IAM

IAMPermission Groups

List Account Permission Groups

GET/accounts/{account_id}/iam/permission_groups

Permission Group Details

GET/accounts/{account_id}/iam/permission_groups/{permission_group_id}

ModelsExpand Collapse

PermissionGroupListResponse object { id, meta, name }

A named group of permissions that map to a group of operations against resources.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string

value: optional string

Name of the permission group.

PermissionGroupGetResponse object { id, meta, name }

A named group of permissions that map to a group of operations against resources.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string

value: optional string

Name of the permission group.

IAMResource Groups

List Resource Groups

GET/accounts/{account_id}/iam/resource_groups

Resource Group Details

GET/accounts/{account_id}/iam/resource_groups/{resource_group_id}

Create Resource Group

POST/accounts/{account_id}/iam/resource_groups

Update Resource Group

PUT/accounts/{account_id}/iam/resource_groups/{resource_group_id}

Remove Resource Group

DELETE/accounts/{account_id}/iam/resource_groups/{resource_group_id}

ModelsExpand Collapse

ResourceGroupListResponse object { id, scope, meta, name }

A group of scoped resources.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string

value: optional string

Name of the resource group.

ResourceGroupGetResponse object { id, scope, meta, name }

A group of scoped resources.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string

value: optional string

Name of the resource group.

ResourceGroupCreateResponse object { id, scope, meta, name }

A group of scoped resources.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string

value: optional string

Name of the resource group.

ResourceGroupUpdateResponse object { id, scope, meta, name }

A group of scoped resources.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string

value: optional string

Name of the resource group.

ResourceGroupDeleteResponse object { id }

id: string

Identifier

maxLength32

minLength32

IAMUser Groups

List User Groups

GET/accounts/{account_id}/iam/user_groups

User Group Details

GET/accounts/{account_id}/iam/user_groups/{user_group_id}

Create User Group

POST/accounts/{account_id}/iam/user_groups

Update User Group

PUT/accounts/{account_id}/iam/user_groups/{user_group_id}

Remove User Group

DELETE/accounts/{account_id}/iam/user_groups/{user_group_id}

ModelsExpand Collapse

UserGroupListResponse object { id, created_on, modified_on, 2 more }

A group of policies resources.

id: string

User Group identifier tag.

maxLength32

minLength32

created_on: string

Timestamp for the creation of the user group

formatdate-time

modified_on: string

Last time the user group was modified.

formatdate-time

Name of the user group.

policies: optional array of object { id, access, permission_groups, resource_groups }

Policies attached to the User group

id: optional string

Policy identifier.

access: optional "allow" or "deny"

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: optional array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string

value: optional string

Name of the permission group.

resource_groups: optional array of object { id, scope, meta, name }

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string

value: optional string

Name of the resource group.

UserGroupGetResponse object { id, created_on, modified_on, 2 more }

A group of policies resources.

id: string

User Group identifier tag.

maxLength32

minLength32

created_on: string

Timestamp for the creation of the user group

formatdate-time

modified_on: string

Last time the user group was modified.

formatdate-time

Name of the user group.

policies: optional array of object { id, access, permission_groups, resource_groups }

Policies attached to the User group

id: optional string

Policy identifier.

access: optional "allow" or "deny"

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: optional array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string

value: optional string

Name of the permission group.

resource_groups: optional array of object { id, scope, meta, name }

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string

value: optional string

Name of the resource group.

UserGroupCreateResponse object { id, created_on, modified_on, 2 more }

A group of policies resources.

id: string

User Group identifier tag.

maxLength32

minLength32

created_on: string

Timestamp for the creation of the user group

formatdate-time

modified_on: string

Last time the user group was modified.

formatdate-time

Name of the user group.

policies: optional array of object { id, access, permission_groups, resource_groups }

Policies attached to the User group

id: optional string

Policy identifier.

access: optional "allow" or "deny"

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: optional array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string

value: optional string

Name of the permission group.

resource_groups: optional array of object { id, scope, meta, name }

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string

value: optional string

Name of the resource group.

UserGroupUpdateResponse object { id, created_on, modified_on, 2 more }

A group of policies resources.

id: string

User Group identifier tag.

maxLength32

minLength32

created_on: string

Timestamp for the creation of the user group

formatdate-time

modified_on: string

Last time the user group was modified.

formatdate-time

Name of the user group.

policies: optional array of object { id, access, permission_groups, resource_groups }

Policies attached to the User group

id: optional string

Policy identifier.

access: optional "allow" or "deny"

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: optional array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string

value: optional string

Name of the permission group.

resource_groups: optional array of object { id, scope, meta, name }

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string

value: optional string

Name of the resource group.

UserGroupDeleteResponse object { id }

id: string

Identifier

maxLength32

minLength32

IAMUser GroupsMembers

List User Group Members

GET/accounts/{account_id}/iam/user_groups/{user_group_id}/members

Get User Group Member

GET/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}

Add User Group Members

POST/accounts/{account_id}/iam/user_groups/{user_group_id}/members

Update User Group Members

PUT/accounts/{account_id}/iam/user_groups/{user_group_id}/members

Remove User Group Member

DELETE/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}

ModelsExpand Collapse

MemberListResponse object { id, email, status }

Member attached to a User Group.

id: string

Account member identifier.

email: optional string

The contact email address of the user.

maxLength90

status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:

"accepted"

"pending"

MemberGetResponse object { id, created_at, email, 2 more }

Detailed member information for a User Group member.

id: string

Account member identifier.

created_at: optional string

When the member was added to the user group.

formatdate-time

email: optional string

The contact email address of the user.

maxLength90

status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:

"accepted"

"pending"

user: optional object { id, email, first_name, last_name }

Details of the user associated with this membership.

id: optional string

User identifier tag.

email: optional string

The contact email address of the user.

maxLength90

first_name: optional string

User’s first name.

last_name: optional string

User’s last name.

MemberCreateResponse object { id, email, status }

Member attached to a User Group.

id: string

Account member identifier.

email: optional string

The contact email address of the user.

maxLength90

status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:

"accepted"

"pending"

MemberUpdateResponse object { id, email, status }

Member attached to a User Group.

id: string

Account member identifier.

email: optional string

The contact email address of the user.

maxLength90

status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:

"accepted"

"pending"

MemberDeleteResponse object { id, email, status }

Member attached to a User Group.

id: string

Account member identifier.

email: optional string

The contact email address of the user.

maxLength90

status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:

"accepted"

"pending"

IAMSSO

Get all SSO connectors

GET/accounts/{account_id}/sso_connectors

Get single SSO connector

GET/accounts/{account_id}/sso_connectors/{sso_connector_id}

Initialize new SSO connector

POST/accounts/{account_id}/sso_connectors

Update SSO connector state

PATCH/accounts/{account_id}/sso_connectors/{sso_connector_id}

Delete SSO connector

DELETE/accounts/{account_id}/sso_connectors/{sso_connector_id}

Begin SSO connector verification

POST/accounts/{account_id}/sso_connectors/{sso_connector_id}/begin_verification

ModelsExpand Collapse

SSOListResponse object { id, created_on, email_domain, 4 more }

id: optional string

SSO Connector identifier tag.

maxLength32

minLength32

created_on: optional string

Timestamp for the creation of the SSO connector

formatdate-time

email_domain: optional string

enabled: optional boolean

updated_on: optional string

Timestamp for the last update of the SSO connector

formatdate-time

use_fedramp_language: optional boolean

Controls the display of FedRAMP language to the user during SSO login

verification: optional object { code, status }

code: optional string

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: optional "awaiting" or "pending" or "failed" or "verified"

The status of the verification code from the verification process.

One of the following:

"awaiting"

"pending"

"failed"

"verified"

SSOGetResponse object { id, created_on, email_domain, 4 more }

id: optional string

SSO Connector identifier tag.

maxLength32

minLength32

created_on: optional string

Timestamp for the creation of the SSO connector

formatdate-time

email_domain: optional string

enabled: optional boolean

updated_on: optional string

Timestamp for the last update of the SSO connector

formatdate-time

use_fedramp_language: optional boolean

Controls the display of FedRAMP language to the user during SSO login

verification: optional object { code, status }

code: optional string

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: optional "awaiting" or "pending" or "failed" or "verified"

The status of the verification code from the verification process.

One of the following:

"awaiting"

"pending"

"failed"

"verified"

SSOCreateResponse object { id, created_on, email_domain, 4 more }

id: optional string

SSO Connector identifier tag.

maxLength32

minLength32

created_on: optional string

Timestamp for the creation of the SSO connector

formatdate-time

email_domain: optional string

enabled: optional boolean

updated_on: optional string

Timestamp for the last update of the SSO connector

formatdate-time

use_fedramp_language: optional boolean

Controls the display of FedRAMP language to the user during SSO login

verification: optional object { code, status }

code: optional string

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: optional "awaiting" or "pending" or "failed" or "verified"

The status of the verification code from the verification process.

One of the following:

"awaiting"

"pending"

"failed"

"verified"

SSOUpdateResponse object { id, created_on, email_domain, 4 more }

id: optional string

SSO Connector identifier tag.

maxLength32

minLength32

created_on: optional string

Timestamp for the creation of the SSO connector

formatdate-time

email_domain: optional string

enabled: optional boolean

updated_on: optional string

Timestamp for the last update of the SSO connector

formatdate-time

use_fedramp_language: optional boolean

Controls the display of FedRAMP language to the user during SSO login

verification: optional object { code, status }

code: optional string

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: optional "awaiting" or "pending" or "failed" or "verified"

The status of the verification code from the verification process.

One of the following:

"awaiting"

"pending"

"failed"

"verified"

SSODeleteResponse object { id }

id: string

Identifier

maxLength32

minLength32

SSOBeginVerificationResponse object { errors, messages, success }

errors: array of object { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

messages: array of object { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

success: true

Whether the API call was successful.