Chrome Verified Access API
API for Verified Access chrome extension to provide credential verification for chrome devices connecting to an enterprise network
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"openapi": "3.0.0",
"servers": [
{
"url": "https://verifiedaccess.googleapis.com/"
}
],
"info": {
"contact": {
"name": "Google",
"url": "https://google.com",
"x-twitter": "youtube"
},
"description": "API for Verified Access chrome extension to provide credential verification for chrome devices connecting to an enterprise network",
"license": {
"name": "Creative Commons Attribution 3.0",
"url": "http://creativecommons.org/licenses/by/3.0/"
},
"termsOfService": "https://developers.google.com/terms/",
"title": "Chrome Verified Access API",
"version": "v2",
"x-apiClientRegistration": {
"url": "https://console.developers.google.com"
},
"x-apisguru-categories": [
"analytics",
"media"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_www.google.com_images_branding_googlelogo_2x_googlelogo_color_272x92dp.png"
},
"x-origin": [
{
"format": "google",
"url": "https://verifiedaccess.googleapis.com/$discovery/rest?version=v2",
"version": "v1"
}
],
"x-preferred": true,
"x-providerName": "googleapis.com",
"x-serviceName": "verifiedaccess"
},
"externalDocs": {
"url": "https://developers.google.com/chrome/verified-access"
},
"tags": [
{
"name": "challenge"
}
],
"paths": {
"/v2/challenge:generate": {
"parameters": [
{
"$ref": "#/components/parameters/_.xgafv"
},
{
"$ref": "#/components/parameters/access_token"
},
{
"$ref": "#/components/parameters/alt"
},
{
"$ref": "#/components/parameters/callback"
},
{
"$ref": "#/components/parameters/fields"
},
{
"$ref": "#/components/parameters/key"
},
{
"$ref": "#/components/parameters/oauth_token"
},
{
"$ref": "#/components/parameters/prettyPrint"
},
{
"$ref": "#/components/parameters/quotaUser"
},
{
"$ref": "#/components/parameters/upload_protocol"
},
{
"$ref": "#/components/parameters/uploadType"
}
],
"post": {
"description": "Generates a new challenge.",
"operationId": "verifiedaccess.challenge.generate",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Empty"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Challenge"
}
}
},
"description": "Successful response"
}
},
"security": [
{
"Oauth2": [
"https://www.googleapis.com/auth/verifiedaccess"
],
"Oauth2c": [
"https://www.googleapis.com/auth/verifiedaccess"
]
}
],
"tags": [
"challenge"
]
}
},
"/v2/challenge:verify": {
"parameters": [
{
"$ref": "#/components/parameters/_.xgafv"
},
{
"$ref": "#/components/parameters/access_token"
},
{
"$ref": "#/components/parameters/alt"
},
{
"$ref": "#/components/parameters/callback"
},
{
"$ref": "#/components/parameters/fields"
},
{
"$ref": "#/components/parameters/key"
},
{
"$ref": "#/components/parameters/oauth_token"
},
{
"$ref": "#/components/parameters/prettyPrint"
},
{
"$ref": "#/components/parameters/quotaUser"
},
{
"$ref": "#/components/parameters/upload_protocol"
},
{
"$ref": "#/components/parameters/uploadType"
}
],
"post": {
"description": "Verifies the challenge response.",
"operationId": "verifiedaccess.challenge.verify",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyChallengeResponseRequest"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyChallengeResponseResult"
}
}
},
"description": "Successful response"
}
},
"security": [
{
"Oauth2": [
"https://www.googleapis.com/auth/verifiedaccess"
],
"Oauth2c": [
"https://www.googleapis.com/auth/verifiedaccess"
]
}
],
"tags": [
"challenge"
]
}
}
},
"components": {
"parameters": {
"_.xgafv": {
"description": "V1 error format.",
"in": "query",
"name": "$.xgafv",
"schema": {
"enum": [
"1",
"2"
],
"type": "string"
}
},
"access_token": {
"description": "OAuth access token.",
"in": "query",
"name": "access_token",
"schema": {
"type": "string"
}
},
"alt": {
"description": "Data format for response.",
"in": "query",
"name": "alt",
"schema": {
"enum": [
"json",
"media",
"proto"
],
"type": "string"
}
},
"callback": {
"description": "JSONP",
"in": "query",
"name": "callback",
"schema": {
"type": "string"
}
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"in": "query",
"name": "fields",
"schema": {
"type": "string"
}
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"in": "query",
"name": "key",
"schema": {
"type": "string"
}
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"in": "query",
"name": "oauth_token",
"schema": {
"type": "string"
}
},
"prettyPrint": {
"description": "Returns response with indentations and line breaks.",
"in": "query",
"name": "prettyPrint",
"schema": {
"type": "boolean"
}
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"in": "query",
"name": "quotaUser",
"schema": {
"type": "string"
}
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"in": "query",
"name": "uploadType",
"schema": {
"type": "string"
}
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"in": "query",
"name": "upload_protocol",
"schema": {
"type": "string"
}
}
},
"schemas": {
"Challenge": {
"description": "Result message for VerifiedAccess.GenerateChallenge.",
"properties": {
"alternativeChallenge": {
"description": "Challenge generated with the old signing key, the bytes representation of SignedData (this will only be present during key rotation).",
"format": "byte",
"type": "string"
},
"challenge": {
"description": "Generated challenge, the bytes representation of SignedData.",
"format": "byte",
"type": "string"
}
},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
"properties": {},
"type": "object"
},
"VerifyChallengeResponseRequest": {
"description": "Signed ChallengeResponse.",
"properties": {
"challengeResponse": {
"description": "Required. The generated response to the challenge, the bytes representation of SignedData.",
"format": "byte",
"type": "string"
},
"expectedIdentity": {
"description": "Optional. Service can optionally provide identity information about the device or user associated with the key. For an EMK, this value is the enrolled domain. For an EUK, this value is the user's email address. If present, this value will be checked against contents of the response, and verification will fail if there is no match.",
"type": "string"
}
},
"type": "object"
},
"VerifyChallengeResponseResult": {
"description": "Result message for VerifiedAccess.VerifyChallengeResponse.",
"properties": {
"customerId": {
"description": "Unique customer id that this device belongs to, as defined by the Google Admin SDK at https://developers.google.com/admin-sdk/directory/v1/guides/manage-customers",
"type": "string"
},
"devicePermanentId": {
"description": "Device permanent id is returned in this field (for the machine response only).",
"type": "string"
},
"deviceSignal": {
"description": "Device signal in json string representation.",
"type": "string"
},
"keyTrustLevel": {
"description": "Device attested key trust level.",
"enum": [
"KEY_TRUST_LEVEL_UNSPECIFIED",
"CHROME_OS_VERIFIED_MODE",
"CHROME_OS_DEVELOPER_MODE",
"CHROME_BROWSER_HW_KEY",
"CHROME_BROWSER_OS_KEY"
],
"type": "string"
},
"signedPublicKeyAndChallenge": {
"description": "Certificate Signing Request (in the SPKAC format, base64 encoded) is returned in this field. This field will be set only if device has included CSR in its challenge response. (the option to include CSR is now available for both user and machine responses)",
"type": "string"
},
"virtualDeviceId": {
"description": "Virtual device id of the device. The definition of virtual device id is platform-specific.",
"type": "string"
}
},
"type": "object"
}
},
"securitySchemes": {
"Oauth2": {
"description": "Oauth 2.0 implicit authentication",
"flows": {
"implicit": {
"authorizationUrl": "https://accounts.google.com/o/oauth2/auth",
"scopes": {
"https://www.googleapis.com/auth/verifiedaccess": "Verify your enterprise credentials"
}
}
},
"type": "oauth2"
},
"Oauth2c": {
"description": "Oauth 2.0 authorizationCode authentication",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://accounts.google.com/o/oauth2/auth",
"scopes": {
"https://www.googleapis.com/auth/verifiedaccess": "Verify your enterprise credentials"
},
"tokenUrl": "https://accounts.google.com/o/oauth2/token"
}
},
"type": "oauth2"
}
}
}
}