\" : null, \"status\" : null }" }, "shutDownFailed": { "summary": "Shut down failed response.", "value": "{ \"isSuccess\" : false, \"actionStatus\" : \"Failed|Canceled|Deleted|Lost\", \"continuationId\" : null, \"retryDelayHint\" : null, \"status\" : null }" }, "shutDownInProgress": { "summary": "Shut down in progress. Delay and then retry the request with the continuationId provided.", "value": "{ \"isSuccess\" : null, \"actionStatus\" : \"Pending|Started\", \"continuationId\" : \"c4068ad9-e9f2-48c3-9c1e-d6ae87006e7e.3621\", \"retryDelayHint\" : null, \"status\" : null }" } } } } } } } }, "/Machines/Suspend": { "post": { "tags": [ "Machine Control" ], "summary": "Suspends machines returned from the /Machines/List or /Sessions/List APIs.", "security": [], "operationId": "Machine Control Suspend", "description": "* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* This operation can be slow to complete. If a continuationId is returned in the response use that value in the continuationToken variant of the request to poll the status of the operation. ", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "requestBody": { "description": "JSON object specifying the machine id to suspend or a continuation token for a slow operation that needs to be polled. Note the returned retryDelayHint and status properties are obsolete and should not be used.", "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/machineControlOperation" }, "examples": { "byMachineId": { "summary": "Request using a machineId from the /Session/List API", "value": "{ \"machineId\" : \"Controller.S-1-5-21-3729792978-2641905665-2579007459-1105\"}" }, "byContinuationToken": { "summary": "Request using a continuationToken from a prior call to /MachineControl/Suspend", "value": "{ \"continuationToken\" : \"c4068ad9-e9f2-48c3-9c1e-d6ae87006e7e.3621\"}" } } } } }, "responses": { "200": { "description": "Returns the result of the operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/machineControlOperationResult" }, "examples": { "suspendCompletion": { "summary": "Suspend success response", "value": "{ \"isSuccess\" : true, \"actionStatus\" : \"Completed\", \"continuationId\" : null, \"retryDelayHint\" : null, \"status\" : null }" }, "suspendFailed": { "summary": "Suspend failed response.", "value": "{ \"isSuccess\" : false, \"actionStatus\" : \"Failed|Canceled|Deleted|Lost\", \"continuationId\" : null, \"retryDelayHint\" : null, \"status\" : null }" }, "suspendInProgress": { "summary": "Suspend in progress. Delay and then retry the request with the continuationId provided.", "value": "{ \"isSuccess\" : null, \"actionStatus\" : \"Pending|Started\", \"continuationId\" : \"c4068ad9-e9f2-48c3-9c1e-d6ae87006e7e.3621\", \"retryDelayHint\" : null, \"status\" : null }" } } } } } } } }, "/Sessions/List": { "get": { "tags": [ "Session Control" ], "summary": "List the users sessions", "description": "This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId. \\\nUse this request to list the user's sessions' metadata. The metadata contains info about the session including it's connection state, the applications in it and the machine hosting the session.\n\nThe session and machine identifiers returned are to be used with the APIs:\n* /Sessions/LogOffSessions\n* /Sessions/DisconnectSessions\n* /MachineControl/PowerOff\n* /MachineControl/ShutDown\n* /MachineControl/Suspend", "security": [], "operationId": "Session Control List Sessions", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" }, { "$ref": "#/components/parameters/CtxsDeviceId" } ], "responses": { "200": { "description": "Returns a JSON payload with all of the user's sessions' metadata.", "content": { "application/json": { "schema": { "type": "object" }, "example": "{\n \"deviceId\": \"WR_MO-969cDcqgF\",\n \"sessions\": [\n {\n \"applications\": [\n {\n \"iconUrl\": \"Resources\\/Icon\\/Ly9yZXNvdXJjZXMvdjIvVEd4NllVTmlkMU5XYlhJd2FWQjNOakpyVHpCeE9GZGhPRW80UFEtLS9pbWFnZQ--?size=128&resourceId=Q29udHJvbGxlci5DYWxjdWxhdG9y\",\n \"id\": \"Controller.Calculator\",\n \"name\": \"Calculator\"\n },\n {\n \"iconUrl\": \"Resources\\/Icon\\/Ly9yZXNvdXJjZXMvdjIvSzFsbVNtcHFMMFUzWkRkWVIwOXhaMEZXWW5aMWVtZGFSWEEwUFEtLS9pbWFnZQ--?size=128&resourceId=Q29udHJvbGxlci5Xb3JkUGFk\",\n \"id\": \"Controller.WordPad\",\n \"name\": \"WordPad\"\n }\n ],\n \"clientName\": \"WR_MO-969cDcqgF\",\n \"clientType\": \"ica30\",\n \"connectionState\": \"connected\",\n \"deviceId\": \"WR_MO-969cDcqgF\",\n \"deviceType\": \"Windows\",\n \"machineData\": {\n \"machineId\": \"Controller.S-1-5-21-3729792978-2641905665-2579007459-1105\",\n \"machineName\": \"STOREFRONT-DEV\\\\CVAD-01\",\n \"powerState\": \"Unmanaged\",\n \"registrationState\": \"Registered\",\n \"sessionSupport\": \"MultiSession\",\n \"shutDownSupported\": false,\n \"turnOffSupported\": false\n },\n \"sessionId\": \"Q29udHJvbGxlci5TLTEtNS0yMS0zNzI5NzkyOTc4LTI2NDE5MDU2NjUtMjU3OTAwNzQ1OS0xMTA1LjVjNWI5MzM1LTJmZmMtNGJlYS1hODYzLTBhOTFhNDdiYzQyMw--\",\n \"sessionStartTime\": \"2023-11-21T15:50:10.43Z\",\n \"userSessionType\": \"Application\"\n }\n ]\n}" } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Sessions/LogOffSessions": { "post": { "tags": [ "Session Control" ], "summary": "Logs off the specified sessions listed by the /Sessions/List API", "description": "This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId. ", "security": [], "operationId": "Session Control Logoff Sessions", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" }, { "$ref": "#/components/parameters/CtxsDeviceId" } ], "requestBody": { "description": "Array of JSON format SessionIds from the /Sessions/List API", "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/sessionControlOperation" }, "example": "{ \"SessionIds\": [\"Q29udHJvbGxlci5TLTEtNS0yMS0zNzI5NzkyOTc4LTI2NDE5MDU2NjUtMjU3OTAwNzQ1OS0xMTA1LjVjNWI5MzM1LTJmZmMtNGJlYS1hODYzLTBhOTFhNDdiYzQyMw--\"]\n}" } } }, "responses": { "200": { "description": "The result of the log off for each session requested", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/sessionControlOperationResult" }, "example": "{\n \"results\" : [\n {\"failureReason\":null,\n \"isSuccess\":true,\n \"sessionId\" :\"Q29udHJvbGxlci5TLTEtNS0yMS0zNzI5NzkyOTc4LTI2NDE5MDU2NjUtMjU3OTAwNzQ1OS0xMTA1LjVjNWI5MzM1LTJmZmMtNGJlYS1hODYzLTBhOTFhNDdiYzQyMw--\"}\n ]\n}" } } }, "400": { "$ref": "#/components/responses/badSessionRequest" }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Sessions/DisconnectSessions": { "post": { "tags": [ "Session Control" ], "summary": "Disconnects ths specified sessions listed by the /Sessions/List API", "description": "This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId. ", "security": [], "operationId": "Session Control Disconnect Sessions", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" }, { "$ref": "#/components/parameters/CtxsDeviceId" } ], "requestBody": { "description": "Array of JSON format SessionIds from the /Sessions/List API", "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/sessionControlOperation" }, "example": "{ \"SessionIds\": [\"Q29udHJvbGxlci5TLTEtNS0yMS0zNzI5NzkyOTc4LTI2NDE5MDU2NjUtMjU3OTAwNzQ1OS0xMTA1LjVjNWI5MzM1LTJmZmMtNGJlYS1hODYzLTBhOTFhNDdiYzQyMw--\"]\n}" } } }, "responses": { "200": { "description": "The result of the log off for each session requested", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/sessionControlOperationResult" }, "example": "{\n \"results\" : [\n {\"failureReason\":null,\n \"isSuccess\":true,\n \"sessionId\" :\"Q29udHJvbGxlci5TLTEtNS0yMS0zNzI5NzkyOTc4LTI2NDE5MDU2NjUtMjU3OTAwNzQ1OS0xMTA1LjVjNWI5MzM1LTJmZmMtNGJlYS1hODYzLTBhOTFhNDdiYzQyMw--\"}\n ]\n}" } } }, "400": { "$ref": "#/components/responses/badSessionRequest" }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Home/Configuration": { "post": { "tags": [ "Client Configuration" ], "summary": "Requests the client configuration, which is returned as an XML document", "description": "Use this request to obtain the client configuration settings for the site. These settings define the behavior of the client and provide Web Proxy URLs for other services such as authentication and resource enumeration. This request can be performed before authentication has taken place and before a web session has been established.", "security": [], "operationId": "Get Configuration", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/clientSettings" }, "example": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Home/KeepAlive": { "head": { "tags": [ "Session Keep Alive" ], "summary": "Extend the duration of a session", "description": "Simply contacting the server keeps the server-side session alive and resets the ASP.NET session idle timer. For example, if the session timeout is 20 minutes and this call is made after 15 minutes of idle time, the user is allowed a further 20 minutes before the session times out.", "operationId": "Keep Alive", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success. Returns an empty response." }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Authentication/GetAuthMethods": { "post": { "tags": [ "Authentication Methods" ], "summary": "Returns a list of available authentication methods in XML format.", "description": "Notes:\n* The client must first make a POST request to /Resources/List. Since the user is not yet authenticated, this returns a challenge in the form of a CitrixWebReceiver-Authenticate header with the GetAuthMethods URL in the location field, for example:\n* CitrixWebReceiver-Authenticate: reason=\"TokenRequired\", location=\"Authentication/GetAuthMethods\"\n* The client must not skip this request by hard-coding any of the authentication URLs, as they may change from release to release.\n* The available authentication methods are specified in the Receiver for Web configuration file. The list of methods returned is the intersection of those configured for the Receiver for Web site and those configured for the StoreFront Authentication service.\n* When Gateway authentication is available, use this in preference to (and to the exclusion of) all other authentication methods. This is because Gateway authentication is only available when the user is connecting to Receiver for Web externally through a NetScaler Gateway, while the other authentication methods are intended only for intranet use.", "operationId": "Get Authentication Methods", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or failure", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/authMethods" }, "example": " " } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/DomainPassthroughAuth/Login": { "post": { "tags": [ "Domain Pass-Through and Smart Card Authentication" ], "description": "Authenticates the user using the credentials with which he or she logged on to the computer.\n\n* Domain pass-through authentication requires the client browser to be running on Microsoft Windows. The caller should check the client platform OS prior to initiating pass-through authentication.\n* The pass-through URL is configured in IIS to be protected by Integrated Windows Authentication (IWA). The actual authentication takes place between the browser and IIS, transparently to the client.\n* Pass-through authentication requires that the option ‘Trust requests to the XML Service’ is enabled on the back-end XenDesktop/XenApp server.\n* When pass-through authentication is used to authenticate to Receiver for Web, the user’s password is not available to StoreFront. For launches to work without the user being prompted for credentials, configure Citrix Receiver as described in http://support.citrix.com/article/CTX133855.\n* If authentication fails, check the StoreFront event logs which may reveal further information to assist with diagnosing the failure.", "operationId": "Domain Pass Through Login", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or failure", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" }, "examples": { "successfulExample": { "summary": "Successful pass-through authentication", "value": "\n\n success\n Certificate\n" }, "failureExample": { "summary": "Failed pass-through authentication", "description": "In this example, the computer is off-domain, and the user cancels the browser prompt for domain credentials.", "value": "\n\n \n \n 401 - Unauthorized: Access is denied due to invalid credentials.\n \n \n \n

Server Error

\n
\n
\n
\n

401 - Unauthorized: Access is denied due to invalid credentials.

\n

You do not have permission to view this directory or page using the credentials that you supplied.

\n
\n
\n
\n \n " } } } } }, "401": { "description": "Unauthorized. Returned in the following situations: a) The user attempts pass-through authentication from a computer not joined to the StoreFront domain, and cancels the browser dialog prompting for domain credentials. b) The user attempts smart card authentication and cancels one of the browser prompts to insert a card, select a certificate or enter a PIN." }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/SmartcardAuth/Login": { "post": { "tags": [ "Domain Pass-Through and Smart Card Authentication" ], "description": "Authenticates the user using a smart card connected to the user’s client computer.\n\nNotes:\n* The smart card URL is configured in IIS to be accessible only via HTTPS and to require a client certificate to be supplied by the browser.\n* Smart card authentication requires that the option ‘Trust requests to the XML Service’ is enabled on the back-end XenDesktop/XenApp server.\n* Smart card authentication requires two PIN prompts, one to authenticate to the web site and another to authenticate to the remote session.\n* If authentication fails, check the StoreFront event logs which may reveal further information to assist with diagnosing the failure. ", "operationId": "Smart Card Login", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or failure", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" }, "examples": { "successfulExample": { "summary": "Successful smart card authentication", "value": "\n\n success\n Certificate\n" } } } } }, "401": { "description": "Unauthorized. Returned in the following situations:\n\na) The user attempts pass-through authentication from a computer not joined to the StoreFront domain, and cancels the browser dialog prompting for domain credentials.\n\nb) The user attempts smart card authentication and cancels one of the browser prompts to insert a card, select a certificate or enter a PIN.\"" }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/ExplicitAuth/Login": { "post": { "tags": [ "Explicit Forms Authentication" ], "summary": "Requests the first form in an explicit forms conversation", "description": "Initiates a forms conversation by getting the first form in a possible series of forms. Used by explicit authentication and SAML authentication.", "operationId": "Explicit Forms Login", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" }, { "in": "query", "schema": { "type": "string" }, "name": "formsProtocol", "description": "For username and password forms authentication leave blank. For SAML, use value Forms-Saml. To use a custom authentication method, enter the protocol name." } ], "responses": { "200": { "description": "Success or failure or an XML form. Refer to the Common Forms Authentication documentation for information about the various form elements.", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" } }, "application/vnd.citrix.authenticateresponse-1+xml": { "schema": { "$ref": "#/components/schemas/AuthenticateResponse" }, "examples": { "UsernameAndPasswordFormReturned": { "summary": "Username and password login form returned", "description": "The AuthenticateResponse is an XML description of a form to be displayed to the user to collect additional information required for the authentication operation. In this example it prompts for a username and password.", "value": "\n\n success\n more-info\n \n \n ExplicitAuth/LoginAttempt\n ExplicitAuth/CancelForm\n Cancel\n \n \n \n username\n ExplicitForms-Username\n username\n \n \n \n domain\\user or user@domain.com\n \n false\n false\n \n \n .+\n \n \n \n \n \n password\n ExplicitForms-Password\n password\n \n \n \n \n true\n false\n \n \n .+\n \n \n \n \n \n saveCredentials\n savecredentials\n \n \n \n \n false\n \n \n \n \n \n loginBtn\n none\n \n \n \n \n \n \n \n \n" }, "SamlLoginFormReturned": { "summary": "SAML login form returned", "description": "When using SAML authentication, the form contains a webview used to render an external log in form.", "value": "\n\n success\n more-info\n \n \n ExplicitAuth/SendForm\n ExplicitAuth/CancelForm\n Cancel\n \n \n \n samlResponseId\n webview\n \n https://webserver/Citrix/StoreAuth/SamlForms/WebView\n \n \n \n \n \n \n \n" } } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/ExplicitAuth/LoginAttempt": { "post": { "tags": [ "Explicit Forms Authentication" ], "summary": "Attempts an explicit logon", "operationId": "Attempt Explicit Forms Login", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or failure or an XML form", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" }, "examples": { "explicitAuthCorrect": { "summary": "Correct Credentials Submitted", "value": " \n success\n ExplicitForms\n" }, "explicitAuthElectiveChangePassword": { "summary": "Elective Change Password", "value": "\n\n success\n ExplicitForms\n true\n true\n 89\n" } } }, "application/vnd.citrix.authenticateresponse-1+xml": { "schema": { "$ref": "#/components/schemas/AuthenticateResponse" }, "examples": { "ExplicitAuthIncorrect": { "summary": "Incorrect Credentials Submitted", "description": "If the user mistypes their password this results in the Authentication service returning another login form XML document, this time highlighting the error with an additional Requirements node", "value": "\n\n success\n more-info \n \n ExplicitAuth/LoginAttempt\n ExplicitAuth/CancelForm\n Cancel\n \n \n \n username\n ExplicitForms-Username\n username\n \n \n \n domain\\user or user@domain.com\n \n false\n false\n acmecorp\\user1\n .+\n \n \n \n \n \n password\n ExplicitForms-Password\n password\n \n \n \n \n true\n false\n \n \n .+\n \n \n \n \n \n none\n \n \n \n \n \n \n saveCredentials\n savecredentials\n \n \n \n false\n \n \n \n \n loginBtn\n none\n \n \n \n \n \n \n \n \n" }, "explicitAuthPWExpired": { "summary": "Password Expired", "description": "If StoreFront is configured to allow users to change an expired password and a user attempts to log on when their password has expired, a change password XML form is returned when the user submits their credentials. This form includes a label to inform the user that their password must be changed, and text input fields (plus corresponding labels) for the user to enter the old password and to enter and confirm a new password. Note that the post-back URL is also updated to point back to the URL ExplicitAuth/SendForm", "value": "\n\n success\n update-credentials\n \n \n ExplicitAuth/SendForm\n ExplicitAuth/CancelForm\n Cancel\n \n \n \n none\n \n \n \n \n \n \n none\n \n \n \n \n \n \n username\n \n \n \n \n false\n true\n acmecorp\\user1\n .+\n \n \n \n \n \n oldPassword\n password\n \n \n \n \n true\n false\n \n \n .+\n \n \n \n \n \n newPassword\n ExplicitForms-Password\n newpassword\n \n \n \n \n true\n false\n \n \n .+\n \n \n \n \n \n confirmPassword\n newpassword\n \n \n \n \n true\n false\n \n \n .+\n \n \n \n \n \n changePasswordBtn\n none\n \n \n \n \n \n \n \n \n " } } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/ExplicitAuth/SendForm": { "post": { "tags": [ "Explicit Forms Authentication" ], "summary": "Proxies a form back to the StoreFront Authentication service.", "description": "In some cases posting a form will lead to a further form. E.g. submitting a password change form will take you to a conformation form.", "operationId": "Send Explicit Form", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or failure or an XML form", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" }, "examples": { "passwordChanged": { "summary": "Password changed sucessfully", "value": "\n success\n ExplicitForms\n" } } }, "application/vnd.citrix.authenticateresponse-1+xml": { "schema": { "$ref": "#/components/schemas/AuthenticateResponse" }, "examples": { "passwordConfirmationForm": { "summary": "Password Expired confirmation", "description": "When the user submits a change password form, a further form is returned by the Authentication service for the user to confirm that their password has been successfully changed. Note that the request specifies the button id changePasswordBtn specified in the form above; failing to specify the correct button id would result in the form being rejected. This confirmation form comprises simply a text label and OK button.", "value": "\n\n success\n more-info\n \n \n ExplicitAuth/SendForm\n \n \n \n \n \n none\n \n \n \n \n \n \n changePasswordConfirmBtn\n none\n \n \n \n \n \n \n \n \n" } } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/ExplicitAuth/GetChangeCredentialForm": { "post": { "tags": [ "Explicit Forms Authentication" ], "summary": "Requests a change credential form", "description": "Used when elective change password support is enabled in the StoreFront Authentication service.", "operationId": "Explicit Change Credential Form", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or failure or an XML form", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" } }, "application/vnd.citrix.authenticateresponse-1+xml": { "schema": { "$ref": "#/components/schemas/AuthenticateResponse" }, "examples": { "explicitAuthElectiveChangePassword": { "summary": "Elective Change Password", "description": "\n\nsuccess\n update-credentials\n \n\n ExplicitAuth/SendForm\n ExplicitAuth/CancelForm\n Cancel\n \n \n \n none\n \n \n \n \n \n \n none\n \n \n \n \n \n \n username\n \n \n \n \n false\n true\n acmecorp\\user1\n .+\n \n \n \n \n \n oldPassword\n password\n \n \n \n \n true\n false\n \n .+\n \n \n \n \n \n newPassword\n ExplicitForms-Password\n newpassword\n \n \n \n \n true\n false\n \n .+\n \n \n \n \n \n confirmPassword\n newpassword\n \n \n \n \n true\n false\n \n .+\n \n \n \n \n \n changePasswordBtn\n none\n \n \n \n \n \n \n \n \n" } } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/ExplicitAuth/CancelForm": { "post": { "tags": [ "Explicit Forms Authentication" ], "summary": "Cancels the current form", "operationId": "Explicit Cancel Form", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or failure or an XML form", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" }, "example": "\n\n success\n cancelled\n \n" } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/PostCredentialsAuth/Login": { "post": { "tags": [ "Post Credentials Authentication" ], "summary": "Authenticates the user using the credentials supplied in the POST body.", "description": "With post credentials authentication, the client supplies the user’s credentials directly via HTTP POST. This provides a simpler authentication mechanism than Explicit Forms, since the client does not need to parse XML forms and handle the forms conversation. However, this mehod is less flexible than Explicit Forms Authentication and does not support change password functionality, which uses the Common Forms protocol.", "operationId": "Post Credentials Login", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "requestBody": { "description": "The user's credentials", "required": true, "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "username": { "type": "string", "description": "The username, including a domain specification if required, in either SAM or UPN format. For example, domain\\fred or fred@some.domain" }, "password": { "type": "string", "description": "The password" } }, "required": [ "username", "password" ], "example": { "username": "acmecorp\\user1", "password": "mypassword" } } } } }, "responses": { "200": { "description": "Success or failure", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" }, "example": " \n success\n PostCredentials\n" } } }, "400": { "description": "The username or password was not supplied." }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/ExplicitAuth/Bounce": { "post": { "tags": [ "SAML Single Sign-On" ], "summary": "Initiates the processing of the SAML assertion received from the Identity Provider.", "description": "When authentication has been performed at the IDP this request will be made automatically by StoreFront. If the SAML assertion has been obtained manually the client will have to make this request.", "operationId": "Submit SAML Response", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object" } } } }, "responses": { "302": { "description": "Redirect to ResumeForms", "headers": { "Location": { "schema": { "type": "string" } } }, "content": { "text/html": { "examples": { "RedirectText": { "summary": "SAML Authentication - Redirection", "value": "\n Object moved\n \n

Object moved to here.

\n \n" } } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/ExplicitAuth/ResumeForms": { "post": { "tags": [ "SAML Single Sign-On" ], "summary": "Instructs StoreFront to process the SAML assertion received from the Identity Provider and conintues the authentication flow.", "description": "When authentication has been performed at the IDP this request will be made automatically by StoreFront. If the SAML assertion has been obtained manually the client will have to make this request.", "operationId": "Process SAML assertion", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object" } } } }, "responses": { "200": { "description": "Success or failure", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" }, "examples": { "ValidSAMLAssertion": { "summary": "Valid SAML assertion", "value": " \n success\n ExplicitForms\n" } } }, "application/vnd.citrix.authenticateresponse-1+xml": { "schema": { "$ref": "#/components/schemas/AuthenticateResponse" }, "examples": { "InvalidSAMLAssertion": { "summary": "Invalid SAML assertion - failure with the mapped account", "value": " \n success\n more-info\n \n \n ExplicitAuth/Login?formsProtocol=Forms-Saml\n ExplicitAuth/CancelForm\n \n \n \n none\n \n \n \n \n \n \n confirmBtn\n none\n \n \n \n \n \n \n \n \n" } } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/GatewayAuth/Login": { "post": { "tags": [ "NetScaler Gateway Single Sign-On" ], "summary": "Authenticates the user using NetScaler Gateway single sign-on.", "description": "* When a store is accessed through NetScaler Gateway, changing an expired password during login is dealt with by the Gateway.\n* Since StoreFront is not involved in the Generic Forms Authentication, it does not provide password expiry notification when a user’s password expires soon.\n* When elective change password is enabled and a user successfully changes their password, the client must log the user off because there is no way to sync up with NetScaler Gateway. The user then has to log on to the Gateway again.\n* When authentication fails, the StoreFront event logs may reveal further information to assist with diagnosing the failure.", "operationId": "Gateway Login", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or failure", "content": { "application/xml": { "schema": { "$ref": "#/components/schemas/AuthenticationStatus" }, "example": "\n\n success\n CitrixAGBasic\n true\n" } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Authentication/GetUserName": { "post": { "tags": [ "User Information" ], "summary": "Returns the user name", "description": "If the full user name is not available, the user’s login name is returned instead.\n\n* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId. When using an unauthenticated Store, no user has actually logged on and an HTTP 403 response is returned.\n* StoreFront uses the StoreFront Token Validation service to obtain the user name from the authentication token.\n* If the full user name is unavailable, the user's logon name is returned instead.", "operationId": "Get User Name", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or authentication challenge", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "text": { "schema": { "type": "string" }, "example": "Joe Blogs" }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Authentication/GetUserDetails": { "post": { "tags": [ "User Information" ], "summary": "Returns the full user name, user's login name and the objectGuid of the user in AD if available.", "description": "If the full user name is not available, the user’s login name is returned instead.\n\n* The objectGuid will be provided if the underlying authentiation method supports it.\n\n* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId. When using an unauthenticated Store, no user has actually logged on and an HTTP 403 response is returned.\n* StoreFront uses the StoreFront Token Validation service to obtain the user name from the authentication token.\n* If the full user name is unavailable, the user's logon name is returned instead.", "operationId": "Get User Details", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or authentication challenge", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/resources" }, "example": { "authAlias": "domain\\user", "userDisplayName": "Dave Smith", "userId": "aaaaa-bbbbb-cccc-ddddd-eeeeeeeee" } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Authentication/Logoff": { "post": { "tags": [ "Log Off" ], "summary": "log off a user's web session.", "description": "* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* The StoreFront Authentication service is called to destroy the user’s primary token.\n* The Web session is terminated and the following cookies are cleared: ASP.NET_SessionId, CtxsAuthId, CsrfToken. Response", "operationId": "Log Off", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success" }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Resources/List": { "post": { "tags": [ "Resource Enumeration" ], "summary": "get a list of all the resources available for a user", "description": "* Typically, this request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId. However, when StoreFront is configured to use an unauthenticated Store, an authenticated session is not required.\n* StoreFront always performs a fresh enumeration for the user to pick up any changes that may have occurred.\n* If possible include a CtxsDeviceId containing the computer name or other unique identifier for the device. If you do not include the CtxsDeviceId then StoreFront generates a unique value and returns it as a cookie which should be included in subsequent requests.", "operationId": "List Resources", "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "resourceDetails": { "type": "string", "enum": [ "Default", "Full" ], "description": "The resource details to include in the response, either `Default` or `Full`. If you do not specify the parameter, `Default` is assumed." } } } } } }, "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/CtxsDeviceId" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "Success or authentication challenge", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/resources" }, "examples": { "RequestAllResources": { "description": "Request all resources", "value": "{\n \"bundles\":[\n {\"title\":\"Admin Tools\",\n \"tileid\":\"appBundle2\",\n \"description\":\"Tools for Administrators.\",\n \"categories\":[\"Admin Tools\"]},\n \n {\"title\":\"Worx Tools\",\n \"tileid\":\"appBundle4\",\n \"description\":\"Office tools for Worx\",\n \"keywords\":[\"Worx\"]},\n \n {\"title\":\"Remoting Bundle\",\n \"tileid\":\"appBundle5\",\n \"description\":\"Work Remotely.\",\n \"appnames\":[\"Remote\",\"Receiver\",\"XPS\"]}],\n\"isSubscriptionEnabled\":true,\n\"isUnauthenticatedStore\":false,\n\"resources\":[\n {\"clienttypes\":[\"ica30\",\"rdp\"],\n \"description\":\"\",\n \"iconurl\":\"Resources\\/Icon\\/NUM2RDNDRDU1QzdBMUE0RjU0NjA4NjRBNTkwMzY0NzQyM EM2OTQ3QQ--\\/48\",\n \"id\":\"Q29udHJvbGxlci4hJCVeJl8rLQ--\",\n \"launchurl\":\"Resources\\/LaunchIca\\/Q29udHJvbGxlci4hJCVeJl8rLQ--\",\n \"name\":\"Microsoft Word\",\n \"path\":\"\\\\Office Apps\\\\\",\n \"shortcutvalidationurl\":\"Resources\\/ValidateAppShortcutLaunch\\/Q29udHJvbG xlci4hJCVeJl8rLQ--\",\n \"subscriptionstatus\":null,\n \"subscriptionurl\":\"Resources\\/Subscription\\/Q29udHJvbGxlci4hJCVeJl8rLQ--\"\n },\n {\n \"clienttypes\":[\"ica30\",\"rdp\"],\n \"description\":\"\",\n \"disabled\":true,\n \"iconurl\":\"Resources\\/Icon\\/NUM2RDNDRDU1QzdBMUE0RjU0NjA4NjRBNTkwMzY0NzQyMEM2OTQ3QQ--\\/48\",\n \"id\":\"Q29udHJvbGxlci4hJF4kJV4-\",\n \"launchurl\":\"Resources\\/LaunchIca\\/Q29udHJvbGxlci4hJF4kJV4-\",\n \"name\":\"!$^$%^\",\n \"path\":\"\\\\Yabba\\\\\",\n \"shortcutvalidationurl\":\"Resources\\/ValidateAppShortcutLaunch\\/Q29udHJvbG xlci4hJF4kJV4-\",\n \"subscriptionstatus\":null,\n \"subscriptionurl\":\"Resources\\/Subscription\\/Q29udHJvbGxlci4hJF4kJV4-\"\n },\n ...\n],\n\"subscriptionsEnabled\":true,\n}" }, "RequestAllResourcesFull": { "description": "Request all resources (full enumeration)", "value": "{\n \"categories\":[],\n \"bundles\":[\n {\"title\":\"Admin Tools\",\n \"tileid\":\"appBundle2\",\n \"description\":\"Tools for Administrators.\",\n \"categories\":[\"Admin Tools\"]},\n \n {\"title\":\"Worx Tools\",\n \"tileid\":\"appBundle4\",\n \"description\":\"Office tools for Worx\",\n \"keywords\":[\"Worx\"]},\n \n {\"title\":\"Remoting Bundle\",\n \"tileid\":\"appBundle5\",\n \"description\":\"Work Remotely.\",\n \"appnames\":[\"Remote\",\"Receiver\",\"XPS\"]}],\n \"isSubscriptionEnabled\":true,\n \"isUnauthenticatedStore\":false,\n \"resources\":[\n {\n \"type\": \"Citrix.MPS.Application\",\n \"subscriptionurl\": \"Resources\\/Subscription\\/X83heiDGddg1ldasf87asdfg--\",\n \"shortcutvalidationurl\": \"Resources\\/ValidateAppShortcutLaunch\\/X83heiDGddg1ldasf87asdfg--\",\n \"shortcuturl\": \"http:\\/\\/kontiki\\/Citrix\\/StoreWeb\\/#\\/launch\\/Notepad\",\n \"publishername\": \"foobar-ic6659\",\n \"path\": \"\\\\\",\n \"name\": \"Notepad\",\n \"launchurl\": \"Resources\\/LaunchIca\\/X83heiDGddg1ldasf87asdfg--\",\n \"launchstatusurl\": \"Resources\\/GetLaunchStatus\\/X83heiDGddg1ldasf87asdfg--\",\n \"images\": [\n {\n \"size\": 48,\n \"depth\": 4\n },\n {\n \"size\": 32,\n \"depth\": 4\n },\n {\n \"size\": 48,\n \"depth\": 8\n },\n {\n \"size\": 32,\n \"depth\": 8\n },\n {\n \"size\": 256,\n \"depth\": 32\n },\n {\n \"size\": 48,\n \"depth\": 32\n },\n {\n \"size\": 32,\n \"depth\": 32\n },\n ],\n \"id\": \"X83heiDGddg1ldasf87asdfg--\",\n \"iconurl\": \"Resources\\/Icon\\/NUM2RDNDRDU1QzdBMUE0RjU0NjA4NjRBNTkwMzY0NzQyMEM2OTQ3QQ-?size=48\",\n \"description\": \"Take note!\",\n \"clienttypes\": [\n \"ica30\",\n \"rdp\"\n ]\n },\n ...\n ],\n \"subscriptionsEnabled\":true, }" } } }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Resources/GetLaunchStatus/{id}": { "post": { "tags": [ "ICA Launch" ], "summary": "Request whether the specified resource is ready to launch.", "operationId": "Get Launch Status", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" }, { "name": "id", "description": "Unique identifier for a particular resource.", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "hideSessionForReconnect", "description": "A boolean value indicating whether the session should be hidden for reconnect (the default value is false). This is used to prevent the session being listed in the response of ListSessions.", "in": "query", "schema": { "type": "boolean" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "displayNameDesktopTitle": { "description": "The desktop display name, which is inserted in the generated ICA file as the value for the Title setting. This name is then displayed in the title bar of the Desktop Viewer.", "type": "string" } } } } } }, "description": "* Typically, this request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId. However, when StoreFront is configured to use an unauthenticated Store, an authenticated session is not required.\n* The URLs given above are for illustrative purposes, the actual URLs used by a client should be taken from the result of an earlier enumeration request to /Resources/List.\n* GetLaunchStatus makes a launch request to the Store Service to determine whether the specified resource is ready to launch. If this returns an ICA file, the ICA file is cached for up to 90 seconds. If a subsequent call is made to LaunchIca within this time, the cached ICA file is returned without making an additional launch request to the Store Service.\n* Calling GetResourceStatus may trigger a desktop VM to be started up", "responses": { "200": { "description": "Success/Retry required/failure, or authentication challenge. The response body contains a JSON string describing whether the supplied resource is ready to be launched", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/launchStatus" }, "examples": { "failedIcaLaunch": { "description": "Failed ICA launch", "value": { "status": "failure" } }, "IcaLaunchWithRetry": { "description": "ICA launch with retry", "value": { "status": "retry", "pollTimeout": 5 } } } }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" }, "404": { "description": "Resource identified by {id} was not known to StoreFront." } } } }, "/Resources/LaunchIca/{id}": { "get": { "tags": [ "ICA Launch" ], "summary": "Request an ICA file for launching the specified resource", "operationId": "Launch Resource", "parameters": [ { "name": "id", "description": "Unique identifier for a particular resource.", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "displayNameDesktopTitle", "description": "The desktop display name, which is inserted in the generated ICA file as the value for the Title setting. This name is then displayed in the title bar of the Desktop Viewer.", "in": "query", "required": true, "schema": { "type": "string" } }, { "name": "launchId", "description": "a random value to prevent browsers from returning a cached response when making multiple launch requests for the same resource", "in": "query", "required": true, "schema": { "type": "string" } }, { "name": "hideSessionForReconnect", "description": "A boolean value indicating whether the session should be hidden for reconnect (the default value is false). This is used to prevent the session being listed in the response of ListSessions.", "in": "query", "schema": { "type": "boolean" } }, { "$ref": "#/components/parameters/CsrfTokenQuery" }, { "$ref": "#/components/parameters/CtxsDeviceId" }, { "$ref": "#/components/parameters/isUsingHttpsQuery" } ], "description": "* Typically, this request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId. However, when StoreFront is configured to use an unauthenticated Store, an authenticated session is not required.\n* The URLs given above are for illustrative purposes, the actual URLs used by a client should be taken from the result of an earlier enumeration request to /Resources/List.\n* LaunchIca is a GET instead of a POST so that it can be loaded by a browser in a hidden iframe (via the iframe’s src=”url” attribute) to trigger a launch via file-type association.", "responses": { "200": { "description": "Success/Retry required/failure, or authentication challenge. When a successful response for LaunchIca is returned, the response body can be either a JSON string as described for GetLaunchStatus or, if the resource is ready to launch, an ICA file. Clients typically load the LaunchIca URL into an iframe to obtain an ICA file and trigger a launch via file type association. If LaunchIca returns a JSON response instead of an ICA file, the content type is set to \"text/plain\" because Internet Explorer does not render an \"application/json\" response into the iframe document and instead prompts the user to Open or Save it. If the client is using jQuery, the JSON text response can be deserialized to a JavaScript object by calling $.parseJSON(responseData).", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/launchStatus" } }, "application/x-ica": { "schema": { "type": "string" }, "example": "[Encoding]\nInputEncoding=UTF8\n\n[WFClient]\nProxyFavorIEConnectionSetting=Yes\nProxyTimeout=30000 ProxyType=Auto\nProxyUseFQDN=Off\nRemoveICAFile=yes\nTransportReconnectEnabled=On\n\n" }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" }, "404": { "description": "Resource identified by {id} was not known." } } } }, "/Resources/Icon/{thumbprint}": { "get": { "summary": "Returns the specified icon image", "description": "Use this request to retrieve icon image data relating to one or more resources. This uses the concept of a 'thumbprint' to allow sharing of image data for resources with equivalent images. The 'thumbprint' is designed to be the same for images with the same content.", "tags": [ "Icons" ], "operationId": "Get Resource Icon", "parameters": [ { "name": "thumbprint", "description": "The thumbprint for the icon image. This value is included in the iconurl returned from an earlier enumeration request.", "in": "path", "required": true, "schema": { "type": "string" }, "example": "RjczNDEyMzc3ODlENzE5REZDRUQ4MDczQ0QxMDBGRjI4MDY5MDg2RQ--" }, { "name": "size", "description": "The pixel size of the icon image to return. Only the values 16, 24, 32, 48, 64, 96, 128, 256 and 512 are supported. This value is included in the iconurl returned from an earlier enumeration request, based on the image size configured in the Receiver for Web site configuration file (defaults to 48).", "in": "query", "required": false, "example": 48, "schema": { "type": "integer" } }, { "name": "If-Modified-Since", "description": "If specified makes the request conditional; the server sends back the requested resource, with a 200 status, only if it has been last modified after the given date.", "in": "header", "example": "Wed, 21 Oct 2015 07:28:00 GMT", "schema": { "type": "string" } }, { "$ref": "#/components/parameters/CsrfTokenQuery" }, { "$ref": "#/components/parameters/isUsingHttpsQuery" } ], "responses": { "200": { "description": "Success", "content": { "image/png": { "schema": { "type": "string", "format": "binary" } } } }, "304": { "description": "The request is a ‘conditional GET’, indicated by the presence of an If-Modified-Since header. If the image has been changed at the backend, this is only discovered at the next enumeration." }, "400": { "description": "The specified size does not match one of the supported icon sizes." }, "404": { "description": "Returned for the following cases: a) Unknown/missing thumbprint. b) The requested size does not match the size configured for the Receiver for Web site." } } } }, "/Resources/PowerOff/{id}": { "post": { "tags": [ "Machine Power Off" ], "summary": "Attempts to power off the specified resource", "description": "Use this request to trigger a power off operation for the specified resource. Only certain resources support this action, and typically only for a limited set of users. If the power off operation does not occur within the time-limit defined on the CVAD server, an error response may be returned even if the power off is successful.\n\n* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* •\tThe URL given above is for illustrative purposes, the actual URL used in a request should be taken from the result of an earlier enumeration request to /Resources/List.", "operationId": "Power Off Resource", "parameters": [ { "name": "id", "description": "Unique identifier for a particular resource", "in": "path", "example": "Q29udHJvbGxlci5NaWtlQiBEZXNrdG9wIEdyb3VwICRTMS0x", "required": true, "schema": { "type": "string" } }, { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "responses": { "200": { "description": "PowerOff request sent to machine leading to success/failure of power off operation, or authentication challenge.", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "type": "object", "properties": { "status": { "description": "\"success\" if the power off operation was reported to have completed successfully, otherwise \"failure\"", "type": "string" }, "errorId": { "description": "A string providing a reason for a power off failure\n\n|Error Id|Description|\n|---|---|\n|in-maintenancemode|The requested operation couldn't be performed because the machine is in maintenance mode|\n|no-machine|No assigned machines were found for the user in the specified machine group.|\n|not-supported|The requested operation is not supported on the requested machine group type.|\n|operation-inprogress|The server is busy with a control operation on the specified machine and cannot handle another request at this time. |\n|timed-out|The server timed out waiting for the request to complete. Note: The power off operation may have succeeded, but not within the timeout period defined on the XenDesktop server. |\n|not-trusted|The client is not trusted to perform the requested operation. This does not imply whether the credentials supplied are/are not valid. |\n|unspecified|Error condition not covered by the other values. |" } } }, "example": { "status": "success" } }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" }, "404": { "description": "Resource identified by {id} was not found or the power-off action did not exist or was not enabled for that resource for the current user." } } } }, "/Resources/Subscription/{id}": { "post": { "tags": [ "Resource Subscription" ], "summary": "Modify Subscriptions (also known as favourites). Action depends upon the operation attribute value", "description": "Subscribed resources are displayed on the Receiver for Web “Home” screen, visible when the user logs on. These represent a list of “favorites” for quick access. Receiver for Web requires that application resources are subscribed before they can be launched, although no such restriction exists in the protocol. Desktop resources are treated as a special case and are always displayed by Receiver for Web (on a separate UI tab), regardless of subscription state.'\n\nNotes:\n\n* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* The URL above is for illustrative purposes only; the actual URLs used in a request should be taken from the result of an earlier enumeration request to /Resources/List.\n* When StoreFront is configured to use an unauthenticated Store, subscription operations are unavailable and these URLs are omitted from the resource enumeration response. They are also omitted for resources that are configured at XenApp or XenDesktop to be mandatory resources, which are always displayed to all users.\n* Subscription information is persisted in the Store Service’s subscription store and is returned during enumeration, allowing subscriptions to remain intact across a Receiver for Web session and also to be visible to other Receivers.", "operationId": "Modify Subscriptions", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" }, { "name": "id", "description": "Unique identifier for a particular resource.", "in": "path", "schema": { "type": "string" }, "required": true } ], "requestBody": { "description": "In addition to operation and updateMode, takes other key=value pairs to represent subscription properties", "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "operation": { "description": "The subscription operation to perform, either subscribe, unsubscribe, or update.", "type": "string" }, "updateMode": { "description": "Whether any supplied subscription properties should be merged with existing properties or whether the batch of supplied properties should enmasse replace any existing properties, either **merge** or **replace**.", "type": "string" } } }, "examples": { "subscription": { "summary": "Subscribe", "value": "operation=subscribe&position=B" }, "unsubscribe": { "summary": "Unsubscribe", "value": "operation=unsubscribe" }, "update": { "summary": "Update Subscription properties", "value": "operation=update&updateMode=replace&foo=fooValue&bar=barValue&bar=barValue2" } } } } }, "responses": { "200": { "description": "Resource subscribed or unsubscribed successfully, or authentication challenge.", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "type": "object", "properties": { "status": { "description": "The new subscription status for the resource, one of the following values: \"subscribed\", \"unsubscribed\", \"pending\", \"approved\", \"denied\", \"pendingunsubscribe\", \"subscribedpendingunsubscribe\", \"failure\". The first two values are returned for successful operations, when subscriptions are not associated with workflow. The \"failure\" value indicates the subscription request was not successfully proxied to the Store service. The other values relate to workflow scenarios.", "type": "string" } } }, "examples": { "successfulSubscription": { "summary": "Successful Subscription", "value": { "status": "subscribed" } }, "unsuccessfulUnsubscription": { "summary": "Unsuccessful Subscription or Unsubscription", "value": { "status": "failure" } } } }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "400": { "description": "An unsupported value was supplied for operation or updateMode." }, "403": { "$ref": "#/components/responses/forbidden" }, "404": { "description": "Resource identified by {id} was not found." }, "503": { "description": "\"Subscription operations are unavailable for the specified resource, due to one of the following reasons:\n\na) No subscription URL was returned for the requested resource when the previous enumeration request was made, indicating that the StoreFront subscription service was unavailable when that enumeration was performed.\nb) The Store Service subscription database is not currently available.\"" } } } }, "/Sessions/ListAvailable": { "post": { "tags": [ "Session Enumeration" ], "summary": "Get a list of all available sessions for the user", "description": "Use this request to enumerate the authenticated user’s ICA sessions that are not connected to by the current client. Once enumerated, these sessions can be reconnected by using the session launch API.\n\nNote:\n\n* This request requires an authenticated session, indicated by the cookies\nASP.NET_SessionId and CtxsAuthId. When StoreFront is configured to use an unauthenticated Store, an empty session list is returned.\n* Sessions initiated by the current client, as indicated by the DeviceId, are not included in the returned list of sessions.\n* The expected usage pattern is for clients to enumerate all available sessions (possibly for a particular type of resource) and then launch each one in succession. This is how the Receiver for Web “auto reconnect at logon” functionality is implemented.", "operationId": "List Available Sessions", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/CtxsDeviceId" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "resourceTypes": { "description": "The types of resource to include in the response, one of the following values:\n\nCitrix.MPS.Application - to request application sessions.\n\nCitrix.MPS.Desktop - to request desktop sessions.", "type": "string" }, "excludeActive": { "description": "Either true or false. When true, excludes sessions which are active on another client. This will enumerate disconnected sessions only. This parameter is optional (the default value is false)." } } }, "example": "resourceTypes=Citrix.MPS.Application&excludeActive=false" } } }, "responses": { "200": { "description": "List of available sessions (possibly an empty list), or authentication challenge.", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "type": "array", "items": { "type": "object", "properties": { "launchurl": { "description": "The URL to make a launch request (see ICA Launch).", "type": "string" }, "launchstatusurl": { "description": "The URL to determine whether a resource is ready to launch (see ICA Launch).", "type": "string" }, "initialapp": { "description": "The name of a previously launched app that that caused the session to initially be created.", "type": "string" }, "publishername": { "description": "The name of the publisher (the farm name for XA).", "type": "string" } } } }, "example": "[\n {\n \"initialapp\":\"Notepad\",\n \"launchstatusurl\":\"Sessions\\/GetLaunchStatus\\/Q29udHJvbGxlci4xODM5MC4y\",\n \"launchurl\":\"Sessions\\/LaunchIca\\/Q29udHJvbGxlci4xODM5MC4y\",\n \"publishername\":\"foobar-ic6659\"\n }\n]" }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Sessions/GetLaunchStatus/{id}": { "post": { "summary": "Request whether the specified session is ready to launch", "tags": [ "Session Launch" ], "description": "* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* The endpoint is for illustrative purposes, the actual endpoint used by a client should be taken from the result of an earlier session enumeration request to /Sessions/ListAvailable.\n* When StoreFront is configured to use an unauthenticated Store, session enumeration returns an empty list and session launch is therefore unavailable.\n* GetLaunchStatus makes a launch request to the Store Service to determine whether the specified resource is ready to launch. If this returns an ICA file, the ICA file is cached for up to 90 seconds. If a subsequent call is made to LaunchIca within this time, the cached ICA file is returned without making an additional launch request to the Store Service.", "operationId": "Get Session Launch Status", "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/isUsingHttps" }, { "name": "id", "description": "the id of the session", "in": "path", "required": true, "example": "Q29udHJvbGxlci4xODM5MC4y", "schema": { "type": "string" } }, { "name": "launchId", "description": "Clients must append a query string key with a random value to prevent browsers from returning a cached response when making multiple launch requests for the same resource.", "required": false, "example": 1380199200494, "in": "query", "schema": { "type": "string" } } ], "responses": { "200": { "description": "Success/Retry required/failure, or authentication challenge.", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/launchStatus" }, "example": { "status": "success" } }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" }, "404": { "description": "Resource identified by {id} was not found" } } } }, "/Sessions/LaunchIca/{id}": { "get": { "summary": "Request an ICA file for launching the specified session", "tags": [ "Launch Session" ], "description": "* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* The endpoint above is for illustrative purposes, the actual endpoint used by a client should be taken from the result of an earlier session enumeration request to /Sessions/ListAvailable.\n* When StoreFront is configured to use an unauthenticated Store, session enumeration returns an empty list and session launch is therefore unavailable.\n* Launch is a GET instead of a POST so that it can be loaded by a browser in a hidden iframe (via the iframe’s src=”url” attribute) to trigger a launch via file-type association.\n* Clients must append a query string key with a random value to prevent browsers from returning a cached response when making multiple launch requests for the same resource. See the launchId query string parameter.\n* GetLaunchStatus makes a launch request to the Store Service to determine whether the specified resource is ready to launch. If this returns an ICA file, the ICA file is cached for up to 90 seconds. If a subsequent call is made to LaunchIca within this time, the cached ICA file is returned without making an additional launch request to the Store Service.", "operationId": "sessionsLaunchIca", "parameters": [ { "$ref": "#/components/parameters/CsrfTokenQuery" }, { "$ref": "#/components/parameters/isUsingHttpsQuery" }, { "name": "id", "description": "the id of the session", "in": "path", "required": true, "example": "Q29udHJvbGxlci4xODM5MC4y", "schema": { "type": "string" } } ], "responses": { "200": { "description": "Success/Retry required/failure, or authentication challenge. The response body can be either a JSON string as described for GetLaunchStatus or, if the resource is ready to launch, an ICA file.", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/launchStatus" }, "example": { "status": "success" } }, "application/x-ica": { "schema": { "type": "string" }, "example": "[Encoding]\nInputEncoding=UTF8\n\n[WFClient]\nProxyFavorIEConnectionSetting=Yes\nProxyTimeout=30000\nProxyType=Auto\n\n" }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" }, "404": { "description": "Resource identified by {id} was not found" } } } }, "/Sessions/Disconnect": { "post": { "summary": "Disconnects the user’s sessions", "description": "* These requests require an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* When StoreFront is configured to use an unauthenticated Store, there is no associated user for whom sessions can be disconnected, and session disconnect has no effect.\n* This request operates only on sessions that were initiated from the current client, as indicated by the DeviceId cookie", "tags": [ "Session Disconnect and Logoff" ], "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/CtxsDeviceId" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "operationId": "Disconnect Session", "responses": { "200": { "description": "Success/failure, or authentication challenge.", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "type": "object", "properties": { "status": { "type": "string", "description": "Indicates whether the user’s sessions were successfully disconnected with one of the values “success”, “failure”, “partial”. The value “partial” means that some of the user’s sessions were successfully disconnected while others were not." } } }, "example": { "status": "success" } }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } }, "/Sessions/Logoff": { "post": { "summary": "Logs off the user’s sessions", "description": "* This request requires an authenticated session, indicated by the cookies ASP.NET_SessionId and CtxsAuthId.\n* When StoreFront is configured to use an unauthenticated Store, there is no associated user for whom sessions can be logged off, and session log off has no effect.\n* This request operates only on sessions that were initiated from the current client, as indicated by the DeviceId cookie", "tags": [ "Session Disconnect and Logoff" ], "parameters": [ { "$ref": "#/components/parameters/CsrfToken" }, { "$ref": "#/components/parameters/CtxsDeviceId" }, { "$ref": "#/components/parameters/isUsingHttps" } ], "operationId": "Log Off Session", "responses": { "200": { "description": "Success/failure, or authentication challenge.", "headers": { "CitrixWebReceiver-Authenticate": { "$ref": "#/components/headers/CitrixWebReceiver-Authenticate" } }, "content": { "application/json": { "schema": { "type": "object", "properties": { "status": { "type": "string", "description": "Indicates whether the user’s sessions were successfully disconnected with one of the values “success”, “failure”, “partial”. The value “partial” means that some of the user’s sessions were successfully disconnected while others were not." } } }, "example": { "status": "success" } }, "text/plain": { "schema": { "$ref": "#/components/schemas/unauthorized" }, "example": { "unauthorized": true } } } }, "403": { "$ref": "#/components/responses/forbidden" } } } } }, "components": { "headers": { "CitrixWebReceiver-Authenticate": { "description": "If present, indicates that request did not include the required authentication information", "schema": { "type": "string" }, "example": "reason=\"TokenRequired\", location=\"Authentication/GetAuthMethods\"" } }, "parameters": { "isUsingHttps": { "name": "X-Citrix-IsUsingHTTPS", "description": "Is the request using an HTTPS connection", "in": "header", "required": false, "schema": { "type": "string" } }, "isUsingHttpsQuery": { "name": "X-Citrix-IsUsingHTTPS", "description": "Is the request using an HTTPS connection", "in": "query", "required": false, "schema": { "type": "string" } }, "CsrfToken": { "name": "CsrfToken", "description": "Protects against crossite request forgery attacks.", "in": "header", "schema": { "type": "string" } }, "CsrfTokenQuery": { "name": "CsrfToken", "description": "Protects against crossite request forgery attacks.", "in": "query", "schema": { "type": "string" } }, "CtxsDeviceId": { "name": "CtxsDeviceId", "description": "Identifies the device. Use the computer name or other unique identifier.", "in": "cookie", "schema": { "type": "string" } } }, "responses": { "forbidden": { "description": "Forbidden, due to one of the following reasons:\n\n a) Invalid CSRF token or\n\n b) Invalid X-Citrix-IsUsingHTTPS header\n" }, "badSessionRequest": { "description": "A bad request due to one of the following reasons: \\\n a) No session ids provided \\\n b) One or more duplicate session ids \\\n c) One or more invalid session ids for the user.\n" } }, "schemas": { "unauthorized": { "type": "object", "properties": { "unauthorized": { "type": "boolean" } } }, "clientSettings": { "type": "object", "properties": { "session": { "type": "object", "properties": { "timeout": { "description": "The number of minutes of idle time before the web session times out and the user must re-authenticate.", "type": "integer", "xml": { "attribute": true }, "example": 20 }, "userLanguages": { "description": "The list of languages supported by the client (typically browser).", "default": "", "type": "string", "xml": { "attribute": true }, "example": "en-us,en" } } }, "authManager": { "type": "object", "properties": { "getUsernameURL": { "description": "URL to obtain the full user name.", "type": "string", "xml": { "attribute": true }, "example": "Authentication/GetUserName" }, "getUserDetailsURL": { "description": "URL to return the full user name, user's login name and the objectGuid of the user in AD if available.", "type": "string", "xml": { "attribute": true }, "example": "Authentication/GetUserDetails" }, "changeCredentialsURL": { "description": "URL to initiate a change password operation.", "type": "string", "xml": { "attribute": true }, "example": "ExplicitAuth/GetChangeCredentialForm" }, "logoffURL": { "description": "URL to log off the Receiver for Web session.", "type": "string", "xml": { "attribute": true }, "example": "Authentication/Logoff" }, "loginFormTimeout": { "description": "How long Receiver for Web displays the login form for.", "type": "number", "xml": { "attribute": true }, "example": 5 } } }, "storeProxy": { "type": "object", "properties": { "keepAliveURL": { "description": "URL to keep the session alive.", "type": "string", "xml": { "attribute": true }, "example": "Home/KeepAlive" }, "resourcesProxy": { "type": "object", "properties": { "listURL": { "description": "URL to enumerate the user’s available resources.", "type": "string", "xml": { "attribute": true }, "example": "Resources/List" }, "resourceDetails": { "description": "default | full. Whether to return default or extended resource enumeration data.", "type": "string", "xml": { "attribute": true }, "example": "deafult" } } }, "sessionsProxy": { "type": "object", "properties": { "listAvailableURL": { "description": "URL to enumerate the user’s available sessions", "type": "string", "xml": { "attribute": true }, "example": "Sessions/ListAvailable" }, "disconnectURL": { "description": "URL to disconnect the user’s sessions", "type": "string", "example": "Sessions/Disconnect" }, "logoffURL": { "description": "URL to log off the user’s sessions", "type": "string", "xml": { "attribute": true }, "example": "Sessions/Logoff" } } }, "clientAssistantProxy": { "type": "object", "properties": { "getDetectionTicketURL": { "description": "URL to obtain a ticket for the web helper, allowing it to supply client properties.", "type": "string", "xml": { "attribute": true }, "example": "ClientAssistant/GetDetectionTicket" }, "getDetectionStatusURL": { "description": "URL to attempt to request client properties, which are separately supplied directly to the Store by the web helper.", "type": "string", "xml": { "attribute": true }, "example": "ClientAssistant/GetDetectionStatus" } } } } }, "pluginAssistant": { "type": "object", "properties": { "enabled": { "type": "boolean", "description": "Whether to show the Workspace app download information when HDX engine is not detected and when upgrade is available.", "xml": { "attribute": true }, "example": true }, "upgradeAtLogin": { "type": "boolean", "description": "Whether to detect whether a Workspace app upgrade is available.", "xml": { "attribute": true }, "example": false } } } } }, "authMethods": { "type": "array", "items": { "type": "object", "xml": { "name": "method" }, "properties": { "name": { "type": "string", "description": "Identifies the authentication method", "example": null }, "url": { "type": "string", "description": "The url the client uses to initiate authentication using the given method\n\n|Method name|Typical URL (indicative only)|Description|\n|---|---|---|---|\n|ExplicitForms |ExplicitAuth/Login |Explicit authentication with usersupplied credentials such as username, domain and password. |\n|IntegratedWindows |DomainPassthroughAuth/Login |Domain pass-through authentication |\n|Certificate |SmartcardAuth/Login |Smart card (client certificate) authentication |\n|CitrixAGBasic |GatewayAuth/Login |Automatic authentication (singlesign-on) from NetScaler Gateway |\n|PostCredentials |PostCredentialsAuth/Login |Authentication achieve by posting user credentials directly to StoreFront. |" } } }, "xml": { "attribute": false, "wrapped": true } }, "AuthenticationStatus": { "type": "object", "properties": { "Result": { "description": "Value \"success\" or \"failure\".", "type": "string" }, "AuthType": { "type": "string", "description": "The authentication type, one of the authentication method strings \"ExplicitForms\", \"IntegratedWindows\", \"Certificate\", \"CitrixAGBasic\", \"PostCredentials\". Only sent when authentication succeeds." }, "LogMessage": { "type": "string", "description": "An error id indicating the reason for the authentication failure. Typically the generic value 'fatalerror' is returned, but 'sessiontimeout' is returned if the Receiver for Web session has timed out. Only sent when authentication fails." }, "IsChangePasswordEnabled": { "type": "string", "description": "Value \"true\". Only sent when authentication succeeds and elective change password is enabled." }, "IsExpiryNotificationEnabled": { "type": "string", "description": "Value \"true\". Only sent when authentication succeeds, password expiry notification is enabled and the user’s password is due to expire within the configured time." }, "TimeRemaining": { "type": "integer", "description": "The time remaining (in minutes) until the user’s password expires. Only sent when authentication succeeds, password expiry notification is enabled and the user’s password is due to expire within the configured time." } } }, "AuthenticateResponse": { "type": "object" }, "resources": { "type": "object", "properties": { "bundles": { "description": "An optional field detailing each application bundle available to the user. Each object in the array corresponds to a single bundle and contains a set of fields as described in the Bundle Content section below.", "type": "array", "items": { "type": "object", "properties": { "categories": { "type": "array", "description": "An array of strings of categories", "items": { "type": "string" } }, "keywords": { "type": "array", "description": "An array of strings of keywords", "items": { "type": "string" } }, "appnames": { "type": "array", "description": "An array of strings of app names", "items": { "type": "string" } }, "description": { "type": "string", "description": "A string description of the application bundle." }, "tileid": { "type": "string", "description": "A string representing the style associated with the application bundle." }, "title": { "type": "string", "description": "A string containing the title for the bundle." } } } }, "resources": { "description": "Details of each published resource available to the user. Each object in the array corresponds to a single resource", "type": "array", "items": { "type": "object", "properties": { "clienttypes": { "type": "array", "description": "An array of string values identifying the clients supported for launches. Known values include: 'ica30', 'rade', 'rdp' (XenApp/XenDesktop), ‘application/ios’, ‘application/android’ (AppController), ‘g2m’, ‘g2t’, etc (Citrix Online Integration using Generic applications).", "items": { "type": "string" } }, "iconurl": { "description": "The URL to request the resource’s icon image data.\n\n*\tThe iconurl value encodes a particular icon size, as configured in the Web.config site configuration file (resourcesService section, within serverSettings). The StoreFront Store service returns the icon that best matches the requested size.\n*The iconurl represents image data at the point that the enumeration was performed. If the icon for a resource subsequently changes, the URL will not point to the updated image. However, the URL is persistent because it always points to the same icon, although it may return 404 after the icon has been updated on the XenApp/XenDesktop server.", "type": "string" }, "id": { "description": "Unique resource identifier, created by StoreFront.", "type": "string" }, "launchstatusurl": { "description": "The URL to determine whether a resource is ready to launch (see section ICA Launch).", "type": "string" }, "name": { "description": "The user-friendly name of the resource.", "type": "string" }, "path": { "description": "The path defined in the XenApp/XenDesktop site (farm) for the resource.", "type": "string" }, "shortcutvalidationurl": { "description": "The app shortcut validation URL, to confirm that an app may be launched via a shortcut.", "type": "string" }, "assigndesktopurl": { "description": "The URL to assign a desktop to the user. Only supplied for XenDesktop assign-on-first-use desktops.", "type": "string" }, "content": { "description": "Supplied with value true if the resource represents a document as opposed to a published application/desktop, otherwise omitted.", "type": "boolean" }, "description": { "description": "A longer text description of the resource.", "type": "string" }, "desktopassignmenttype": { "description": "The desktop assignment type, one of the values \"shared\", \"assign-on-first-use\" or \"assigned\". Supplied only for XenDesktop resources.", "type": "string" }, "desktophostname": { "description": "The desktop host name, if known. Supplied only for XenDesktop assigned desktops.", "type": "string" }, "disabled": { "description": "Supplied with value true if the resource is not enabled, otherwise omitted.", "type": "boolean" }, "isdesktop": { "description": "Supplied with value true if the resource is a desktop, otherwise omitted.", "type": "boolean" }, "keywords": { "description": "An array of string values identifying keywords associated with the resource.", "type": "array", "items": { "type": "string" } }, "mandatory": { "description": "Supplied with value true if the resource is tagged by the back-end resource provider as mandatory, otherwise omitted.", "type": "boolean" }, "playsfiletypes": { "description": "An array of objects describing the file extensions supported by the resource [Application only].", "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "description": "file type association name" }, "descripton": { "type": "string", "description": "file type association description" }, "isdefault": { "type": "boolean", "description": "whether this is the default file type association" }, "fileextensions": { "type": "array", "items": { "type": "string" }, "description": "array of file extensions that can be opened by this resource" }, "mimetypes": { "description": "array of mime types supported by the resource.", "type": "array", "items": { "type": "string" } }, "parameters": { "description": "array of parameters used for launching the resource", "type": "array", "items": { "type": "string" } } } } }, "position": { "description": "A string representing the relative position of a subscribed resource in the Receiver for Web UI. Only generated for resources for which a position has already been defined.", "type": "string" }, "poweroffurl": { "description": "The URL to make a machine power-off request. Only supplied if the resource can be powered-off, as reported by the StoreFront Resources service.", "type": "string" }, "prelaunchurl": { "description": "The URL to call to contact the AppController prelaunch service to obtain an updated content URL for single sign-on.", "type": "string" }, "recommended": { "description": "Supplied with value true if the resource is tagged by the back-end resource provider as featured or recommended, otherwise omitted.", "type": "boolean" }, "requiresvpn": { "description": "Supplied with value true if the resource is marked (via the Resources Service VPN keyword,) as launchable remotely (with NetScaler Gatway) only when using a VPN, otherwise omitted.", "type": "boolean" }, "requiresworkflow": { "description": "Supplied with value true if workflow is enabled for the resource (typically due to the presence of the WFS keyword, but this may change in future).", "type": "boolean" }, "subscriptionstatus": { "description": "The subscription status (see section Resource Subscription). Supplied after the resource has first been subscribed (even if it is later unsubscribed).", "type": "string" }, "subscriptionurl": { "description": "The URL to make a subscription request (see Resource Subscription). The subscriptionUrl is used for both subscribing to and unsubscribing from a resource, with the operation selected by a POST parameter.", "type": "string" }, "images": { "description": "An array of objects identifying the image sizes and color depths of the resource icon held by the StoreFront Services server (may be used to determine which image sizes are likely to give good results when requested by the client).", "type": "array", "items": { "type": "object", "properties": { "size": { "type": "number" }, "depth": { "type": "number" } } } }, "properties": { "description": "Resource properties - an array of name value pairs associated with the resource and ultimately supplied by the resource provider. Each object in the array contains a string field name describing the property name and a string array field values describing a list of property values.", "type": "array", "items": { "type": "object" } }, "publishername": { "description": "The name of the publisher (the farm name for XenApp).", "type": "string" }, "shortcuturl": { "description": "The app shortcut URL, to use when embedding a link to the resource in a portal page.", "type": "string" }, "subscriptionproperties": { "description": "Subscription properties - an array of name value pairs associated with the resource subscription and stored in the subscription database. Each object in the array contains a string field name for the property name and an optional string array field values for the list of property values. See Resource Subscription.", "type": "array", "items": { "type": "object" } }, "type": { "description": "The resource type, typically one of the following values: Citrix.MPS.Application, Citrix.MPS.Desktop, Citrix.MPS.Document", "type": "string" }, "canquerymachinestate": { "description": "Set to true if this resource can be used as input to the machines/list API.", "type": "boolean" } } } }, "isSubscriptionEnabled": { "description": "Whether subscription operations are enabled for the Store.", "type": "boolean" }, "isUnauthenticatedStore": { "description": "Whether the Store is only accessible without first authenticating.", "type": "boolean" } } }, "launchStatus": { "type": "object", "properties": { "status": { "description": "One of the following strings:\n\n* success: the resource is ready to be launched.\n* retry: currently, the resource is not ready to be launched (for example, a desktop VM that first needs to be powered on before a connection can be made to it), but the launch attempt may be retried later.\n* failure: the attempt to retrieve launch information failed.", "type": "string" }, "pollTimeout": { "description": "Only supplied when status is retry, the number of seconds to wait before retrying the launch request.", "type": "number" }, "errorId": { "description": "Only supplied when status is failure, an error code as described in the Launch section of the StoreFront Store Services API specification.", "type": "string" }, "suggestRestart": { "description": "Only supplied when status is failure, a true or false value indicating whether the Store service included a “remedy hint” that a failed desktop launch could potentially be resolved by restarting the desktop.", "type": "boolean" } } }, "machineControlListStatusParams": { "type": "object", "properties": { "ResourceIds": { "description": "The array of resourceIds to fetch associated machines for. Provided by resources list.", "type": "array", "items": { "type": "string" } } } }, "machineControlListStatusResult": { "type": "object", "properties": { "machines": { "description": "Array of machines associated with the requested resource IDs", "type": "array", "items": { "type": "object", "properties": { "machineData": { "description": "Detailed information about the machine", "type": "object", "properties": { "lastUpdatedTime": { "description": "The timestamp when the machine data was last updated", "type": "string", "format": "date-time", "example": "2025-09-26T08:12:05.1485812Z" }, "machineId": { "description": "Unique identifier for the machine", "type": "string", "example": "Controller.S-1-5-21-1788343907-83030196-1888898617-11259" }, "machineName": { "description": "Display name of the machine", "type": "string", "example": "Desktop 1 $P1" }, "powerActionInProgress": { "description": "Indicates whether a power action is currently in progress on this machine", "type": "boolean", "example": false }, "powerState": { "description": "Current power state of the machine", "type": "string", "enum": [ "On", "Off", "Suspended", "Unmanaged", "Unknown", "Unavailable", "TurningOn", "TurningOff", "Suspending", "Resuming", "NotSupported", "VirtualMachineNotFound" ], "example": "On" }, "registrationState": { "description": "Registration state of the machine with the delivery controller", "type": "string", "enum": [ "Registered", "Unregistered", "Initializing", "AgentError" ], "example": "Registered" }, "sessionSupport": { "description": "Type of sessions supported by the machine", "type": "string", "enum": [ "SingleSession", "MultiSession" ], "example": "SingleSession" }, "shutDownSupported": { "description": "Indicates whether the machine supports the shutdown operation.", "type": "boolean", "example": true }, "suspendSupported": { "description": "Indicates whether the machine supports the suspend operation.", "type": "boolean", "example": true }, "turnOffSupported": { "description": "Indicates whether the machine supports the power off operation.", "type": "boolean", "example": true } } }, "maxLastUpdatedTime": { "description": "Timestamp indicating the time when the power state could have last been updated.", "type": "string", "format": "date-time", "example": "2025-09-26T08:10:05.1329592Z" }, "resourceId": { "description": "The resource ID associated with this machine", "type": "string", "example": "Controller.Desktop 1 $P1" } } } } } }, "machineControlOperation": { "type": "object", "properties": { "machineId": { "description": "The id of the machine to control. Provided by the machines list or sessions list responses. Will look like Controller.S-1-5-21-3729792978-2641905665-2579007459-1105", "type": "string" }, "continuationToken": { "description": "Token provided by a prior call to machine control sevice. Will look like c4068ad9-e9f2-48c3-9c1e-d6ae87006e7e.3621", "type": "number" } } }, "machineControlOperationResult": { "type": "object", "properties": { "isSuccess": { "description": "A value indicating whether the machine control operation completed successfully", "type": "boolean" }, "actionStatus": { "description": "A status description of the action request", "type": "string" }, "continuationid": { "description": "A token the client can use to retry successful requests.", "type": "string" }, "timestamp": { "description": "A value indication the last time the operation was attempted successfully", "type": "string" }, "retrydelayhint": { "description": "Hint on how long the client should wait before retrying. Obsolete and should no longer be used.", "type": "string" }, "status": { "description": "The status. Obsolete and should no longer be used.", "type": "string", "enum": [ "success", "failure" ] } } }, "sessionControlOperation": { "type": "object", "properties": { "SessionIds": { "description": "The array of sessionIds to control. Provided by sessions list. A sessionId will look like Q29udHJvbGxlci5TLTEtNS0yMS0zNzI5NzkyOTc4LTI2NDE5MDU2NjUtMjU3OTAwNzQ1OS0xMTA1LjVjNWI5MzM1LTJmZmMtNGJlYS1hODYzLTBhOTFhNDdiYzQyMw--", "type": "array", "items": { "type": "string" } } } }, "sessionControlOperationResult": { "type": "object", "properties": { "results": { "description": "The results of a user session control action. i.e. Session logoff or disconnect.", "type": "array", "items": { "type": "object", "properties": { "failureReason": { "description": "The reason for failure", "type": "string" }, "isSuccess": { "description": "Was the session control operation successful?", "type": "boolean" }, "sessionId": { "description": "The session the operation applied to.", "type": "string" } } } } } } }, "securitySchemes": { "Session": { "type": "apiKey", "in": "cookie", "name": "ASP.NET_SessionId", "description": "ASP.NET session id, represents the web session between client and Web Proxy" }, "CtxsAuthId": { "type": "apiKey", "in": "cookie", "name": "CtxsAuthId", "description": "Set on log-in. Protects against session fixation attacks." } } }, "security": [ { "Session": [], "CtxsAuthId": [] } ] }