application_segment¶
The following methods allow for interaction with the ZPA Application Segments API endpoints.
Methods are accessible via zpa.application_segment
Copyright (c) 2023, Zscaler Inc.
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- class ApplicationSegmentAPI¶
Bases:
APIClient- add_segment(**kwargs)¶
Create a new application segment.
See the Adding a Application Segment Using API reference: for further detail on optional keyword parameter structures.
- Parameters:
name (str) – Required. Name of the application segment (user-defined).
domain_names (list of str) – Required. Domain names or IP addresses for the segment.
segment_group_id (str) – Required. Unique identifier for the segment group.
server_group_ids (list of str) – Required. List of server group IDs this segment belongs to.
tcp_port_ranges (list of str, optional) – Legacy format. TCP port range pairs (e.g., [‘22’, ‘22’]).
udp_port_ranges (list of str, optional) – Legacy format. UDP port range pairs (e.g., [‘35000’, ‘35000’]).
tcp_port_range (list of dict, optional) – New format. TCP port range pairs [{“from”: “8081”, “to”: “8081”}].
udp_port_range (list of dict, optional) – New format. UDP port range pairs [{“from”: “8081”, “to”: “8081”}].
- Keyword Arguments:
bypass_type (str) – Bypass type for the segment. Values: ALWAYS, NEVER, ON_NET.
clientless_app_ids (list) – IDs for associated clientless apps.
description (str) – Additional information about the segment.
double_encrypt (bool) – If true, enables double encryption.
enabled (bool) – If true, enables the application segment.
health_check_type (str) – Health Check Type. Values: DEFAULT, NONE.
health_reporting (str) – Health Reporting mode. Values: NONE, ON_ACCESS, CONTINUOUS.
ip_anchored (bool) – If true, enables IP Anchoring.
is_cname_enabled (bool) – If true, enables CNAMEs for the segment.
passive_health_enabled (bool) – If true, enables Passive Health Checks.
icmp_access_type (str) – Sets ICMP access type for ZPA clients.
microtenant_id (str, optional) – ID of the microtenant, if applicable.
- Returns:
A tuple containing the ApplicationSegment instance, response object, and error if any.
- Return type:
Tuple
Examples
Create an application segment using legacy TCP port format (tcp_port_ranges):
>>> added_segment, _, err = client.zpa.application_segment.add_segment( ... name=f"NewAppSegment_{random.randint(1000, 10000)}", ... description=f"NewAppSegment_{random.randint(1000, 10000)}", ... enabled=True, ... domain_names=["test.example.com", "test1.example.com"], ... segment_group_id="72058304855089379", ... server_group_ids=["72058304855090128"], ... tcp_port_ranges=["8081", "8081"], ... ) ... if err: ... print(f"Error creating segment: {err}") ... return ... print(f"segment created successfully: {added_segment.as_dict()}")
Create an application segment using new TCP port format (tcp_port_range):
>>> added_segment, _, err = client.zpa.application_segment.add_segment( ... name=f"NewAppSegment_{random.randint(1000, 10000)}", ... description=f"NewAppSegment_{random.randint(1000, 10000)}", ... enabled=True, ... domain_names=["test.example.com", "test1.example.com"], ... segment_group_id="72058304855089379", ... server_group_ids=["72058304855090128"], ... tcp_port_range=[{"from": "8081", "to": "8081"}], # Single port range using 'from' and 'to' ... ) ... if err: ... print(f"Error creating segment: {err}") ... return ... print(f"segment created successfully: {added_segment.as_dict()}")
Create an Browser Access application segment:
>>> added_segment, _, err = client.zpa.application_segment.add_segment( ... name=f"NewAppSegment_{random.randint(1000, 10000)}", ... description=f"NewAppSegment_{random.randint(1000, 10000)}", ... enabled=True, ... domain_names=["test.example.com", "test1.example.com"], ... segment_group_id="72058304855089379", ... server_group_ids=["72058304855090128"], ... tcp_port_range=[{"from": "8081", "to": "8081"}], ... clientless_app_ids=[ ... { ... "name": "jenkins.securitygeek.io", ... "enabled": True, ... "certificate_id": "72058304855021564", ... "application_port": "4443", ... "application_protocol": "HTTPS", ... "domain": "jenkins.securitygeek.io", ... } ... ] ... ) ... if err: ... print(f"Error creating segment: {err}") ... return ... print(f"segment created successfully: {added_segment.as_dict()}")
- add_segment_provision(**kwargs)¶
Provision a new application segment for a given customer, creating all related objects as needed.
This endpoint allows you to create and provision an application segment along with advanced options such as server group DTOs, extranet settings, health reporting, ICMP control, and more.
- Parameters:
name (str) – Required. Name of the application segment.
domain_names (list of str) – Required. List of domain names or FQDNs for the application.
segment_group_id (str) – Required. ID of the segment group the application belongs to.
server_group_ids (list of str) – Required. List of server group IDs assigned to the application.
tcp_port_ranges (list of str, optional) – Legacy TCP port ranges (e.g., [‘8081’, ‘8081’]).
udp_port_ranges (list of str, optional) – Legacy UDP port ranges.
tcp_port_range (list of dict, optional) – Modern TCP port range object list (e.g., [{‘from’: 80, ‘to’: 443}]).
udp_port_range (list of dict, optional) – Modern UDP port range object list.
- Keyword Arguments:
description (str) – Description of the application segment.
enabled (bool) – Whether the application is enabled.
health_reporting (str) – Health reporting mode. Valid values: NONE, ON_ACCESS, CONTINUOUS.
ip_anchored (bool) – Whether IP Anchoring is enabled.
select_connector_close_to_app (bool) – Prefer nearest connector routing.
icmp_access_type (str) – ICMP access policy. Values: PING, NONE.
match_style (str) – Segment matching style. Values: EXCLUSIVE, INCLUSIVE.
is_cname_enabled (bool) – Whether CNAME support is enabled.
tcp_keep_alive (str) – TCP keepalive option. Usually “0” or “1”.
fqdn_dns_check (bool) – Whether FQDN DNS checking is enabled.
adp_enabled (bool) – Enable App Discovery Protection.
domain (str) – Domain alias for the application.
trust_untrusted_cert (bool) – Trust untrusted server certificates.
bypass_on_reauth (bool) – Bypass policy evaluation on reauthentication.
bypass_type (str) – Bypass mode. Values: NEVER, ALWAYS, ON_NET.
hide_dependencies (bool) – Whether to hide dependency discovery info.
extranet_enabled (bool) – Whether Extranet Application Support is enabled
application_group (dict) – Application group metadata. Example: {“id”: “72058304855114308”}.
server_group_dtos (list of dict) –
Full definition of server groups, including nested Extranet DTO structure:
id (str): Server group ID
dynamic_discovery (bool)
name (str)
- extranet_dto (dict): Extranet settings
zia_er_name (str)
zpn_er_id (str)
- location_group_dto (list of dict): Each with:
id (str)
zia_locations (list of dict): Each with id
location_dto (list of dict): Each with id
extranet_enabled (bool): Whether Extranet Application Support is enabled
- Returns:
A tuple of (ApplicationSegment object, raw response, error).
- Return type:
Examples
>>> added_segment, _, err = client.zpa.application_segment.add_segment_provision( ... name="app02", ... description="App with Extranet", ... domain_names=["app02.acme.com"], ... server_group_ids=["72058304855116228"], ... application_group={"id": "72058304855114308"}, ... server_group_dtos=[ ... { ... "id": "72058304855116228", ... "dynamic_discovery": True, ... "name": "SRV_Extranet01", ... "extranet_dto": { ... "zia_er_name": "NewExtranet 1002", ... "zpn_er_id": "72058304855111768", ... "location_group_dto": [ ... { ... "id": "72058304855111771", ... "zia_locations": [{"id": "72058304855116226"}] ... } ... ], ... "location_dto": [{"id": "72058304855116226"}] ... }, ... "extranet_enabled": True ... } ... ], ... extranet_enabled=True, ... tcp_port_ranges=["8081", "8081"], ... icmp_access_type="PING", ... is_cname_enabled=True, ... trust_untrusted_cert=True, ... tcp_keep_alive="0", ... bypass_on_reauth=True, ... bypass_type="NEVER", ... enabled=True ... ) >>> if err: ... print(f"Error adding segment: {err}") ... else: ... print(f"Segment added successfully: {added_segment.as_dict()}")
- app_segment_move(application_id, **kwargs)¶
Moves application segments from one microtenant to another Note: Application segments can only be moved from a Default Microtenant microtenant_id as 0 to a child tenant
See the Moving Application Segments between Microtenants Using API reference: for further detail on optional keyword parameter structures.
- Parameters:
application_id (str) – The unique identifier of the Application Segment.
target_segment_group_id (str) – The unique identifier of the target segment group that the application segment is being moved to.
target_server_group_id (str) – The unique identifier of the target server group that the application segment is being moved to.
target_microtenant_id (str) – The unique identifier of the Microtenant that the application segment is being moved to.
Keyword Args:
- Returns:
The resource record for the moved application segment.
- Return type:
Tuple
Examples
Moving an application segment to another microtenant:
>>> zpa.app_segments.app_segment_move( ... application_id='216199618143373016', ... target_segment_group_id='216199618143373010', ... target_server_group_id='216199618143373012', ... target_microtenant_id='216199618143372994' ... )
Shares the application segment to the Microtenant for the specified ID.
See the Sharing Application Segments between Microtenants Using API reference: for further detail on optional keyword parameter structures.
- Parameters:
application_id (str) – The unique identifier of the Application Segment.
share_to_microtenants (
listofstr) – The unique identifier of the Microtenant that the application segment is being shared to. This field is required if you want to share an application segment. To remove the share send the attribute as an empty list.
Keyword Args:
- Returns:
An empty tuple object if the operation is successful.
- Return type:
Tuple
Examples
Moving an application segment to another microtenant:
>>> zpa.app_segments.app_segment_share( ... application_id='216199618143373016', ... share_to_microtenants=['216199618143373010'] ... )
- application_segment_export(query_params=None)¶
Export application segments as a CSV document.
This endpoint returns a raw CSV file containing application segment data with headers and comma-separated values.
- Parameters:
{dict} (query_params) –
Map of query parameters for the request.
[query_params.single]{bool}: Returns a single application segment[query_params.microtenant_id]{str}: The unique identifier of the microtenant of ZPA tenant.- Returns:
A tuple containing the CSV content as a string, the response object, and error if any.
- Return type:
Tuple
Examples
>>> csv_content, _, err = client.zpa.application_segment.application_segment_export() ... if err: ... print(f"Error exporting application segments: {err}") ... return ... print(csv_content) ... # Optionally save to file ... with open('application_segments.csv', 'w', encoding='utf-8') as f: ... f.write(csv_content)
- bulk_update_multimatch(**kwargs)¶
Update multimatch feature in multiple application segments.
- Parameters:
- Keyword Arguments:
microtenant_id (str, optional) – ID of the microtenant, if applicable.
- Returns:
A tuple containing the updated
MultiMatchUnsupportedReferencesobject, the raw response object, and an error object (if any).- Return type:
Tuple
Examples
Updating multiple application segments with new multimatch settings:
>>> bulk_update, _, err = client.zpa.application_segment.bulk_update_multimatch( ... application_ids=["216196257331372697", "216196257331372698"], ... match_style="INCLUSIVE" ... ) >>> if err: ... print(f"Error updating multimatch: {err}") ... return ... print(f"Multimatch updated successfully: {bulk_update.as_dict()}")
- delete_segment(segment_id, force_delete=False, microtenant_id=None)¶
Deletes the specified Application Segment from ZPA.
See the Deleting a Application Segment Using API reference: for further detail on optional keyword parameter structures.
- Parameters:
- Returns:
A tuple containing the response and error (if any).
- Return type:
Examples
>>> _, _, err = client.zpa.application_segment.delete_segment( ... segment_id='999999' ... ) ... if err: ... print(f"Error deleting application segment: {err}") ... return ... print(f"Application segment with ID {'999999'} deleted successfully.")
- get_application_segment_count()¶
Returns the count of configured application segments for the provided customer.
This endpoint returns a list of dictionaries, each containing the number of applications configured and the date when the configuration was set.
- Returns:
A tuple containing a list of dictionaries with appsConfigured and configuredDateInEpochSeconds, the response object, and error if any.
- Return type:
Tuple
Examples
>>> counts, _, err = client.zpa.application_segment.get_application_segment_count() ... if err: ... print(f"Error getting application segment count: {err}") ... return ... print(f"Found {len(counts)} count records:") ... for count in counts: ... print(f"Apps configured: {count.get('appsConfigured')}") ... print(f"Configured date: {count.get('configuredDateInEpochSeconds')}")
- get_application_segment_mappings(segment_id, query_params=None)¶
Get the Application Segment Mapping details.
This endpoint returns a list of mappings for the specified application segment, each containing names and a type.
- Parameters:
segment_id (str) – The unique identifier of the application segment.
- Keyword Arguments:
{dict} (query_params) –
Map of query parameters for the request.
[query_params.microtenant_id]{str}: The unique identifier of the microtenant of ZPA tenant.- Returns:
A tuple containing a list of dictionaries with names (list of strings) and type (string), the response object, and error if any.
- Return type:
Tuple
Examples
>>> mappings, _, err = client.zpa.application_segment.get_application_segment_mappings( ... segment_id='999999' ... ) ... if err: ... print(f"Error getting application segment mappings: {err}") ... return ... print(f"Found {len(mappings)} mappings:") ... for mapping in mappings: ... print(f"Type: {mapping.get('type')}") ... print(f"Names: {mapping.get('names')}")
- get_current_and_max_limit()¶
Get current Applications count and maxLimit configured for a given customer.
This endpoint returns the current number of applications and the maximum limit allowed for the customer without requiring any parameters.
- Returns:
A tuple containing a dictionary with currentAppsCount and maxAppsLimit, the response object, and error if any.
- Return type:
Tuple
Examples
>>> limits, _, err = client.zpa.application_segment.get_current_and_max_limit() ... if err: ... print(f"Error getting current and max limit: {err}") ... return ... print(f"Current apps count: {limits.get('currentAppsCount')}") ... print(f"Max apps limit: {limits.get('maxAppsLimit')}")
- get_multimatch_unsupported_references(domains, **kwargs)¶
Get the unsupported feature references for multimatch for domains.
This endpoint checks which application segments have unsupported features when using multimatch functionality for the specified domains.
- Parameters:
- Returns:
A tuple containing (list of MultiMatchUnsupportedReferences instances, Response, error).
- Return type:
Tuple
Examples
>>> references, _, err = client.zpa.application_segment.get_multimatch_unsupported_references( ... ["app2.securitygeek.io"] ... ) ... if err: ... print(f"Error getting multimatch unsupported references: {err}") ... return ... print(f"Found {len(references)} references with unsupported features:") ... for ref in references: ... print(f"Reference: {ref.as_dict()}") ... print("---")
- get_segment(segment_id, query_params=None)¶
Retrieve an application segment by its ID.
See the Retrieving a Application Segment Using API reference: for further detail on optional keyword parameter structures.
- Parameters:
segment_id (str) – The unique identifier of the application segment.
- Keyword Arguments:
{str} ([query_params.microtenant_id]) – The unique identifier of the microtenant of ZPA tenant.
- Returns:
A tuple containing the ApplicationSegment instance, response object, and error if any.
- Return type:
Tuple
Examples
>>> fetched_segment, _, err = client.zpa.application_segment.get_segment('999999') ... if err: ... print(f"Error fetching segment by ID: {err}") ... return ... print(f"Fetched segment by ID: {fetched_segment.as_dict()}")
- get_weighted_lb_config(segment_id, query_params=None)¶
Get Weighted Load Balancer Config for AppSegment
See the Retrieving Load Balancer Config for AppSegment Using API reference: for further detail on optional keyword parameter structures.
- Parameters:
segment_id (str) – The unique identifier of the application segment.
- Keyword Arguments:
microtenant_id (str, optional) – ID of the microtenant, if applicable.
- Returns:
A tuple containing the ApplicationSegment instance, response object, and error if any.
- Return type:
Tuple
Examples
>>> fetched_lb_config, _, err = client.zpa.application_segment.get_weighted_lb_config('999999') ... if err: ... print(f"Error fetching app segment LB config by ID: {err}") ... return ... print(f"Fetched app segment LB by ID: {fetched_lb_config.as_dict()}")
- list_segments(query_params=None)¶
Enumerates application segments in your organization with pagination. A subset of application segments can be returned that match a supported filter expression or query.
See the Retrieving a list of Application Segments Using API reference: for further detail on optional keyword parameter structures.
- Parameters:
{dict} (query_params) –
Map of query parameters for the request.
[query_params.page]{str}: Specifies the page number.[query_params.page_size]{str}: Specifies the page size.If not provided, the default page size is 20. The max page size is 500.
[query_params.search]{str}: Search string for filtering results.[query_params.microtenant_id]{str}: The unique identifier of the microtenant of ZPA tenant.- Returns:
A tuple containing (list of ApplicationSegment instances, Response, error)
- Return type:
Tuple
Examples
>>> segment_list, _, err = client.zpa.application_segment.list_segments( ... query_params={'search': 'AppSegment01', 'page': '1', 'page_size': '100'}) ... if err: ... print(f"Error listing application segments: {err}") ... return ... print(f"Total application segments found: {len(segment_list)}") ... for app in segments: ... print(app.as_dict())
- reformat_params = [('clientless_app_ids', 'clientlessApps'), ('server_group_ids', 'serverGroups')]¶
A client object for the Application Segments resource.
- update_segment(segment_id, **kwargs)¶
Update an existing application segment.
See the Updating Application Segments Using API reference: for further detail on optional keyword parameter structures.
- Parameters:
segment_id (str) – The unique identifier of the application segment.
- Keyword Arguments:
microtenant_id (str, optional) – ID of the microtenant, if applicable.
- Returns:
A tuple containing the updated ApplicationSegment instance, response object, and error if any.
- Return type:
Tuple
Examples
Update an application segment using legacy TCP port format (tcp_port_ranges):
>>> update_segment, _, err = client.zpa.application_segment.update_segment( ... segment_id='56687421', ... name=f"UpdateAppSegment_{random.randint(1000, 10000)}", ... description=f"UpdateAppSegment_{random.randint(1000, 10000)}", ... enabled=True, ... domain_names=["test.example.com", "test1.example.com"], ... segment_group_id="72058304855089379", ... server_group_ids=["72058304855090128"], ... tcp_port_ranges=["8081", "8081"], ... ) ... if err: ... print(f"Error updating segment: {err}") ... return ... print(f"segment updated successfully: {update_segment.as_dict()}")
Update an application segment using new TCP port format (tcp_port_range):
>>> update_segment, _, err = client.zpa.application_segment.update_segment( ... segment_id='56687421', ... name=f"UpdateAppSegment_{random.randint(1000, 10000)}", ... description=f"UpdateAppSegment_{random.randint(1000, 10000)}", ... enabled=True, ... domain_names=["test.example.com", "test1.example.com"], ... segment_group_id="72058304855089379", ... server_group_ids=["72058304855090128"], ... tcp_port_range=[{"from": "8081", "to": "8081"}], ... ) ... if err: ... print(f"Error updating segment: {err}") ... return ... print(f"segment updated successfully: {update_segment.as_dict()}")
Update an Browser Access application segment
>>> update_segment, _, err = client.zpa.application_segment.update_segment( ... segment_id='99999', ... name=f"UpdateAppSegment_{random.randint(1000, 10000)}", ... description=f"UpdateAppSegment_{random.randint(1000, 10000)}", ... enabled=True, ... domain_names=["test.example.com", "test1.example.com"], ... segment_group_id="72058304855089379", ... server_group_ids=["72058304855090128"], ... tcp_port_range=[{"from": "8081", "to": "8081"}], ... clientless_app_ids=[ { "name": "jenkins.securitygeek.io", "enabled": True, "certificate_id": "72058304855021564", "application_port": "4443", "application_protocol": "HTTPS", "domain": "jenkins.securitygeek.io", } ] ... ) ... if err: ... print(f"Error updating segment: {err}") ... return ... print(f"segment updated successfully: {update_segment.as_dict()}")
- update_weighted_lb_config(segment_id, query_params=None, **kwargs)¶
Updates the Weighted Load Balancing configuration for the specified Application Segment.
This operation allows you to configure load balancing behavior for the application segment by assigning server groups, weights, and passive mode settings.
See the Weighted Load Balancing API reference: for further detail on payload structure.
- Parameters:
segment_id (str) – The unique identifier of the Application Segment whose weighted load balancing configuration is to be updated.
- Keyword Arguments:
weighted_load_balancing (bool) – Flag to enable or disable weighted load balancing on the segment.
application_to_server_group_mappings (list of dict) –
A list of mappings that define server groups and their associated weights and passive flags. Each item must be a dictionary with the following keys:
id (str): The ID of the server group.
weight (str): The weight assigned to this server group.
passive (bool): Indicates whether the server group operates in passive mode.
microtenant_id (str, optional) – The ID of the microtenant, if applicable in a multi-tenant environment.
- Returns:
A tuple containing the updated
WeightedLBConfigobject, the raw response object, and an error object (if any).- Return type:
Tuple
Examples
Updating an application segment with new weighted load balancing settings:
>>> update_lb, _, err = client.zpa.application_segment.update_weighted_lb_config( ... segment_id='72058304855090129', ... weighted_load_balancing=True, ... application_to_server_group_mappings=[ ... { ... "id": "72058304855090128", ... "weight": "10", ... "passive": True ... }, ... { ... "id": "72058304855047747", ... "weight": "20", ... "passive": False ... } ... ]) >>> if err: ... print(f"Error updating application segment lb: {err}") ... return ... print(f"Application segment lb updated successfully: {update_lb.as_dict()}")