Admin API Reference
Base URL: https://admin.avon.example.com/api/v1
Authentication: Bearer token (JWT) in the Authorization header.
Agents
| Method | Endpoint | Description |
|---|
GET | /agents | List all agents (supports ?status=online&page=1&per_page=20) |
GET | /agents/{id} | Get agent details |
DELETE | /agents/{id} | Remove an agent |
POST | /agents/{id}/revoke | Revoke agent certificate |
Example — List online agents:
curl -H "Authorization: Bearer $TOKEN"
"https://admin.avon.example.com/api/v1/agents?status=online"
Enrollment Tokens
| Method | Endpoint | Description |
|---|
GET | /enrollment-tokens | List tokens |
POST | /enrollment-tokens | Create a token |
DELETE | /enrollment-tokens/{id} | Revoke a token |
Example — Create an enrollment token:
curl -X POST -H "Authorization: Bearer $TOKEN"
-H "Content-Type: application/json"
-d '{
"name": "batch-engineering",
"groups": ["engineering"],
"expires_in": "24h",
"max_uses": 50
}'
"https://admin.avon.example.com/api/v1/enrollment-tokens"
Policies
| Method | Endpoint | Description |
|---|
GET | /policies | List all policies |
POST | /policies | Create a policy |
PUT | /policies/{id} | Update a policy |
DELETE | /policies/{id} | Delete a policy |
POST | /policies/evaluate | Dry-run policy evaluation |
Example — Dry-run a policy check:
curl -X POST -H "Authorization: Bearer $TOKEN"
-H "Content-Type: application/json"
-d '{
"agent_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"resource": {
"network": "10.100.5.0/24",
"port": 443,
"protocol": "tcp"
}
}'
"https://admin.avon.example.com/api/v1/policies/evaluate"
Sessions
| Method | Endpoint | Description |
|---|
GET | /sessions | List active sessions |
DELETE | /sessions/{id} | Terminate a session |
POST | /sessions/terminate-all | Emergency: terminate all sessions |
Groups
| Method | Endpoint | Description |
|---|
GET | /groups | List groups |
POST | /groups | Create a group |
Health
| Method | Endpoint | Description |
|---|
GET | /health | Health check |
GET | /metrics | Prometheus metrics |