To add a new authenticated user, the action received by cOS Core should be an HTTP POST to the path:

/api/oper/userauth

This action can have the following parameters:

For example, send a POST to the following URI:

/api/oper/userauth

The POST body should contain a string in the following form:

ip=192.168.1.10&interface=wan&session_timeout=60
&idle_timeout=30&username=user3&groups=group1,group2

Note that the above POST body has been split into 2 lines to fit this document's page width. These last two lines should be a single continuous line.

The parameter idle_timeout is optional. If this is not specified, the assumed value will be the same as session_timeout. Both idle_timeout and session_timeout have a maximum allowed value of one month.

In the above body, the username of the new authenticated user is specified as user2 with an IP address of 192.168.1.10. This user can only connect to cOS Core via the wan interface and they are a member of the groups called group1 and group2. The client session timeout in seconds can be set as required. Here, it is 60 seconds.

The JSON reply sent by cOS Core will confirm that the user has been added and specify the parameter values used for the user. It will have the following form:

{
  "error": false,
  "user": {
    "username": "user1",
    "ip": "192.168.1.10",
    "groups": "group1, group2",
    "interface": "wan",
    "agent_type": "Identity Awareness",
    "session_timeout": 60,
    "idle_timeout": 60
  }
}

If there is an error, cOS Core will return a message indicating the problem. For example, if the interface name is incorrect, the following JSON message would be sent back to the client:

{
  "error":true,
  "error_code":400,
  "error_message":"Property 'interface': Unknown interface name"
}