Creates an authenticated URL to start a remote web proxy session in PAM Core.
Requirements
- Authorization with read and write access permission for web proxy sessions in PAM Core.
Request
POST /iso/remote/session
Request parameters
| Parameter | Type | Required | Description | Note |
|---|---|---|---|---|
user |
String | Yes | Username used for authentication. | Must be a registered user in the system. |
credential |
String | No | Username of the credential used in this web proxy session. | For a credential to be used, it must meet the following criteria: Credential is active. Credential linked to the device specified in the request’s device field. Credential covered by the A2A application authorization that generated the access token. Credential does not have an active session on the same device. Credential is of type username/password — SSH keys are excluded from automatic selection. |
device |
String | Yes | Hostname or IP address of the target device. | — |
protocol |
String | Yes | Network protocol (SSH, RDP, HTTPS, among others). | — |
remotedevice |
String | No | Device ID, IP address, or hostname for the web proxy session. | Required only if the session uses domain credentials. |
remoteAddr |
String | No | User's IP address. | The IP address of the user is allowed to start the session. |
port |
Integer | No | Port used throughout the session. | By default, it uses the chosen device's port unless specified. |
remoteapp |
Integer | No | RemoteApp ID. | Only for RemoteApp sessions. |
screensize |
String | No | Screen resolution. | Example: 1920x1080. |
Request example with a credential
{
"user": "user",
"credential": "credential",
"device": "192.168.1.1",
"protocol": "SSH",
"remotedevice": "10",
"remoteAddr": "192.168.1.3",
"port": 22,
"remoteapp": 1,
"screensize": "1920x1080"
}
Request example without a credential
{
"user": "user",
"device": "192.168.1.1",
"protocol": "SSH",
"remotedevice": "10",
"remoteAddr": "192.168.1.3",
"port": 22,
"remoteapp": 1,
"screensize": "1920x1080"
}
Response with a credential
{
"code": 200,
"response": {
"status": 200,
"message": "Session created successfully",
"error": false,
"error_code": 0,
"detail": "",
"mensagem": "Session created successfully",
"erro": false,
"cod_erro": 0
},
"tenant": "Segura",
"session": {
"session_url": "https://<Platform URL>/modulos/auth?_sr=cmJzOi8vTmJQOG1GckRWeHFFY1FkNi8wRUF5bHoweWw3cUdyUk5JbE1oaXZ3TytLak5sUGsydUZ2YnRQaUdhU3YwaUl0TVRILzZHWWtPWjdZdXNKeE01NHFsaVlFdkRqMGZtOG5vbXNDc0d5bUNDdUt2YWFSclJjTG1scUIxSnBUTXdq",
"token": "6a3afbb1************b32262",
"selection_mode": "explicit"
}
}
Response without a credential
{
"code": 200,
"response": {
"status": 200,
"message": "Session created successfully",
"error": false,
"error_code": 0,
"detail": "",
"mensagem": "Session created successfully",
"erro": false,
"cod_erro": 0
},
"tenant": "Segura",
"session": {
"session_url": "https://<Platform URL>/modulos/auth?_sr=cmJzOi8vTmJQOG1GckRWeHFFY1FkNi8wRUF5bHoweWw3cUdyUk5JbE1oaXZ3TytLak5sUGsydUZ2YnRQaUdhU3YwaUl0TVRILzZHWWtPWjdZdXNKeE01NHFsaVlFdkRqMGZtOG5vbXNDc0d5bUNDdUt2YWFSclJjTG1scUIxSnBUTXdq",
"token": "6a3afbb1************b32262",
"selection_mode": "automatic"
}
}
Response body fields
| Field | Type | Description |
|---|---|---|
session |
Object | Data of the created session. |
session_url |
String | URL to start the authenticated web proxy session. |
token |
String | Authentication token associated with the web proxy session. |
selection_mode |
String | Selection mode associated with the web proxy session. If a credential is specified, the value is “explicit”; if no credential is specified, the value is “automatic”. |
Attention
The token value is sensitive and must be kept confidential.
Common errors
| Status/Error code | Message | Possible cause | Solution |
|---|---|---|---|
| 400 – Bad Request | "Username not specified." | The required username parameter for the session was not provided. | Provide a username already registered in Segura® Platform and resend the request. |
| 400 – Bad Request | "Credential not specified." | The required credential parameter for the session was not provided. | Provide the credential and resend the request. |
| 400 – Bad Request | "Credential device not specified." | The required device parameter for the session was not provided. | Provide the device and resend the request. |
| 400 – Bad Request | "Invalid protocol." | The required protocol parameter for the session was not provided or is incorrect. | Provide a value for the protocol parameter and resend the request. |
| 404 – Not Found | "Resource sub not found." | The URL or requested resource is incorrect. | Check the URL and ensure all parameters are correct. |
| 500 – Internal Server Error | "Unexpected error." | The error is on the Segura® Platform server. | Contact the support team for more information. |
| 500 – Internal Server Error | "You are not authorized to access this resource." | You don’t have authorization to access this resource. | Ask the administrator to verify your access permission to Web Proxy Session resources in A2A. |
| Client authentication failed | "Client authentication failed." | Authentication failure of your application with the Segura® Platform server. | Check authentication parameters such as Access Token URL, Client ID, and Client secret, and request a new token. |
| Invalid signature | "Invalid signature." | Failure to recognize the client application URL. | Verify the client application URL and resend the request. |
| No route matched with those values | "No route matched with those values." | Missing authorization header in the API request. | Request a new access token. |
| Request timed out | "Request timed out." | The request time expired. | Check the connectivity between the request origin and the Segura® Platform server. |
| 409 | “session.no_available_credential” | No credentials are available for automatic selection on the specified device. Either all eligible credentials are currently active in a session, or there are no username/password credentials accessible under the application’s authorization. | Enable credentials to be automatically selected by ending their current session or give the application’s authorization access to new credentials. |