---
title: CLI for sideband ASE
description: Start ASE
component: pingintelligence
version: 5.1
page_id: pingintelligence:api_security_enforcer:pingintelligence_cli_sideband_ase
canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/api_security_enforcer/pingintelligence_cli_sideband_ase.html
revdate: March 29, 2024
---

# CLI for sideband ASE

* Start ASE

  Start ASE

  **Syntax**

  `./start.sh`

* Stop ASE

  Stop ASE

  **Syntax**

  `./stop.sh`

* Help

  Displays cli.sh help

  **Syntax**

  `./cli.sh help`

* Version

  Displays the version number of ASE

  **Syntax**

  `./cli.sh version`

* Status

  Displays the running status of ASE

  **Syntax**

  `./cli.sh status`

* Update Password

  Change ASE admin password

  **Syntax**

  `./cli.sh update_password -u admin - p`

* Change log level

  Change balancer.log and controller.log log level

  **Syntax**

  `./cli.sh log_level -u admin -p`

  **Options**

  `warn`, `info`, `error`, `fatal`, `debug`

* Get Authentication Method

  Display the current authentication method

  **Syntax**

  `./cli.sh get_auth_method -u admin -p`

* Update Authentication Method

  Update ASE authentication method

  **Syntax**

  `./cli.sh update_auth_method {method} -u admin -p`

* Enable Sideband Authentication

  Enable authentication between API gateway and ASE when ASE is deployed in sideband mode

  **Syntax**

  `./cli.sh enable_sideband_authentication -u admin – p`

* Disable Sideband Authentication

  Disable authentication between API gateway and ASE when ASE is deployed in sideband mode

  **Syntax**

  `./cli.sh disable_sideband_authentication -u admin – p`

* Create ASE Authentication Token

  Create the ASE token that is used to authenticate between the API gateway and ASE

  **Syntax**

  `./cli.sh create_sideband_token -u admin – p`

* List ASE Authentication Token

  List the ASE token that is used to authenticate between the API gateway and ASE

  **Syntax**

  `./cli.sh list_sideband_token -u admin – p`

* **Import ASE Authentication Token**

  Import ASE token that is used for authentication between ASE and API gateway. The token should be 32 character long, and the allowable characters in the token are: alphabets in small case and digits 0-9.

  **Syntax**

  `./cli.sh import_sideband_token {token} -u admin – p admin`

* Delete ASE Authentication Token

  Delete the ASE token that is used to authenticate between the API gateway and ASE

  **Syntax**

  `./cli.sh delete_sideband_token {token} -u admin – p`

* Enable Audit Logging

  Enable audit logging

  **Syntax**

  `./cli.sh enable_audit -u admin -p admin`

* Disable Audit Logging

  Disable audit logging

  **Syntax**

  `./cli.sh disable_audit -u admin -p admin`

* Add Syslog Server

  Add a new syslog server

  **Syntax**

  `./cli.sh –u admin -p admin add_syslog_server host:port`

* Delete Syslog Server

  Delete the syslog server

  **Syntax**

  `./cli.sh –u admin -p admin delete_syslog_server host:port`

* List Syslog Server

  List the current syslog server

  **Syntax**

  `./cli.sh –u admin -p admin list_syslog_server`

* Add API

  Add a new API file in JSON format. File should have `.json` extension. Provide the complete path where you have stored the API JSON file. After running the command, API is added to `/opt/pingindentity/ase/config/api` directory

  **Syntax**

  `./cli.sh –u admin -p admin add_api {config_file_path}`

* Update API

  Update an API after the API JSON file has been edited and saved

  **Syntax**

  `./cli.sh –u admin -p admin update_api {api_name}`

* List APIs

  Lists all APIs configured in ASE

  **Syntax**

  `./cli.sh –u admin -p admin list_api`

* API Info

  Displays the API JSON file

  **Syntax**

  `./cli.sh –u admin -p admin api_info {api_id}`

* API Count

  Displays the total number of APIs configured

  **Syntax**

  `./cli.sh –u admin -p admin api_count`

* Enable Per API Blocking

  Enables attack blocking for the API

  **Syntax**

  `./cli.sh –u admin -p admin enable_blocking {api_id}`

* Disable Per API Blocking

  Disable attack blocking for the API

  **Syntax**

  `./cli.sh –u admin -p admin disable_blocking {api_id}`

* Delete API

  Delete an API from ASE. Deleting an API removes the corresponding JSON file and deletes all the cookies associated with that API

  **Syntax**

  `./cli.sh –u admin -p admin delete_api {api_id}`

* **Generate Master Key**

  Generate the master obfuscation key `ase_master.key`

  **Syntax**

  `./cli.sh -u admin -p admin generate_obfkey`

* **Obfuscate Keys and Password**

  Obfuscate the keys and passwords configured in various configuration files

  **Syntax**

  `./cli.sh -u admin -p admin obfuscate_keys`

* **Create a Key Pair**

  Creates private key and public key pair in keystore

  **Syntax**

  `./cli.sh –u admin -p admin create_key_pair`

* **Create a CSR**

  Creates a certificate signing request

  **Syntax**

  `./cli.sh –u admin -p admin create_csr`

* **Create a Self-Signed Certificate**

  Creates a self-signed certificate

  **Syntax**

  `./cli.sh –u admin -p admin create_self_sign_cert`

* **Import Certificate**

  Import CA signed certificate into keystore

  **Syntax**

  `./cli.sh –u admin -p admin import_cert {cert_path}`

* **Create Management Key Pair**

  Create a private key for management server

  **Syntax**

  `/cli.sh –u admin -p admin create_management_key_pair`

* **Create Management CSR**

  Create a certificate signing request for management server

  **Syntax**

  `/cli.sh –u admin -p admin create_management_csr`

* **Create Management Self-signed Certificate**

  Create a self-signed certificate for management server

  **Syntax**

  `/cli.sh –u admin -p admin create_management_self_sign_cert`

* **Import Management Key Pair**

  Import a key-pair for management server

  **Syntax**

  `/cli.sh –u admin -p admin import_management_key_pair {key_path}`

* **Import Management Certificate**

  Import CA signed certificate for management server

  **Syntax**

  `/cli.sh –u admin -p admin import_management_cert {cert_path}`

* **Cluster Info**

  Displays information about an ASE cluster

  **Syntax**

  `./cli.sh –u admin -p admin cluster_info`

* **Delete Cluster Node**

  Delete and inactive ASE cluster node

  **Syntax**

  `./cli.sh –u admin -p admin delete_cluster_node host:port`

* **Enable Firewall**

  Enable API firewall. Activates pattern enforcement, API name mapping, manual attack type

  **Syntax**

  `./cli.sh –u admin -p admin enable_firewall`

* **Disable Firewall**

  Disable API firewall

  **Syntax**

  `./cli.sh –u admin -p admin disable_firewall`

* **Enable ASE detected attacks**

  Enable ASE detected attacks

  **Syntax**

  `./cli.sh –u admin -p admin enable_ase_detected_attack`

* **Disable ASE Detected Attacks**

  Disable API firewall

  **Syntax**

  `./cli.sh –u admin -p admin disable_ase_detected_attack`

* **Enable ABS**

  Enable ABS to send access logs to ABS

  **Syntax**

  `./cli.sh –u admin -p admin enable_abs`

* **Disable ABS**

  Disable ABS to stop sending access logs to ABS

  **Syntax**

  `./cli.sh –u admin -p admin disable_abs`

* **Adding Blacklist**

  Add an entry to ASE blacklist using CLI. Valid type values are: IP, Cookie, OAuth2 token, API Key, and username

  If type is ip, then Name is the IP address.

  If type is cookie, then name is the cookie name, and value is the cookie value

  **Syntax**

  `./cli.sh –u admin -p admin add_blacklist {type}{name}{value}`

  **Example**

  ```
  /cli.sh -u admin -p admin add_blacklist ip 1.1.1.1
  ```

* **Delete Blacklist Entry**

  Delete entry from the blacklist

  **Syntax**

  `./cli.sh –u admin -p admin delete_blacklist {type}{name}{value}`

  **Example**

  ```
  cli.sh -u admin -p delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35
  ```

* **Clear Blacklist**

  Clear all the entries from the blacklist

  **Syntax**

  `./cli.sh –u admin -p admin clear_blacklist`

* **View Blacklist**

  View the entire blacklist or view a blacklist for the specified attack type (for example, invalid\_method)

  **Syntax**

  `./cli.sh –u admin -p admin view_blacklist \{all\|manual\|abs_generated\|invalid_content_type\|invalid_method\|invalid_protocol\|decoy\|missing_token}`

* **View Blacklist for IP addresses with missing tokens**

  View the blacklist entries that are blocked due to missing tokens

  **Syntax**

  `./cli.sh view_blacklist missing_token -uadmin -padmin`

* **Adding Whitelist**

  Add an entry to ASE whitelist using CLI. Valid type values are: IP, cookie, OAuth2 token, API key, and username

  If type is IP, then name is the IP address.

  If type is cookie, then name is the cookie name, and value is the cookie value

  **Syntax**

  `./cli.sh –u admin -p admin add_whitelist {type}{name}{value}`

  **Example**

  ```
  /cli.sh -u admin -p admin add_whitelist api_key AccessKey 065f73cdf39e486f9d7cda97d2dd1597
  ```

* **Delete Whitelist Entry**

  Delete entry from the whitelist

  **Syntax**

  `./cli.sh –u admin -p admin delete_whitelist {type}{name}{value}`

  **Example**

  ```
  /cli.sh -u admin -p delete_whitelist token 58fcb0cb97c54afbb88c07a4f2d73c35
  ```

* **Clear Whitelist**

  Clear all the entries from the whitelist

  **Syntax**

  `./cli.sh –u admin -p admin clear_whitelist`

* **View Whitelist**

  View the entire whitelist

  **Syntax**

  `./cli.sh –u admin -p admin view_whitelist`

* **ABS Info**

  Displays ABS status information.

  ABS enabled or disabled, ASE fetching ABS attack types, and ABS cluster information

  **Syntax**

  `./cli.sh –u admin -p admin abs_info`