APMS Tool

CLI plugin for the UiPath Access Policy Management Service (APMS), surfaced as the ip-restriction command group.

Composed under admin-tool, so commands are invoked as uip admin ip-restriction <subject> <verb>.

Command tree

uip admin ip-restriction
├── ip-ranges
│   ├── list [--filter <fragment>]
│   ├── get [<id>] [--cidr <cidr>]
│   ├── create [--file <path> | --name --cidr [--cidr ...] | --name --start-ip --end-ip] [--expires <duration>]
│   ├── update <id> [--file <path> | --name | --cidr | --start-ip | --end-ip]
│   └── delete [<id>] [--cidr <cidr>] --confirm
├── enforcement
│   ├── get
│   ├── enable --confirm
│   └── disable
├── bypass-rules
│   ├── list [--filter <fragment>]
│   ├── get <id>
│   ├── create --file <path>
│   ├── update <id> [--file <path> | --regex-entry <pattern>]
│   └── delete <id>
└── my-ip

Subjects

• ip-ranges — list / get / create / update / delete IP range allowlist entries (CIDR or start/end IP).
• enforcement — get / enable / disable the singleton IP-range enforcement switch.
• bypass-rules — list / get / create / update / delete URL-pattern exceptions to IP allowlisting.
• my-ip — show the public IP the platform sees for the current caller.

Conventions

• Authenticated via uip login (or --s2s-token once wired through).
• Most mutating commands accept inline flags for common cases and --file <path> for full-body control. The two paths are mutually exclusive — pick one. bypass-rules create is file-only because the request has 4 required business fields.
• --filter <fragment> is a client-side, case-insensitive substring filter (on name for ip-ranges, on regexEntry/appName for bypass-rules).
• ip-ranges delete accepts either a positional UUID or --cidr <cidr> and runs a lockout-safety pre-flight when enforcement is enabled.
• enforcement enable runs an IP pre-flight (compares my-ip against the allowlist) before flipping the switch.