Introduction

This is the NetFoundry Auth service

Overview

HTTP verbs

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP verbs.

Verb Usage

GET

Used to retrieve a resource

POST

Used to create a new resource

PUT

Used to update an existing resource, full updates only

DELETE

Used to delete an existing resource

The PATCH method is not used (yet).

HTTP status codes

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP status codes.

Status code Usage

200 OK

The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

201 Created

The request has been fulfilled and resulted in a new resource being created.

202 Accepted

The request has been accepted and is being processed asynchronously Standard response for successful HTTP requests which invoke back-end services.

204 No Content

The server successfully processed the request, but is not returning any content.

400 Bad Request

The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

401 Unauthorized

The request lacks valid authentication credentials for the target resource.

403 Forbidden

The request is authenticated with valid credentials however that set of credentials is not authorized to access this resource.

404 Not Found

The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.

Pagination

Paginated services will accept the following optional request parameters:

Table 1. Request parameters
Path Type Optional Description

page

Integer

true

Page you want to retrieve, 0 indexed and defaults to 0.

size

Integer

true

Size of the page you want to retrieve, defaults to 1000.

sort

String

true

Properties that should be sorted by in the format property,property(,ASC|DESC). Default sort direction is ascending. Use multiple sort parameters if you want to switch directions, e.g. ?sort=firstname&sort=lastname,asc.

Pagination response has following structure:

Table 2. Response structure
Path Type Optional Description

content

Array[Object]

false

Actual items.

totalElements

Integer

false

Total count.

totalPages

Integer

false

Total pages with current page size.

last

Boolean

false

If this page is the last one.

numberOfElements

Integer

false

Actual size of content array (number of items).

first

Boolean

false

If this page is the first one.

sort

Object

true

Sort information object.

size

Integer

false

Requested size of the page.

number

Integer

false

Page number.

empty

booloean

false

If this page is empty.

Authorization

Authorize

POST /auth

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

identityId

String

false

audience

String

false

claims

Map

false

Response fields

Path Type Optional Description

token

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/auth' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJsSDMyNUV0eDlOY3lVQU9uSjBxTGJRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjJhZTM1ZTFhLTQ3YWEtNDMzYS1hZTA4LWExZDViYWFiMDY5YSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjViYzljMGY4LTY1ZDktNDJlMS05YzdjLTE5OWQ3NmQ0YWVkYlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMTc4MjRkYWMtNTNjNS00YTkxLThiNGQtOTVhNTI0YzRjODMzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fSx7XCJpZFwiOlwiZmQyYjM3MGUtNWM4Yy00NTY5LWJmNjMtYzZjNTk4MTIxMGY2XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.OaoGCVDGoeZmKaQaFkFLOg1Pg7dBPfxegGRuinoK5kBA49l4GQMU0T6AVMsHWDK2jCaVTH00F4e0560mfNI06IE43I9U9Jp6M73rvUh3VRTSps3rkxZWNdBBvknDmpa9QrX0y8BFsCTezX2XsKsGVYujAoJySSRCZqWlb8Tbz1lQqQVtc_b1d1xrZbm2lhpEokSa0v5Wak_E_AGUjPx03HAj7Hqpoe0zQpeg-XwnCHf-mKmWmERxAZBK9J7WaXlvQGmihHWyCOr7UD5Zj7s1uJR2GOty5I-5wCYKZ-I9lBbf0EHJnAtHy67fIaikTzXDVHHf3o1r93vNb6hNpMs8TA' \
    -H 'Content-Type: application/json' \
    -d '{"identityId":"e7dfe880-3c9e-44de-9b76-5c17e813db2d","audience":"io.netfoundry.test","claims":{}}'

Example response

HTTP/1.1 200 OK
Content-Length: 2015
Content-Type: application/json;charset=UTF-8

{
  "token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImsxIn0.eyJqdGkiOiIzX1JKMG5QUEhTWjVIVVlGS3dIa0xnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImU3ZGZlODgwLTNjOWUtNDRkZS05Yjc2LTVjMTdlODEzZGIyZCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkudGVzdCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjMzMzc4LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcImMxNTViZGU2LWY4YzYtNDgxMi1hMDM3LTBlNDg0YTgwZDVhMlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMTc4MjRkYWMtNTNjNS00YTkxLThiNGQtOTVhNTI0YzRjODMzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fSx7XCJpZFwiOlwiZmQyYjM3MGUtNWM4Yy00NTY5LWJmNjMtYzZjNTk4MTIxMGY2XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjp0ZXN0czoqOmZvb3M6KiJdLCJhY3Rpb25zIjpbInRlc3RzOmNyZWF0ZS1mb28iXX1dfQ.fJkGJrbIDQQOdvkn65U4Qxdlw2nyaiehF5txB6-TsDfbd09fcYQdh_ZDnZ337pS_aJYjeANWzQjnFU_a_QpVH8ZHHAwc5am_a3BTnLilsbm6_htjqYYiKm2P9zKl1Z5-lmpdkGH5oMT1B1rnM6cxf2_p06bYj6XGymc1r8mbcmXVMpoXuz6FD1jfRxHvJzO79JuNQdYSE2E-p7XBnSCGZizuKZJmyWXmtZJfinp7dXGSpPRurLqpfIUNvxaUVhIrf_0CnhbjsZZArgwrP6zo_j5qQ3LIJ0z87KsZckWk3z5JF42Dgzt4X0ZnfqF4o6h59wykXqDHqsW-DIMUHRbMuw"
}

Core Authorization Resources

Domains

Find Domains

GET /domains

Returns a set of {@link Domain}s that the client is authorized to read.

Authorization

This endpoint requires read action on the domain resource type.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].name

String

false

A human friendly name which can be used for UX purposes.

Size must be between 1 and 256 inclusive.

[].code

String

false

A globally unique value that can be used by code to namespace other values which only have to be unique within a domain, such as a resource’s key. This value must be formatted as an inverse domain name. For example, "io.netfoundry.authorization" for the colloquial 'authorization' domain.

Must match the regular expression [0-9a-zA-Z.]+.
Size must be between 1 and 128 inclusive.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link Domain} was created.

[].updatedAt

String

false

The date-time at which this {@link Domain} was updated. The only supported 'update' on this bean is to mark it as deleted.

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/domains' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI4MmRlc0pMR0RyZVJDcWRhRXROV01BIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImQ2NDMyOWY1LTU3ZTktNDFmNC1hNGI1LThhNmFhNTU5NjMwYyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiOTJiMWQ2NTctNmExNy00NzEzLWI4ZWYtODFiYTJiYjI4ZDQxXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Vxn7mX_ukRJ8IZTwfjloLsTFtARsRFwiujR37WfMO17F2GdRr_66h4aQ9b3wPEii0H92kguziVNzT6szJIx5SkdCz8_xZjp_kDCoI9ExniMh8H9SsAK82XsQ9Jla8W8Pg0IlavRfQplpL_AyixbMX-ETqvvcxQ_pyOIG_Onoj8Lz89tlCG2f2P41MF3nNL3a2max7EkGkJoaluVzP3mzYKve39-Ua6dBmkeTht_50dykakdmdZ1PkTgT68L2f6ezyaEPeIEsFDzaZmrKkU5J9xIXEPOuB2lSDExl6f3UqqFUezmxhtU3vuIQoWiDYGS5KGVIzEX6l8NVZRcIdrpETw'

Example response

HTTP/1.1 200 OK
Content-Length: 875
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "017c5c7b-ed78-43d0-9ec7-781484a1d356",
  "name" : "Networks",
  "code" : "io.netfoundry.network",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.447971Z",
  "updatedAt" : "2020-11-24T15:51:13.447971Z",
  "_title" : "Networks"
}, {
  "id" : "4ca283e3-a198-4cff-8c1e-ca0850929529",
  "name" : "Test Domain 20",
  "code" : "test.domain.20",
  "createdBy" : "e09dd1a6-03cf-4f4f-8ca1-9c2fa38198df",
  "createdAt" : "2020-11-24T15:51:17.137624Z",
  "updatedAt" : "2020-11-24T15:51:17.137624Z",
  "_title" : "Test Domain 20"
}, {
  "id" : "b14d077d-d642-42af-a394-82d5d767d155",
  "name" : "Authorization",
  "code" : "io.netfoundry.auth",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.616026Z",
  "updatedAt" : "2020-11-24T15:51:13.616026Z",
  "_title" : "Authorization"
} ]

Get Domain

GET /domains/{idOrCode}

Authorization

This endpoint requires read action on the domain resource type.

Path parameters

Parameter Type Optional Description

idOrCode

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

A human friendly name which can be used for UX purposes.

Size must be between 1 and 256 inclusive.

code

String

false

A globally unique value that can be used by code to namespace other values which only have to be unique within a domain, such as a resource’s key. This value must be formatted as an inverse domain name. For example, "io.netfoundry.authorization" for the colloquial 'authorization' domain.

Must match the regular expression [0-9a-zA-Z.]+.
Size must be between 1 and 128 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link Domain} was created.

updatedAt

String

false

The date-time at which this {@link Domain} was updated. The only supported 'update' on this bean is to mark it as deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/domains/f7b22610-5fc4-4273-bd40-c8946c89bd77' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJWRFgxdC0wTjF0Vy1UNU9ac05mV0FRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjhkMDcyNzdkLTlhN2MtNDM0OS05MzdiLTE1ODkwMGE2ZDA4ZiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYzdhNzVhNTgtNmJmOC00MjAwLWFjZDItZTNkY2E5MWViMzA0XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.daDWKQkoHVa-9kzKCZZeFMwJ1EDQ_kzxuBVZaR0-HVhs1uIGaCExoKJYNAHEhM42gygZtyU2nB7BaiZr9pMverBNBoI7NDcmMLOqZTvnjrQtM4fVjgnyxHHtU0s4MKmfqL6oD-Df8z8reCSwAYjmYKuYfOzfG1MqhPgFXbe3KAh-M9joIBJFFwzOXyE_1Sw6_x8rn-ZxkdyRSVyPa8Jcxk0DFbsGMbbCkttbENQ50HUXkxG8GURGnCfZbto2WN10L_poTR1JzhERJMYgY3pssSWLJ1nrgthT4KwYZ8SLiSRsAsb6aWiH9frXLHfZVfwZzP297esrrgExOwxOaZsEUg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 288

{
  "id" : "f7b22610-5fc4-4273-bd40-c8946c89bd77",
  "name" : "Test Domain",
  "code" : "io.netfoundry.test",
  "createdBy" : "69b70f11-c975-49e8-9f2d-d4dd7864b75f",
  "createdAt" : "2020-11-24T15:51:15.253323Z",
  "updatedAt" : "2020-11-24T15:51:15.253323Z",
  "_title" : "Test Domain"
}

Get Domain

GET /domains/{idOrCode}

Authorization

This endpoint requires read action on the domain resource type.

Path parameters

Parameter Type Optional Description

idOrCode

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

A human friendly name which can be used for UX purposes.

Size must be between 1 and 256 inclusive.

code

String

false

A globally unique value that can be used by code to namespace other values which only have to be unique within a domain, such as a resource’s key. This value must be formatted as an inverse domain name. For example, "io.netfoundry.authorization" for the colloquial 'authorization' domain.

Must match the regular expression [0-9a-zA-Z.]+.
Size must be between 1 and 128 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link Domain} was created.

updatedAt

String

false

The date-time at which this {@link Domain} was updated. The only supported 'update' on this bean is to mark it as deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/domains/io.netfoundry.test' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyZVFjNXBNbnVpbUU5bDQzNHh3YjRBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6Ijc5NTljODQxLTQyNDEtNDYwYS05MDRkLWJlYmJjM2NmYTY1MiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYzZhMzNlMDEtODNkZi00OTc2LTgwMTItY2ZlZjk5MDA3NDBiXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Uk7uHZplt4BkBP5CyXMs1wNZXmh3w2EFg7XtWx9Z9qZDUw7fiXNmE3_agiCPG165E_oMhMMjAr4FhyUySbZCOdDl_2Iv0nrwdMDCTScMCoBXf_t-EWIRcJQSVHz2m2jvFIgLzEuQXKofzY4vh0TR2Clp-lpsSoJ0tCMfeb59Z5uH8yiQVrjwDyHE0bIczlihmA4vHTxHlfVNPFOv5l420-S8PXyH8vZJcf0EDx_vgg-qatPFHjzrM0ebi_pcD1K1uIA8H5v2CRvxVkolFnMBtvtLNi3V0jvoEAulZAGb26ZtcklQhIGSNG2k_Nwn5rDBvhXYh2BIDwR8cl759J92jg'

Example response

HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json;charset=UTF-8
Content-Length: 288

{
  "id" : "f7b22610-5fc4-4273-bd40-c8946c89bd77",
  "name" : "Test Domain",
  "code" : "io.netfoundry.test",
  "createdBy" : "69b70f11-c975-49e8-9f2d-d4dd7864b75f",
  "createdAt" : "2020-11-24T15:51:15.253323Z",
  "updatedAt" : "2020-11-24T15:51:15.253323Z",
  "_title" : "Test Domain"
}

Create Domain

POST /domains

Authorization

This endpoint requires create action on the domain resource type.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

false

Size must be between 1 and 256 inclusive.

code

String

false

Must match the regular expression [0-9a-zA-Z.]+.
Size must be between 1 and 128 inclusive.

Response fields

Path Type Optional Description

id

String

false

name

String

false

A human friendly name which can be used for UX purposes.

Size must be between 1 and 256 inclusive.

code

String

false

A globally unique value that can be used by code to namespace other values which only have to be unique within a domain, such as a resource’s key. This value must be formatted as an inverse domain name. For example, "io.netfoundry.authorization" for the colloquial 'authorization' domain.

Must match the regular expression [0-9a-zA-Z.]+.
Size must be between 1 and 128 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link Domain} was created.

updatedAt

String

false

The date-time at which this {@link Domain} was updated. The only supported 'update' on this bean is to mark it as deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/domains' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJISHN3MVg0LUlidlhyVm9CdkFldDdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjQ4MzUyZmJjLTM0OWMtNDlmYy04ZjUxLTE5NjlmNzFmN2Y1MiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNWI5ZTY3YjQtZmE4Ny00YzhlLTk3MzYtYzYwZDU1NzE3Y2NmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Xi2fw60a8IS6ejKSD5_ECXyt91mGgW5m4vQEpAQBAXRspyTZJSWuWOrfrbrbWtc4G7n146Ta45yAGkXqibMvXzWL0DKFV1Z5zJsuCvyqgSoZ5xTALVOv3WGpPNhSKVn__q2rOyPiRHIH-Z5peAwqoSXctyXlXHC9jd2nBF6Oxkr3NhEJcEHZ4EBm2fxu6NFxgteJUYpLUZbpqCT8W_b5vzSDcN0EDmHGrCI-t5ZEj-nhuNTs450q8I51fWnZ8cMfbfzfiF2-Ij3Thvx2trqhcGRipGiT4MYspcymWKVqq2_CNfnEIbHPyFHvuPnnhxOYtR-4x8mnQI3a8oDdeg6mvg' \
    -H 'Content-Type: application/json' \
    -d '{"name":"Other Test Domain","code":"other.test.domain"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 299

{
  "id" : "6c2be12c-2641-4ae7-bc6f-14c53e3560a1",
  "name" : "Other Test Domain",
  "code" : "other.test.domain",
  "createdBy" : "48352fbc-349c-49fc-8f51-1969f71f7f52",
  "createdAt" : "2020-11-24T15:51:17.598973Z",
  "updatedAt" : "2020-11-24T15:51:17.598973Z",
  "_title" : "Other Test Domain"
}

Resource Types

Find Resource Types

GET /resource-types

Returns a set of {@link ResourceType}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the resource-type resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

domainId

Object

true

Filters results to those that are in one of the specified {@link Domain}s.

code

Object

true

Filters results to those matching one of the specified codes.

parentId

Object

true

Filters results to those that are an immediate child of one of the specified {@link ResourceType}s.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].domainId

String

false

The id of the domain within which this {@link ResourceType} exists.

[].name

String

false

The human friendly name of this {@link ResourceType}.

Size must be between 1 and 256 inclusive.

[].code

String

false

A unique value (within the domain) that can be used by code as a reference to this resource type. These values should almost always be the simple type name of the resource class, such as "BillingAccount".

Must match the regular expression [0-9a-zA-Z-]+.
Size must be between 1 and 64 inclusive.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link ResourceType} was created.

[].updatedAt

String

false

The date-time at which this {@link ResourceType} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].parentId

String

true

Returns the id of the parent {@link ResourceType} or null if this is a root.

[].childrenIds

Array[Object]

true

Returns the id of {@link ResourceType}s that are children of this.

[].depth

Integer

true

Returns the depth of this {@link ResourceType} within the tree, where a root {@link ResourceType} has a depth of 0.

[].root

Boolean

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resource-types' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJIOVVNd0pwamc4N25xTUxjQUo5dUJBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImEzYjA2ODczLTY3NDEtNDIxOC04OTgwLTRjYzRhNDBlMWUwZiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYjYxOWRlMjktZTYyNy00OWU1LWFlYmItNDFiYTM3NzhmMTBiXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.fq2VrkIEjavQUO_8YhsgEFJVQubGpfd55RIO6NNGagx_MyK3WxhHDFTfL-ohuweHei88mk0TC79BXPzW2fstTJ2YomlfEXd_1oArLAgqa_jzbZ0IjOYKrr2f7cf13aCtuN4IvJ4IFmeINn75gynlIList6TOj9WyoBwtvblffWclNcBLOr2N8doaME3Qv2uTTDeJYgIrr8VUq5EKmZE3cXkDOlPbnq-BO7siIzrlsQ31vAfqAL5CObvnmfS4gbtPfzQrXE4K-2mt4cB8t-sZO1eiIzXh6XUiedj0uCXopFZchuKzfcT6Mr54bSfLpT3wX41oi_sj3DkIK6GrZg2OBA'

Example response

HTTP/1.1 200 OK
Content-Length: 1397
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "ffa9b9b0-c35d-4652-befc-49c03a2989a5",
  "domainId" : "017c5c7b-ed78-43d0-9ec7-781484a1d356",
  "name" : "Posture Check",
  "code" : "posture-check",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.944278Z",
  "updatedAt" : "2020-11-24T15:51:13.944278Z",
  "parentId" : "b31936dc-3c48-4eef-acbf-5faa4aaae941",
  "childrenIds" : [ ],
  "depth" : 2,
  "root" : false,
  "_title" : "Posture Check"
}, {
  "id" : "1c0c70b9-9418-4689-9ba6-4357cd2cfb62",
  "domainId" : "b14d077d-d642-42af-a394-82d5d767d155",
  "name" : "Custom Role Action",
  "code" : "custom-role-action",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.617524Z",
  "updatedAt" : "2020-11-24T15:51:13.617524Z",
  "parentId" : "d3f1b18b-b2fb-41df-8ea6-074208653bda",
  "childrenIds" : [ ],
  "depth" : 1,
  "root" : false,
  "_title" : "Custom Role Action"
}, {
  "id" : "31326371-05e9-41f8-98f2-1d0645302994",
  "domainId" : "017c5c7b-ed78-43d0-9ec7-781484a1d356",
  "name" : "Edge Router Policy",
  "code" : "edge-router-policy",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.739266Z",
  "updatedAt" : "2020-11-24T15:51:13.739266Z",
  "parentId" : "b31936dc-3c48-4eef-acbf-5faa4aaae941",
  "childrenIds" : [ ],
  "depth" : 2,
  "root" : false,
  "_title" : "Edge Router Policy"
} ]

Get Resource Type

GET /resource-types/{id}

Authorization

This endpoint requires read action on the resource-type resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

domainId

String

false

The id of the domain within which this {@link ResourceType} exists.

name

String

false

The human friendly name of this {@link ResourceType}.

Size must be between 1 and 256 inclusive.

code

String

false

A unique value (within the domain) that can be used by code as a reference to this resource type. These values should almost always be the simple type name of the resource class, such as "BillingAccount".

Must match the regular expression [0-9a-zA-Z-]+.
Size must be between 1 and 64 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link ResourceType} was created.

updatedAt

String

false

The date-time at which this {@link ResourceType} was updated. The only supported 'update' on this bean is to mark it as deleted.

parentId

String

true

Returns the id of the parent {@link ResourceType} or null if this is a root.

childrenIds

Array[Object]

true

Returns the id of {@link ResourceType}s that are children of this.

depth

Integer

true

Returns the depth of this {@link ResourceType} within the tree, where a root {@link ResourceType} has a depth of 0.

root

Boolean

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resource-types/c61d3c25-bcaa-4aee-9f07-1d8b371a534a' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiandzcEVDRmNtOU1JMzA0cU5XVi1RIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjJkYTE1MzgyLTI5M2UtNDI0ZS1hZjhhLWVmMzMzOWYxMzM2MyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNzk0ZTUwMDUtY2Q5Ni00MzlmLWI5NTUtNTYyYjAyN2IwMjNlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.G10L5S1IEJrGhsIVSkOgi0nsOgRVSVNtI8I_fQebi9vSjRCfPoFyrqC-S6k8SJW9bpudGUI5pFPcAYqzz7TFS9l8TczpQttxq26exx-8ROaRFaO6ttDwPKa-pdF4squGIrKA-H25YzC3yNT1TNUPxwHEcgVKHdksGD-gyhjVaVniKlmp7X7tqNvGiH50djcKBI0ejdlPk3WtEque8L1lfXjFjDona7ncbIoJ-TlxEhXDCt_1EpkS6WMdnZ2FiMMPITYOw1Dc2X_rdmIk9y-FOXBFEXzzn8YLT2OMvZLdlPDcFksCQQLNefJgUuWtGkT-YClLzgk_lssn186VUcop0A'

Example response

HTTP/1.1 200 OK
Content-Length: 406
Content-Type: application/json;charset=UTF-8

{
  "id" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a",
  "domainId" : "f7b22610-5fc4-4273-bd40-c8946c89bd77",
  "name" : "Test Type",
  "code" : "test-type",
  "createdBy" : "86ea328f-31e8-49e1-b38b-4cf337abdbf8",
  "createdAt" : "2020-11-24T15:51:15.266444Z",
  "updatedAt" : "2020-11-24T15:51:15.266444Z",
  "parentId" : null,
  "childrenIds" : [ ],
  "depth" : 0,
  "root" : true,
  "_title" : "Test Type"
}

Create Resource Type

POST /resource-types

Authorization

This endpoint requires the following actions:

  • create action on the resource-type resource type

  • read action on the domain resource type

  • read action on the resource-type resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

domainId

String

false

Client must have create action under the annotated resource.
Client must have read action on the annotated resource.

parentId

String

true

Client must have read action on the annotated resource.

resourceType

Object

false

resourceType.name

String

false

Size must be between 1 and 256 inclusive.

resourceType.code

String

false

Must match the regular expression [0-9a-zA-Z-]+.
Size must be between 1 and 64 inclusive.

resourceType.children

Array[Object]

true

Response fields

Path Type Optional Description

id

String

false

domainId

String

false

The id of the domain within which this {@link ResourceType} exists.

name

String

false

The human friendly name of this {@link ResourceType}.

Size must be between 1 and 256 inclusive.

code

String

false

A unique value (within the domain) that can be used by code as a reference to this resource type. These values should almost always be the simple type name of the resource class, such as "BillingAccount".

Must match the regular expression [0-9a-zA-Z-]+.
Size must be between 1 and 64 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link ResourceType} was created.

updatedAt

String

false

The date-time at which this {@link ResourceType} was updated. The only supported 'update' on this bean is to mark it as deleted.

parentId

String

true

Returns the id of the parent {@link ResourceType} or null if this is a root.

childrenIds

Array[Object]

true

Returns the id of {@link ResourceType}s that are children of this.

depth

Integer

true

Returns the depth of this {@link ResourceType} within the tree, where a root {@link ResourceType} has a depth of 0.

root

Boolean

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resource-types' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJPdGJnNm0zdFVwOGdBSy1uckxoRUtnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjBkMjIyYjc0LWFlNTEtNGRkOC1iNjhkLTRhNzE3MTllNTBkMyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZWFmN2ZjODUtZmYwNi00ZWYxLWEzOTktOGEzM2VhMTc4OGJjXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fSx7XCJpZFwiOlwiZWNhNmFmYmEtYWE1Ni00Y2ZkLTljOTgtYzU2YjYwNTFlM2I1XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fSx7XCJpZFwiOlwiYTFmZmYyYTQtMmJlOC00OTQ2LThmMWItN2JjYWM1NzZmNjAwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.H-pc1s1EzxJGLgj2lwKRkNKYzzGrmkqDByFTY0m2vIVbmwEXWaZPOwqDU3USPASaYd9F_sQxuZaHXO_ZUn7G7bjv_4e4sNFSKhifFUOE5qknoF20vmJaD9hcXD_hMiBFv0mPSz7enUnV94QgKttX35WED_Jpf1iEErcoXAFulsaBVWGSqKJMKJ5QWLuivsVII96WIh0Fbk-4VPuG6-1qDYXwbAq_iz86gfQAlWeHSjiSuJuqX8bDcgRY0oavEuXyrTeq63vIlr5dWCOqcobay2_3jofdCGKi26jnjTo2OMAMnzDlKS3w0pk5q9bG0HYejSFJc8lTSdFAb7098uM0Qg' \
    -d '{"domainId":"f7b22610-5fc4-4273-bd40-c8946c89bd77","parentId":"c61d3c25-bcaa-4aee-9f07-1d8b371a534a","resourceType":{"name":"Another Test Type","code":"anoter-test-type","children":[]}}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 464

{
  "id" : "4a2ffa08-9e68-4b9b-aef7-5f70ab8837fe",
  "domainId" : "f7b22610-5fc4-4273-bd40-c8946c89bd77",
  "name" : "Another Test Type",
  "code" : "anoter-test-type",
  "createdBy" : "0d222b74-ae51-4dd8-b68d-4a71719e50d3",
  "createdAt" : "2020-11-24T15:51:19.199336Z",
  "updatedAt" : "2020-11-24T15:51:19.199336Z",
  "parentId" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a",
  "childrenIds" : [ ],
  "depth" : 1,
  "root" : false,
  "_title" : "Another Test Type"
}

Resource Actions

Find Resource Actions

GET /resource-actions

Returns a set of {@link ResourceAction}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the resource-action resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

code

Object

true

Filters results to those matching one of the specified codes.

resourceTypeId

Object

true

Filters results to those that apply to one of the {@link ResourceType}s specified.

domainId

Object

true

Filters results to those that are in one of the specified {@link Domain}s.

customRoleId

Object

true

Filters results to those that are granted by one of the specified {@link CustomRole}s. Only non-deleted {@link CustomRoleAction}s are considered.

standardRoleTypeId

Object

true

Filters results to those that are included in one of the specified {@link StandardRoleType}s.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].resourceTypeId

String

false

The type of resource that this {@link ResourceAction} applies to.

[].name

String

false

A human friendly name for this action. This should be a verb only, such as "Create", "Grant", "Remove", "Activate", "Update", "Delete", etc. This can contain more than one word, and spaces are permitted and encouraged if more than one word is present. Words should be initial-caps. This value will be appended with the names of other entities, such as a resource type name, in order to compute names for the composition of this with another entity. For example, if this action is "Create" and it is composed with a resource type named "Network", then the resulting composition may be named "Create Network".

Size must be between 1 and 256 inclusive.

[].code

String

false

Used by code as a reference to this action. These values should almost always be a simple verb such as "create", "update", "grant", "fetch", etc. Lower-case and hyphen separation of words is encouraged. Since this is used by code, the key value have a limited alphabet of letters, numbers, and hyphens. This value must be unique among the set of {@link ResourceAction}s targeting the same resource type.

Must match the regular expression [0-9a-zA-Z-]+.
Size must be between 1 and 64 inclusive.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link ResourceAction} was created.

[].updatedAt

String

false

The date-time at which this {@link ResourceAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].standardAction

Boolean

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resource-actions' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwTzZQbmFJSDVmWWVESThUZHJhQ1VnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjE1NjZlN2VjLTE5YjQtNGY4Yi1hYTkwLWRkODllMmJkZDEzZiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYjQzZjVkYjgtMzYzMC00MjM1LTg1M2MtMmFkYjE2ZmFjYjMwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.A7YHg-rn8h3DhXOj-V7bSASlfzYB5pa6cz7qltEUmmzDKpgepfHTYfVFLQ-ZIOOUd9pKu683Gp5s4y5Z7p-qNg7HLLICCrg7zT4219GF-LYgO7mqbmHG0dRbeWq9cbBChbuRresCY-lZ6RuP8_2uozLigUJEiR3aIhFLiEffwDKiICSkSFZTP6mJ-5txJTFrIVuD0qxMhNMhswvnpkA8eA0PGGkV4sR9oT27EjLBHgIhhSNJf0tW3vW8Qg3tgDlqdZatzUcZfCMU40QflusD9MjC3aFhymf4Qh5VHYM4SIQ4z8q7zItqzLdtYJGr1jwOMJXaMiuaGACNyGD11VcyxA'

Example response

HTTP/1.1 200 OK
Content-Length: 1114
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "a0a0e66f-b557-4f16-8e17-31ae6a1ade00",
  "resourceTypeId" : "ffc55ef6-4734-40a6-bde6-d2728fd65142",
  "name" : "Create",
  "code" : "create",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.572280Z",
  "updatedAt" : "2020-11-24T15:51:13.572280Z",
  "standardAction" : true,
  "_title" : "Create Support Path"
}, {
  "id" : "1cee6428-ea1f-4bc8-aee4-bd7266a5341b",
  "resourceTypeId" : "4b31572d-e2ae-41fa-95cb-0eb1d7589996",
  "name" : "Create",
  "code" : "create",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.619453Z",
  "updatedAt" : "2020-11-24T15:51:13.619453Z",
  "standardAction" : true,
  "_title" : "Create Standard Role Type"
}, {
  "id" : "e6a226bf-8c1a-4789-b6ef-f99cc7a22b7b",
  "resourceTypeId" : "4b99608f-df13-4bb1-90db-148160a7e852",
  "name" : "Create",
  "code" : "create",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.453487Z",
  "updatedAt" : "2020-11-24T15:51:13.453487Z",
  "standardAction" : true,
  "_title" : "Create Data Center"
} ]

Get Resource Action

GET /resource-actions/{id}

Authorization

This endpoint requires read action on the resource-action resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

resourceTypeId

String

false

The type of resource that this {@link ResourceAction} applies to.

name

String

false

A human friendly name for this action. This should be a verb only, such as "Create", "Grant", "Remove", "Activate", "Update", "Delete", etc. This can contain more than one word, and spaces are permitted and encouraged if more than one word is present. Words should be initial-caps. This value will be appended with the names of other entities, such as a resource type name, in order to compute names for the composition of this with another entity. For example, if this action is "Create" and it is composed with a resource type named "Network", then the resulting composition may be named "Create Network".

Size must be between 1 and 256 inclusive.

code

String

false

Used by code as a reference to this action. These values should almost always be a simple verb such as "create", "update", "grant", "fetch", etc. Lower-case and hyphen separation of words is encouraged. Since this is used by code, the key value have a limited alphabet of letters, numbers, and hyphens. This value must be unique among the set of {@link ResourceAction}s targeting the same resource type.

Must match the regular expression [0-9a-zA-Z-]+.
Size must be between 1 and 64 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link ResourceAction} was created.

updatedAt

String

false

The date-time at which this {@link ResourceAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

standardAction

Boolean

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resource-actions/830173d3-74dc-4f83-9feb-4879f8ba6df7' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJZWmhiLW52WUJra0pSTGppTW14TWhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImNkN2UyZmNiLWExYTYtNDliZC04MTMxLWM0NDIyN2EwM2M5MiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYzFkNjU4N2YtMmIxNy00NjRkLWExYTYtZTk2MTJkZDc4YjI4XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.FUtY53ma_q6Vt_5cvwtR0a7QzB9Mw07ykN24jrvTCjigw_vAvcs4IL-zWqi7XdJ_etpg6ACP6KU6ILRU2gafhttlTcxH5HREpBW7UsUu2Vk_ZzvYHvpwfeMTppJ0AvgECIsZ6jweKgUHTDhfQmO6zNlod0vyDhPCtVTW1dx3I9FI_hxQoWomz2QgAm_zdH3m9FdCOlW0yhVStm1iCJLjjIIIDiVP5CzRf78Kz-LMBEmdZe60x1tcxRc7j7LT3nNmSgjvMa2JZeSg0Dj2NpfDlNWWWPDWvwoV74kHWC4DNt8pTURfuMp4R03V4KTYLzepCV-1mFMMeM8T18waQF68hQ'

Example response

HTTP/1.1 200 OK
Content-Length: 380
Content-Type: application/json;charset=UTF-8

{
  "id" : "830173d3-74dc-4f83-9feb-4879f8ba6df7",
  "resourceTypeId" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a",
  "name" : "Test Action",
  "code" : "test-action",
  "createdBy" : "4f59dc6a-3443-4b8c-8ef9-6d6aa2a482ba",
  "createdAt" : "2020-11-24T15:51:15.269337Z",
  "updatedAt" : "2020-11-24T15:51:15.269337Z",
  "standardAction" : false,
  "_title" : "Test Action Test Type"
}

Create Resource Action

POST /resource-actions

Authorization

This endpoint requires the following actions:

  • create action on the resource-action resource type

  • read action on the resource-type resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

resourceTypeId

String

false

Client must have create action under the annotated resource.
Client must have read action on the annotated resource.

actions

Array[Object]

false

actions[].name

String

false

actions[].code

String

false

Response fields

Path Type Optional Description

[].id

String

false

[].resourceTypeId

String

false

The type of resource that this {@link ResourceAction} applies to.

[].name

String

false

A human friendly name for this action. This should be a verb only, such as "Create", "Grant", "Remove", "Activate", "Update", "Delete", etc. This can contain more than one word, and spaces are permitted and encouraged if more than one word is present. Words should be initial-caps. This value will be appended with the names of other entities, such as a resource type name, in order to compute names for the composition of this with another entity. For example, if this action is "Create" and it is composed with a resource type named "Network", then the resulting composition may be named "Create Network".

Size must be between 1 and 256 inclusive.

[].code

String

false

Used by code as a reference to this action. These values should almost always be a simple verb such as "create", "update", "grant", "fetch", etc. Lower-case and hyphen separation of words is encouraged. Since this is used by code, the key value have a limited alphabet of letters, numbers, and hyphens. This value must be unique among the set of {@link ResourceAction}s targeting the same resource type.

Must match the regular expression [0-9a-zA-Z-]+.
Size must be between 1 and 64 inclusive.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link ResourceAction} was created.

[].updatedAt

String

false

The date-time at which this {@link ResourceAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].standardAction

Boolean

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resource-actions' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxMGJJWk1OS29STV9xQllQRUh5MGh3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZiMzNjMTUxLWEyMTEtNGJjOC04NGExLTUyNGYwZWFmMTgwNyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiMTljMDZhMTgtNmI1YS00NGFhLWE1MjYtZDg0NTJhZWE1MDg1XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fSx7XCJpZFwiOlwiNzdjYzc5OWYtNGQzMC00NzdhLTkwN2YtYWE0MzBhMGI2ZWJkXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.ECeM-59-DiCPpZwDWIt0wAg4MLNTFcr-M1ehv0g7iKsFR7w-YDuwniYYXI2DA6fIM0cdGNJviwi1JiGM6qc6Xl0iuA-dNRSB76vvHB5WxC_o6H9fHnWXIMjhrQ3S1O9LVxIafHOpcx2NpRueSBdoJCpslMN2u-P9lwnAUJfNT9lDgn8Oa-aqocRYkQaYdj9J8_LW-l11_0eWPMdMerXAcdFacL72HK2Sbic1jeyRy_7GfsFQBicQvbVkyscziDyV-wMm1L3bO9JXsK5O0CPdzQorMjEKXYINwhi3gnRWy7nGXOeFtc5wyur7DO3ac0wU91ztYSxIk72GN6RZA6c7-A' \
    -H 'Content-Type: application/json' \
    -d '{"resourceTypeId":"c61d3c25-bcaa-4aee-9f07-1d8b371a534a","actions":[{"name":"Update Custom","code":"update-custom"}]}'

Example response

HTTP/1.1 200 OK
Content-Length: 390
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "97abb33a-611f-42fb-9983-5906b405d380",
  "resourceTypeId" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a",
  "name" : "Update Custom",
  "code" : "update-custom",
  "createdBy" : "fb33c151-a211-4bc8-84a1-524f0eaf1807",
  "createdAt" : "2020-11-24T15:51:17.259579Z",
  "updatedAt" : "2020-11-24T15:51:17.259579Z",
  "standardAction" : false,
  "_title" : "Update Custom Test Type"
} ]

Authorization Grants

Grants (abstract)

Find Grants

GET /grants

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

grantType

Object

true

identityId

Object

true

resourceActionId

Object

true

path

Object

true

Request fields

No request body.

Response fields

Path Type Optional Description

[].grantType

String

true

The concrete type that this virtual {@link Grant} is based upon. Never null.

Must be one of [CustomRole, IdentityResourceAction, PublicGrant, SuperUser].

[].grantId

String

true

The id of the concrete grant resource on which this virtual {@link Grant} is based. If the grant type has separate resources for the grant and the privileges, then this will reference the grant resource (the resource with an identity id.) Never null.

[].privilegeSourceId

String

true

The id of the concrete {@link PrivilegeSource} from which this grant is based. Some grant types combine the grant and privilege aspects into a single resource. For example, a {@link SuperUser} is both a grant (it specifies an identity id) and a privilege source. In other cases, such as a {@link CustomRole} and {@link CustomRoleGrant}, they are separate. When they are the same resource, this value will match the grantId value. Never null.

[].identityId

String

true

The identity id of the holder of this grant. Almost never null, with the one exception of a grant made to all users (or all authenticated users.).

[].privileges

Map

true

The set of privileges that this grants. These are organized as a stack of 3 Maps where the keys are the domain code, then the resource type code, then the action code, and the leaf value is a set of paths on which that action can be performed.

[].createdBy

String

false

The identity id that created the grant.

[].createdAt

String

false

The date-time at which the grant was created.

[].deletedAt

String

true

The date-time at which the grant was deleted. This will be null for an grant that has not been deleted. If this property is not null, then the grant is 'marked' as being deleted.

[].deletedBy

String

true

The identity id that deleted the grant. This will be null until the resource is marked deleted.

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/grants' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJaTm80enpoZUh2bnpyLTl2MERlNGF3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjBkMWJjOTE0LTNjMjQtNGJjMi1hN2U4LTg3MTY0YmViM2NlZCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjNjMDEzYTQ1LWY1YTctNDhkZi04OWJjLTRhOWZiNmViOGM1Y1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3N31dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Q2Xacf2pDWF8b6z5jRs6T6VXPyd7EAGJKBYBV7i3GAavMMesWhlvrkY4joVrlKsdIXzn0PEEjgtfDL_BRAWxeWl4f9qSwrqS3igusv3l9iK72xEEOYP68JMg9SwsdW4YJFGZgmfzGnRzZ7a8qimerfirkSxGyT1r1LEz2je4htGhwj5J7QIAguVRZwsFG4gjyxMh6SDL3d_9r9W20Jh7xh8tL_0CCn-JoqViXh075o31OqQZSFzoGcR1buun8fCpzE3fQOxNBcooz8ejVZUCdq6AsKXvHwLlNTCmGL477b-ATlYmdJf9hYaF-2I_UF9_3_XfKONPs--HgqbmjNrDwQ'

Example response

HTTP/1.1 200 OK
Content-Length: 1770
Content-Type: application/json;charset=UTF-8

[ {
  "grantType" : "IdentityResourceAction",
  "grantId" : "bac1a8db-58f4-4b72-979c-fe55d1d288c0",
  "privilegeSourceId" : "bac1a8db-58f4-4b72-979c-fe55d1d288c0",
  "identityId" : "a17fffad-b448-4fc0-8e16-60baadc1d5ee",
  "privileges" : {
    "io.netfoundry.network" : {
      "endpoint-group" : {
        "read" : [ [ ] ]
      }
    }
  },
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.597554Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Read Endpoint Group, All to identity a17fffad-b448-4fc0-8e16-60baadc1d5ee"
}, {
  "grantType" : "IdentityResourceAction",
  "grantId" : "dd66319d-f3c9-4bd5-b2a5-8f8aef394fa1",
  "privilegeSourceId" : "dd66319d-f3c9-4bd5-b2a5-8f8aef394fa1",
  "identityId" : "26690eb4-92e9-4ed0-acbe-6e26564eae99",
  "privileges" : {
    "io.netfoundry.identity" : {
      "organization" : {
        "read" : [ [ ] ]
      }
    }
  },
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.892540Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Read Organization, All to identity 26690eb4-92e9-4ed0-acbe-6e26564eae99"
}, {
  "grantType" : "IdentityResourceAction",
  "grantId" : "833309d2-b884-4fc9-a367-b825849149ac",
  "privilegeSourceId" : "833309d2-b884-4fc9-a367-b825849149ac",
  "identityId" : "26690eb4-92e9-4ed0-acbe-6e26564eae99",
  "privileges" : {
    "io.netfoundry.identity" : {
      "api-account-identity" : {
        "read" : [ [ ] ]
      }
    }
  },
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.610612Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Read API Account Identity, All to identity 26690eb4-92e9-4ed0-acbe-6e26564eae99"
} ]

Super-User Grants

Find Super Users

GET /super-users

Returns a set of {@link SuperUser}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the super-user resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

identityId

Object

true

Filters results to those that grant to an identity specified in this set.

domainId

Object

true

Filters results to those that grant access to one of the specified {@link Domain}s. To search for {@link SuperUser}s that explicitly grant access to all domains (ie, the domainId is null), include this query parameter with no value.

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].identityId

String

false

The id of the identity to whom super-user access has been granted.

[].domainId

String

true

An optional {@link Domain} id, which when set indicates that this super-user is limited to {@link ResourceAction}s in the corresponding {@link Domain}. When not set, this super-user applies to all {@link Domain}s, present and future.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link SuperUser} was created.

[].updatedAt

String

false

The date-time at which this {@link SuperUser} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link SuperUser} was deleted. This will be null for an {@link SuperUser} that has not been deleted. If this property is not null, then the {@link SuperUser} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[].type

String

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/super-users' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxaGhVbWVJZEdPWFIyNkNIS01lS1VRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjVlNTk3YzFhLWFjZDMtNDIyNi05NjI2LWViZTYyZWM2YWIwZCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiM2IzNWYxMWEtYWVhMi00ZmRiLWI0MmItMWI4MzAxMmFkYWZmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.DK0hKmg2yh-X03A07LIsDsVicgIUxbgH1hva8fNxbhNC3FoBFd4kLe_MA-_qWeUrbh01PWs9cenfS9ruB67l5gv4yJnrFMgdfjlLFOCvLkEVE73OoEMLeOVIKGbPSsrmWyzApzBnchkPV16V0BzI0Oj8qfSKD5ilrfeRIxe0FYiVvwchg9dOIul3AYCTmyrWZWaFWmheEJtkCzhpQnbFd7iKsgDOfF_Z5HKnrsqyFj4iMhj8a_jxFirrM2zIomW1NjZ2GC0XnW-ZKwS23MfqyOGXuh-GxEKa0tWKd9jb1vbe06s09QV4Xoumq9FklIaA9419mvd73QDDc6R0eO8WNQ'

Example response

HTTP/1.1 200 OK
Content-Length: 1472
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "b2faf78c-ee10-47ff-b74c-205849c1973c",
  "identityId" : "4d5b0bea-2fb6-4954-9dd4-4f2dc7101099",
  "domainId" : null,
  "createdBy" : "1037594d-151c-4817-918d-611f27c07170",
  "createdAt" : "2020-11-24T15:51:17.379457Z",
  "updatedAt" : "2020-11-24T15:51:17.379457Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.superuser.SuperUser",
  "_title" : "Grant All Actions (SU) in All Domains to identity 4d5b0bea-2fb6-4954-9dd4-4f2dc7101099"
}, {
  "id" : "be25044e-ebd2-444f-ae5e-ca38b975e648",
  "identityId" : "12a2eeaa-27f2-4ba4-a749-e7355c3a7ae6",
  "domainId" : null,
  "createdBy" : "49a0641c-6d78-482e-a969-f4adb5ef1858",
  "createdAt" : "2020-11-24T15:51:17.979836Z",
  "updatedAt" : "2020-11-24T15:51:17.979836Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.superuser.SuperUser",
  "_title" : "Grant All Actions (SU) in All Domains to identity 12a2eeaa-27f2-4ba4-a749-e7355c3a7ae6"
}, {
  "id" : "82bf59c7-e929-47f3-aa28-20a082e28beb",
  "identityId" : "f748b72c-56c9-4fde-b4d9-9d34685feb72",
  "domainId" : null,
  "createdBy" : "4bde4294-f3d1-43d3-bd63-81db4c5799dd",
  "createdAt" : "2020-11-24T15:51:16.719579Z",
  "updatedAt" : "2020-11-24T15:51:16.719579Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.superuser.SuperUser",
  "_title" : "Grant All Actions (SU) in All Domains to identity f748b72c-56c9-4fde-b4d9-9d34685feb72"
} ]

Get Super User

GET /super-users/{id}

Authorization

This endpoint requires read action on the super-user resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

identityId

String

false

The id of the identity to whom super-user access has been granted.

domainId

String

true

An optional {@link Domain} id, which when set indicates that this super-user is limited to {@link ResourceAction}s in the corresponding {@link Domain}. When not set, this super-user applies to all {@link Domain}s, present and future.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link SuperUser} was created.

updatedAt

String

false

The date-time at which this {@link SuperUser} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link SuperUser} was deleted. This will be null for an {@link SuperUser} that has not been deleted. If this property is not null, then the {@link SuperUser} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/super-users/c155bde6-f8c6-4812-a037-0e484a80d5a2' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIySDIzdEU0SXI3TFQ1cTdwZFRFdzFRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjQ5Y2E0NWUyLTgyMzAtNDI0Ny04ZjZjLTYwM2FjZWEyMzZhNSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiMzAyMzRhYWUtODFmMi00MTQzLWFjZmEtMTJlN2VkMmE5Y2NlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.EfH2ccTtvv5dK8ypRlNTH51o5N2F9BpwctvynocZev1GrYHqN7EUDTU2f1MP2vLnW-FjngXgeVFE6AANfbV9CiGuVV5i9XtTgrV8_0WS_qkI-g_3E0HwKTdCkfQZHJvn8EU8Ly7n_Ff1KZCep62HCj6jzNEvT1LXG4d5yqNPBdAaCjNmH-UEv-66WIPlT8mFDXjIaHzzc7mMEedI5xSAhpRNqjjRJh9yxpCkrjyEt-etP8lhD4s-zu7AZZqyr42UQAGX98GkTlGwcdhlRD26nEMW6gT2ia31Th5BtrTLPoSi-Q-BqYMBaXq0xICHKQHJEuoiQzUWxisoJtCVjcY5kQ'

Example response

HTTP/1.1 200 OK
Content-Length: 522
Content-Type: application/json;charset=UTF-8

{
  "id" : "c155bde6-f8c6-4812-a037-0e484a80d5a2",
  "identityId" : "e7dfe880-3c9e-44de-9b76-5c17e813db2d",
  "domainId" : "f7b22610-5fc4-4273-bd40-c8946c89bd77",
  "createdBy" : "3853272b-69bd-4763-b975-5c16390178e1",
  "createdAt" : "2020-11-24T15:51:15.275057Z",
  "updatedAt" : "2020-11-24T15:51:15.275057Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.superuser.SuperUser",
  "_title" : "Grant All Actions (SU) in Test Domain to identity e7dfe880-3c9e-44de-9b76-5c17e813db2d"
}

Create Super User

POST /super-users

Authorization

This endpoint requires the following actions:

  • create action on the super-user resource type

  • read action on the domain resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

identityId

String

false

domainId

String

true

Client must have read action on the annotated resource.

Response fields

Path Type Optional Description

id

String

false

identityId

String

false

The id of the identity to whom super-user access has been granted.

domainId

String

true

An optional {@link Domain} id, which when set indicates that this super-user is limited to {@link ResourceAction}s in the corresponding {@link Domain}. When not set, this super-user applies to all {@link Domain}s, present and future.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link SuperUser} was created.

updatedAt

String

false

The date-time at which this {@link SuperUser} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link SuperUser} was deleted. This will be null for an {@link SuperUser} that has not been deleted. If this property is not null, then the {@link SuperUser} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/super-users' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJCMW1MNVN0TjJzQTdHVzMwU2hTaThRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImQ0MDkzODU4LTY2MzEtNGEzYS1iNmRlLWU3YTA1ZmZiY2U2OCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYThkZDE1OWMtNzA5NS00OGRiLWI4MzktZDVjOTlmY2FlMDI1XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fSx7XCJpZFwiOlwiNjgyYTI4MjMtYmFkZC00MTA3LWI2ODEtNDBiMjAyNGY5MTI5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Lz-OqpZyfDlcaJ4z5mEcX9mDa2pLE9yJmioo2mAuyHwcIss4cvkOBKD3I54BQke9wbvyleWxG7jzP-31hZy1_pCIrc-fYPcXkCl3TePdj-zh3hUsPt3uXN5UiS1wjOdILckD8LZKr0PQtjD7-ub7LThNotwebL3-SRgyTN8mtdfwdILFtN-_kDlVDXEd7Qn6_y-M7WIwZOSaWce1CmTlAcUfWQXytX9k02piuiW1tgkaTWtKJf_L9H4DXZRZH3hlyKtMBrb_vCEuAVsBKLvELtsrgAGCqZ3Haf-bx9-0MxWujr-N5EnVf-ASxtTVRh7_h4HoUnDtNnCCiPccdYj6-Q' \
    -H 'Content-Type: application/json' \
    -d '{"identityId":"e7dfe880-3c9e-44de-9b76-5c17e813db2d","domainId":null}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 488

{
  "id" : "bc4354a6-6217-43e9-bed3-1bcc4eba66f7",
  "identityId" : "e7dfe880-3c9e-44de-9b76-5c17e813db2d",
  "domainId" : null,
  "createdBy" : "d4093858-6631-4a3a-b6de-e7a05ffbce68",
  "createdAt" : "2020-11-24T15:51:19.243710Z",
  "updatedAt" : "2020-11-24T15:51:19.243710Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.superuser.SuperUser",
  "_title" : "Grant All Actions (SU) in All Domains to identity e7dfe880-3c9e-44de-9b76-5c17e813db2d"
}

Delete Super User

DELETE /super-users/{id}

Authorization

This endpoint requires delete action on the super-user resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/super-users/f541c23a-d04f-4c14-9d9b-051df5a4dc6d' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI0al9NVFRRSE5KVVFoQnRBY2R4d3VRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImE4OGI5YjdlLWVjNTAtNGIxNS04NTEwLTI0MTEyODgzNDQxZSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZWM3MWZiZjYtMDJmMi00ZWMzLTljZWQtYzhiZWUzMDc1YzI5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Ri43kCL0iRv1cCF-cOEY5MQqU9PJdXYJPY9LD1KlEw30lGOOsHNaNU8uFT5NjOltBNLNchteb0FlZekOtmRvlxlrne1kJXVeZuihYVEnDu_c8XJg3j_8Gg0uLLul18L45gja8EfuKOg5yQuSJHbRvOzX6Fsj8jKb9Tc4DSn6FBXFZyAaKTfd9ifGoIrqVPjVlCC7VUfzqIFNFg-jqwQxzDzJ3oyv-Ahw6Zf4hWzd5a6Bfcv0gbKoWII9rJ2XCCd0EnX1Is5bLR0hGKwj2ps-ObBP6rc4OJJNXhYvkDMzuUtk85XPP3ES_wRpMZRF6GZFq-pF-91qo9esR_rYhNBQ7Q'

Example response

HTTP/1.1 200 OK

Public Grants

Find Public Grants

GET /public-grants

Returns a set of {@link PublicGrant}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the public-grant resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

resourceActionId

Object

true

Filters results to those that grant one of the specified {@link ResourceAction}s.

isAnonymous

Boolean

true

When true, filters results where the isAnonymous property is true. When false, filters to those with the isAnonymous property is false. When not specified, the results will include those with both true and false values for this property.

path

Object

true

Filters results to those that target any resource along the specified path. For example, if the path is to Network X which is under Network Group Y, this would restrict the results to {@link IdentityResourceAction}s that grant an action on any resource under Network X, an action on Network X itself, or an action on Network Group Y. Combine this query parameter with resourceActionIds to limit the results to the types of actions along the path that are of interest.
The path value must start with a domain code followed by a colon. It may then have a comma delimited sequence of colon separated resource type code and resource id pairs. The path structure must match that of the server defined resource tree for the specified resources in the specified domain.

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].resourceActionId

String

false

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link PublicGrant} was created.

[].updatedAt

String

false

The date-time at which this {@link PublicGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link PublicGrant} was deleted. This will be null for an {@link PublicGrant} that has not been deleted. If this property is not null, then the {@link PublicGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[].path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link PublicGrant} targets.

[].path[].resourceId

String

false

[].path[].resourceTypeId

String

true

[].anonymous

Boolean

true

If true, then any client may perform the linked action even if not authenticated. If false, then a client must be authenticated in order to perform the linked action. The actual identity id of the client does not matter for {@link PublicGrant}s.

[].type

String

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/public-grants' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQS0FJbWpRaVN2MEk3T0lObWN2WWl3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjM1NDg3ZDgxLTc4ZDUtNDdkZC05NjJiLTM3ZTMyYzY5YjU1OSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZmMwYzBkYjctNDY2OC00YzY0LTljNGEtYjYyNTJmNmY4N2Y4XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Amjd3D9zO6rky2W4rd5-w8juVrxj8TOYoPhIC6KkFGRpobbJXmBQjqnpvcWPBNydHcX_P5X-R6o3f5L-9Qz_U-jVxTRg_XCrSh3MkJqSESDKB7U1gvxjY54n2Ogf52etm5GSvIK6kEikqUShcLdTUZCz6ILg_X_mgw8EzxakkJ9fkdHJZEhxdiQjFw9VO7pYOo2IWTCIxVeJSszh8dr0b9J5yOqFPwKbZOPmWMu76acegTno5kJpUvd__M01IyTVzdFNQT8w4OZXaVbFvjtp4EM_MdEIQSKHniFX5V-bzQew0pet2tuCX3UyTnGBse0MrMvlJSona_guqSDgHRj5xw'

Example response

HTTP/1.1 200 OK
Content-Length: 1674
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "41c1edea-9d6b-4bc9-8481-5e09e227210f",
  "resourceActionId" : "9357068b-8d96-421b-bfba-a22b2ed29205",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.545093Z",
  "updatedAt" : "2020-11-24T15:51:13.545093Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ ],
  "anonymous" : false,
  "type" : "io.netfoundry.auth.domainv2.publicgrant.PublicGrant",
  "_title" : "Grant Read Geo Region, All to All Authenticated Clients"
}, {
  "id" : "ee40374e-a5ea-480f-b394-15ead024f160",
  "resourceActionId" : "830173d3-74dc-4f83-9feb-4879f8ba6df7",
  "createdBy" : "b2bd1206-9969-49f3-aa23-8b7cf2bbd707",
  "createdAt" : "2020-11-24T15:51:15.276833Z",
  "updatedAt" : "2020-11-24T15:51:15.276833Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "2e5e5f7d-2d4f-4fcf-a9dc-9e1b7a05611c",
    "resourceTypeId" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a"
  } ],
  "anonymous" : true,
  "type" : "io.netfoundry.auth.domainv2.publicgrant.PublicGrant",
  "_title" : "Grant Test Action Test Type on/under Test Type 2e5e5f7d-2d4f-4fcf-a9dc-9e1b7a05611c to All Clients (including anonymous)"
}, {
  "id" : "21710d8b-eb7c-4e25-b9e8-a235f8e8d719",
  "resourceActionId" : "4fdc45f5-36a2-400a-8491-2f2413a51170",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.702330Z",
  "updatedAt" : "2020-11-24T15:51:13.702330Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ ],
  "anonymous" : false,
  "type" : "io.netfoundry.auth.domainv2.publicgrant.PublicGrant",
  "_title" : "Grant Read Network Configuration Metadata, All to All Authenticated Clients"
} ]

Get Public Grant

GET /public-grants/{id}

Authorization

This endpoint requires read action on the public-grant resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

resourceActionId

String

false

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link PublicGrant} was created.

updatedAt

String

false

The date-time at which this {@link PublicGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link PublicGrant} was deleted. This will be null for an {@link PublicGrant} that has not been deleted. If this property is not null, then the {@link PublicGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link PublicGrant} targets.

path[].resourceId

String

false

path[].resourceTypeId

String

true

anonymous

Boolean

true

If true, then any client may perform the linked action even if not authenticated. If false, then a client must be authenticated in order to perform the linked action. The actual identity id of the client does not matter for {@link PublicGrant}s.

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/public-grants/fd2b370e-5c8c-4569-bf63-c6c5981210f6' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI4a2oxTWhMaEhteTAyMTFIUkx3WXNnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImE4MzA5NGE0LWQ1MzUtNDJiZS05MTYxLTJhZmRlZjIxYmJkNSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNzRlZTAwOTMtOGY5My00OTA0LTg4YWMtZjg5MDAzYWExYWEyXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Zgn_3nAwQJvTNDisKdt1gRgTm2aSc4RNCIMJ7TPLYx-oTRVErTwFoLH8d3lRdTJPv4gDwuG7B42Wk3Y2zyslf8P_tVlqKtdUraVkJUj7mSLBp1KpFAac0VA4aZjti41oQL6kLpA99RJY10KJ5X5zbUTVZAm34afrcwjZ3ez2G7-q0og4h_ZkmXCGctl0ar4DPnbsNk084FzZpjZjSdcAT3KTkXlA18tH9HWpydwlEYfilsuliI0qu6Q7D03WpAv-jYi_shzAu-TGRiFDQZn8ZJUx7sl3MErKWAoTq8xX31hP_4-7y9SXz8fdyMeLJCQdDaZrTEIZp7YghDT1iao-xw'

Example response

HTTP/1.1 200 OK
Content-Length: 678
Content-Type: application/json;charset=UTF-8

{
  "id" : "fd2b370e-5c8c-4569-bf63-c6c5981210f6",
  "resourceActionId" : "6d37d965-a963-46c0-a2ac-d66679a70d2c",
  "createdBy" : "ab28f31a-42fd-476d-9d07-c1157c7162d3",
  "createdAt" : "2020-11-24T15:51:18.027011Z",
  "updatedAt" : "2020-11-24T15:51:18.027011Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "d2c1591b-fa29-41fb-8d44-fb6fc701b085",
    "resourceTypeId" : "c4c2eafa-740f-4eea-a008-04bd463460df"
  } ],
  "anonymous" : false,
  "type" : "io.netfoundry.auth.domainv2.publicgrant.PublicGrant",
  "_title" : "Grant Test Action 36 Test Type 35 on/under Test Type 35 d2c1591b-fa29-41fb-8d44-fb6fc701b085 to All Authenticated Clients"
}

Create Public Grant

POST /public-grants

Authorization

This endpoint requires the following actions:

  • create action on the public-grant resource type

  • read action on the resource-action resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

resourceActionId

String

false

Client must have read action on the annotated resource.

path

Array[Object]

false

path[].resourceId

String

false

path[].resourceTypeId

String

true

anonymous

Boolean

true

Response fields

Path Type Optional Description

id

String

false

resourceActionId

String

false

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link PublicGrant} was created.

updatedAt

String

false

The date-time at which this {@link PublicGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link PublicGrant} was deleted. This will be null for an {@link PublicGrant} that has not been deleted. If this property is not null, then the {@link PublicGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link PublicGrant} targets.

path[].resourceId

String

false

path[].resourceTypeId

String

true

anonymous

Boolean

true

If true, then any client may perform the linked action even if not authenticated. If false, then a client must be authenticated in order to perform the linked action. The actual identity id of the client does not matter for {@link PublicGrant}s.

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/public-grants' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Z25BMHEwRVVQZWdQZUppQlQ5a0RBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImM4NWNkN2E1LWNiNDMtNDFkMS1iMmRkLWU1MTJmZmQzZDJlYSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNDdlYWUxYzYtYzE1Ni00OTMxLWJhNTMtYWU1NWExOTIzOGJmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fSx7XCJpZFwiOlwiYzdhMGNiODItYTg5Yi00MDhmLTk5ZTktMDM3ZTAxNmZhMjIwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.NSR0txPoHa_ovvFByULOKNwTD3xerIXv8HCFkh-6qUR0PPEQwn3UZMIW6bnrkMxbN7CvkqbyXMKooCSGgP75hs_xeYiEIQUNoo28c70_TbdVaXrOJWPS8u5GSOXmN1G8XbuahF-IZ0BcUxf38AX26KX6BiSk6vtGffCIo0eMAhPOENprTT4BJh0eyW82OJk3RZ4X7wwEGjGpMVddMnyuUq9ZVR0wEdi9v6kTBWWXw0ZZSPQDFpadpBNqWEqRl-_CPWv2cYYvH19FHS_rfMduokoLyN5GAddy3Qfn2Jio7li2FDMQKHV2b_OCj8pM1SEew5pctjkvOXvXLbCHN21Quw' \
    -H 'Content-Type: application/json' \
    -d '{"resourceActionId":"830173d3-74dc-4f83-9feb-4879f8ba6df7","path":[{"resourceId":"0c8d8345-03a2-4797-ad3c-7b64b46aa3b4","resourceTypeId":"c61d3c25-bcaa-4aee-9f07-1d8b371a534a"}],"anonymous":false}'

Example response

HTTP/1.1 200 OK
Content-Length: 669
Content-Type: application/json;charset=UTF-8

{
  "id" : "17824dac-53c5-4a91-8b4d-95a524c4c833",
  "resourceActionId" : "830173d3-74dc-4f83-9feb-4879f8ba6df7",
  "createdBy" : "c85cd7a5-cb43-41d1-b2dd-e512ffd3d2ea",
  "createdAt" : "2020-11-24T15:51:18.115317Z",
  "updatedAt" : "2020-11-24T15:51:18.115317Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "0c8d8345-03a2-4797-ad3c-7b64b46aa3b4",
    "resourceTypeId" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a"
  } ],
  "anonymous" : false,
  "type" : "io.netfoundry.auth.domainv2.publicgrant.PublicGrant",
  "_title" : "Grant Test Action Test Type on/under Test Type 0c8d8345-03a2-4797-ad3c-7b64b46aa3b4 to All Authenticated Clients"
}

Delete Public Grant

DELETE /public-grants/{id}

Authorization

This endpoint requires delete action on the public-grant resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/public-grants/f9391ed1-0eea-48a9-9324-6627c758293c' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJNX1Y2R3N6eUxiVTRwTXBZa1Jfbm1BIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjE1YmRkZDk1LTViYWItNGUxZS1iMDRiLTEwODQ2MGFlZGZmMyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5MzkxZWQxLTBlZWEtNDhhOS05MzI0LTY2MjdjNzU4MjkzY1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYmJlMmQwZTMtYjkxNi00YzNkLThlZDctODYzZGE1MjcwM2Q1XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.hA6ID9-RSj6r3Cfw91Jkzkff4qPR09F3TavyVQyWwuT2458GY4lvte4z4HUCWZZHdTiis_Y1XqidHsc_UTfom7hLf-rYyrYa_n5mc0BGr7J-0GzPmxAROswWXTQglY2g5ZmqnRo7lM3y_HRbUfqYlv9McaVatDvk6ys7XBKZgVUUCJBWLOc5ZKswqLZOAuIEr8hbzB0A1IK8v3NnP7AyYSwkMtAmxvzqEgyD-3hd7et8LWS-xN9UD0eiWwFlhsZzinpnC9o55g_nrFxXhFXt6YiTOp2-grg8JMqW0IIIUMQoMgFUyKwDcj1fjVAdlCuDq_uKMupPPxx0AMk9RgAyjA'

Example response

HTTP/1.1 200 OK

Identity - Resource Action Grants

Find Identity Resource Actions

GET /identity-resource-actions

Returns a set of {@link IdentityResourceAction}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the identity-resource-action resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

identityId

Object

true

Filters results to those that grant to an identity specified in this set.

resourceActionId

Object

true

Filters results to those that grant one of the specified {@link ResourceAction}s.

path

Object

true

Filters results to those that target any resource along the specified path.
For example, if the path is to Network X which is under Network Group Y, this would restrict the results to {@link CustomRoleAction}s that grant an action on any resource under Network X, an action on Network X itself, or an action on Network Group Y. Combine this query parameter with resourceActionIds to limit the results to the types of actions along the path that are of interest.
The path value must start with a domain code followed by a colon. It may then have a comma delimited sequence of colon separated resource type code and resource id pairs. The path structure must match that of the server defined resource tree for the specified resources in the specified domain.

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].identityId

String

false

The id of the identity to whom this {@link IdentityResourceAction#resourceActionId} has been granted.

[].resourceActionId

String

false

The {@link ResourceAction} that possession of this {@link IdentityResourceAction} grants to the linked identity for resources under the specified path.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link IdentityResourceAction} was created.

[].updatedAt

String

false

The date-time at which this {@link IdentityResourceAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link IdentityResourceAction} was deleted. This will be null for an {@link IdentityResourceAction} that has not been deleted. If this property is not null, then the {@link IdentityResourceAction} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[].path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link CustomRoleAction} targets. For example, if this {@link CustomRoleAction} is "Update Widget Service" then this property defines the (id) path of/to the "Widget Service" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to the {@link ResourceAction#getResourceTypeId()}. Both must target the same {@link ResourceType}.

[].path[].resourceId

String

false

[].path[].resourceTypeId

String

true

[].type

String

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/identity-resource-actions' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxQ1VkclhWcVFtMEFPREFrX2tBZGNBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjY4ZjRkYzgxLTAxZTMtNDgwMC1iNzNkLTVlOWRkZTRlYzgwZSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiMDMwNTBmNWMtYmQwZC00OGM0LWJkOTQtYjE0YzY5M2YwNWNhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.bCcHfvLsuiD_6k3AaMCgNaAalf0fgsYQvKlItmGv0AkVNs5ZbVtcFo6pQ3uFLVzUj_L8oFgFI1ypPj0WlF7Kk56Pgpb0hLi58TSNfBQfOSCmSSFydrLeQAr2RT10ng3WBwHYtE-S226DlmuP-GucxLAhpfmtn9wYHO4Rz-1zxb09WKPoBnI7cJYrpQQsWfsO6wTY34k-UUn5uZZOXVWkA0fEWN9lqMbNVWV6T6eGovAc6gEUpdYtGfI53Ki7VSncpLf7J1Mp9bc7QecpiilJmZbkTYs1HOB1Pke-Ly4bGZLnLOW3kSnS__22QCx5UyJGV4dJ9hql4OI3WAGjDADcDg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 1711

[ {
  "id" : "fd56fe7e-76a7-45c6-bd95-47dcdbc7d4e8",
  "identityId" : "a17fffad-b448-4fc0-8e16-60baadc1d5ee",
  "resourceActionId" : "e1e82776-162f-4c19-84c9-7e78900f4117",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.597554Z",
  "updatedAt" : "2020-11-24T15:51:13.597554Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ ],
  "type" : "io.netfoundry.auth.domainv2.identityresourceaction.IdentityResourceAction",
  "_title" : "Grant Delete Endpoint Group, All to identity a17fffad-b448-4fc0-8e16-60baadc1d5ee"
}, {
  "id" : "ad96ab99-7af4-43ed-96f3-7a6b7fc3cec6",
  "identityId" : "a17fffad-b448-4fc0-8e16-60baadc1d5ee",
  "resourceActionId" : "d8dac1ff-e598-4318-afc8-69197a82595e",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.597554Z",
  "updatedAt" : "2020-11-24T15:51:13.597554Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ ],
  "type" : "io.netfoundry.auth.domainv2.identityresourceaction.IdentityResourceAction",
  "_title" : "Grant Update Endpoint Group, All to identity a17fffad-b448-4fc0-8e16-60baadc1d5ee"
}, {
  "id" : "5b494baf-8517-49d7-96a1-f08209a82387",
  "identityId" : "83d8cce9-1ad2-4ec1-ae23-9d1f3d28f2ba",
  "resourceActionId" : "672dee29-5754-40ec-967f-3f0e752cdd7d",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.931039Z",
  "updatedAt" : "2020-11-24T15:51:13.931039Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ ],
  "type" : "io.netfoundry.auth.domainv2.identityresourceaction.IdentityResourceAction",
  "_title" : "Grant Read Edge Router Policy, All to identity 83d8cce9-1ad2-4ec1-ae23-9d1f3d28f2ba"
} ]

Get Identity Resource Action

GET /identity-resource-actions/{id}

Authorization

This endpoint requires read action on the identity-resource-action resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

identityId

String

false

The id of the identity to whom this {@link IdentityResourceAction#resourceActionId} has been granted.

resourceActionId

String

false

The {@link ResourceAction} that possession of this {@link IdentityResourceAction} grants to the linked identity for resources under the specified path.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link IdentityResourceAction} was created.

updatedAt

String

false

The date-time at which this {@link IdentityResourceAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link IdentityResourceAction} was deleted. This will be null for an {@link IdentityResourceAction} that has not been deleted. If this property is not null, then the {@link IdentityResourceAction} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link CustomRoleAction} targets. For example, if this {@link CustomRoleAction} is "Update Widget Service" then this property defines the (id) path of/to the "Widget Service" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to the {@link ResourceAction#getResourceTypeId()}. Both must target the same {@link ResourceType}.

path[].resourceId

String

false

path[].resourceTypeId

String

true

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/identity-resource-actions/8fd3bf3f-6afd-42c7-b277-2656bf3d7598' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ4N2Q3RHM1bzJtOTdQZjJIeE9iOFlBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjUwNjI5MjMzLTA5Y2QtNDk5NS05MmI2LWI2MTZhNmNiOTcyMSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYTk5MGM5YmItZDg0Ni00ZGJhLWJlMTUtZmZjNGRjMDJhMDE3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.dm2HiQx9lXLRlZvIFFK5UAc0Op56_t9PfI4mVm6Vtv5yx98cx2V1n0ebOIaVS6yTl48Gafz73g1lchOGlpjtDGhmtJd9fIN101HCjFRZ_MmrUQN2oriPL8BeRCxDM2HQjBfl08LdEtbw15Kh7yZqLZhyqbl_IdQFhdEsksQSowh0dbhHgRMI5YUkBlKrkgtyHWKLjE125XGxSV0EhDkzbQYdZkocEPZTKiOrwnUpqvlpQXVBf9wI-gk6EWLdpuhsebaSTC947MdHRor1Y0MU5nSkM-cGUtCnzsqrGPwTYWTUj0e6o6Du6kPBUawC77vR2Qu_O0wZOizV3wt3RmcO_w'

Example response

HTTP/1.1 200 OK
Content-Length: 754
Content-Type: application/json;charset=UTF-8

{
  "id" : "8fd3bf3f-6afd-42c7-b277-2656bf3d7598",
  "identityId" : "6064a724-64a1-4217-b33e-01761af3ab10",
  "resourceActionId" : "227f30dd-deba-4578-87de-c57ac2f709c0",
  "createdBy" : "402aa10f-6d0e-4577-b313-86e9992ce8fc",
  "createdAt" : "2020-11-24T15:51:18.436355Z",
  "updatedAt" : "2020-11-24T15:51:18.436355Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "9aaf4985-2ef3-48e3-8039-e7477959d8d6",
    "resourceTypeId" : "115aaa9e-35e8-42b0-85c6-6724821a111c"
  } ],
  "type" : "io.netfoundry.auth.domainv2.identityresourceaction.IdentityResourceAction",
  "_title" : "Grant Test Action 54 Test Type 53 on/under Test Type 53 9aaf4985-2ef3-48e3-8039-e7477959d8d6 to identity 6064a724-64a1-4217-b33e-01761af3ab10"
}

Create Identity Resource Action

POST /identity-resource-actions

Authorization

This endpoint requires the following actions:

  • create action on the identity-resource-action resource type

  • read action on the resource-action resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

identityId

String

false

resourceActionId

String

false

Client must have read action on the annotated resource.

path

Array[Object]

false

path[].resourceId

String

false

path[].resourceTypeId

String

true

Response fields

Path Type Optional Description

id

String

false

identityId

String

false

The id of the identity to whom this {@link IdentityResourceAction#resourceActionId} has been granted.

resourceActionId

String

false

The {@link ResourceAction} that possession of this {@link IdentityResourceAction} grants to the linked identity for resources under the specified path.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link IdentityResourceAction} was created.

updatedAt

String

false

The date-time at which this {@link IdentityResourceAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link IdentityResourceAction} was deleted. This will be null for an {@link IdentityResourceAction} that has not been deleted. If this property is not null, then the {@link IdentityResourceAction} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link CustomRoleAction} targets. For example, if this {@link CustomRoleAction} is "Update Widget Service" then this property defines the (id) path of/to the "Widget Service" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to the {@link ResourceAction#getResourceTypeId()}. Both must target the same {@link ResourceType}.

path[].resourceId

String

false

path[].resourceTypeId

String

true

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/identity-resource-actions' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI5RVlWWHhWTXgtZU43Vmd4MHBsdGNRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImRhNzE4NDFjLWZkM2ItNDE2Zi04YTZkLTNjYjA4MWRiMDZlMSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYzE0ZGFlNzMtNTc3NC00OGJmLTlmM2UtNWY2Y2I0NjYxMjA0XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fSx7XCJpZFwiOlwiMTdhNjlmMjUtNWU1My00NGU0LTk0MWEtZDY1YzJkN2RkOTc0XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.LOZhlD_tfD7ZgTnpAEDpLg8TlUuuLhKR3hu6Weesyxj6w_SCjkuMtJmHrYOSHgXWIC7SgydVDmxvM37Re1a3sfHS84OiwJrHT1c-IkAxeZAoKdA4zSlOOmH1mB7WkZKoYx6zTIGyzmlibtaD2w3DWiMbxAAYvbaqGUPpZ2AcLyq47dQkR_kHmi19UdtYJInf08pMY7fANpxGHa2cDV1ic1bzW8o4_nILDX8rN9Vkg-yN5a7BxQbJlGgM6D9VAubNwvgX1WcjPNZpsLyKW7RugIr6cKUu6HJwm_fub5VU4jUEPxahhviQ1xTlKJNF1PUKa-3zb4SGbnoHjysmPdyo6Q' \
    -H 'Content-Type: application/json' \
    -d '{"identityId":"109ade98-4d90-4500-b3c1-68030bd11198","resourceActionId":"830173d3-74dc-4f83-9feb-4879f8ba6df7","path":[{"resourceId":"ae186b83-1206-4b35-a01e-c75a5b48b4e8","resourceTypeId":"c61d3c25-bcaa-4aee-9f07-1d8b371a534a"}]}'

Example response

HTTP/1.1 200 OK
Content-Length: 745
Content-Type: application/json;charset=UTF-8

{
  "id" : "29f65b31-8cf3-450e-9d67-ec274771b300",
  "identityId" : "109ade98-4d90-4500-b3c1-68030bd11198",
  "resourceActionId" : "830173d3-74dc-4f83-9feb-4879f8ba6df7",
  "createdBy" : "da71841c-fd3b-416f-8a6d-3cb081db06e1",
  "createdAt" : "2020-11-24T15:51:18.478814Z",
  "updatedAt" : "2020-11-24T15:51:18.478814Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "ae186b83-1206-4b35-a01e-c75a5b48b4e8",
    "resourceTypeId" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a"
  } ],
  "type" : "io.netfoundry.auth.domainv2.identityresourceaction.IdentityResourceAction",
  "_title" : "Grant Test Action Test Type on/under Test Type ae186b83-1206-4b35-a01e-c75a5b48b4e8 to identity 109ade98-4d90-4500-b3c1-68030bd11198"
}

Delete Identity Resource Action

DELETE /identity-resource-actions/{id}

Authorization

This endpoint requires delete action on the identity-resource-action resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/identity-resource-actions/bbd640f7-448f-4bd6-b265-1be40f08cc28' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwek0yQXJQdlpBRC1YSzRsdmxDb2Z3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI4ZTA5OGQ3LTM2YmUtNDRhNi04YTc2LWFlNTU5NGY0YzAyZCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNzE1NjM5Y2MtZTU3ZS00YTAwLWFkNTctNWMwMjVlM2FiNDUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.eFt00XCTpAQ3jS91rMfyDhe7vlD08KBBMagTFgdNbQuR2WuPzC19hHZLXLsY-lFnbkeJQUGVYoFGCw_IjulkrIXuLpYQzF0n4F2rHsk_1_gfip1g5iqFq-AlHVjzbjkuKQzXHcsoKL2LmOlogo05jZnft1zDAuxgAXdL_qs31MFt-lCK3csMIps5t-ZiOv7WlA01XDS6sz1JV_L8zoiebRnseUbKRxONcBqmB5naCcDfBfIXWolSVMkzBFaNSAUCZRtGL-g_L83Y7nsX9kKbj3AZGT-wh_i_khuPGodLv5Kll3gt2UOVdXL8Z_Z48WpTiNho1JMTAgLQ4b5_OLhbQg'

Example response

HTTP/1.1 200 OK

Custom Roles

Find Custom Roles

GET /custom-roles

Returns a set of {@link CustomRole}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the custom-role resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

identityId

Object

true

Filters results to those granted to one of the specified identity ids.

resourceActionId

Object

true

Filters results to those that grant one of the specified {@link ResourceAction}s.

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].name

String

false

The human friendly name of this {@link CustomRole}.

Size must be between 1 and 256 inclusive.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link CustomRole} was created.

[].updatedAt

String

false

The date-time at which this {@link CustomRole} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link CustomRole} was deleted. This will be null for an {@link CustomRole} that has not been deleted. If this property is not null, then the {@link CustomRole} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[].type

String

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-roles' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJyMTA4TXhuWThBU3ZMeUVienFvSWN3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjRiOTQ2NDUwLTYwOGQtNDM0OC1iNzJhLTEwNGMxOGI2ZTcwNCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiMDBiMTczMGUtMDg3My00YzQxLWE1NTAtZWQ1MTk1ZDJjNGJiXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.DIkC6pxgK3mW8vTUsWeCzts22SEsog9yR6exl2L7HWrlxK1yWkY_lTV8IoMiL3wGbgmKlFwp7Gd8mCVYPdX41KMVXGE8pmllp4IoYH9E9ByM6kTJw-19eu8GyfwgvqItYf-EfFsjE0VplMFUWofalH0FhQTReigdUciJM65NcE--4oL8aD8n66bq1Pz5_v9BZlW8WaFmT7U1dqMFJsq4m4dJpCg4DgrOs0OCJyKpttASrQSXOUM_FJnZMjWEKPwlSKMvs0md0dH8PNEs2OZObW83C8z3KrvADKQYIdDu0uGaqiRXGeyvjngkJ2zZWadD1ziiMyaUWbGBfF0NNolcGg'

Example response

HTTP/1.1 200 OK
Content-Length: 1145
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "ba2e4576-5a4b-48d9-9b22-e07946b37c21",
  "name" : "Test Custom Role 66",
  "createdBy" : "874d45c9-2457-4c18-8922-1cba39fb4d09",
  "createdAt" : "2020-11-24T15:51:18.938111Z",
  "updatedAt" : "2020-11-24T15:51:18.938111Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.customrole.CustomRole",
  "_title" : "Test Custom Role 66"
}, {
  "id" : "0f42cd99-33ea-4bb3-937b-f1a4eddff19d",
  "name" : "Test Custom Role 59",
  "createdBy" : "e865a718-2f1e-4150-8c7f-06417ed60cc2",
  "createdAt" : "2020-11-24T15:51:18.731932Z",
  "updatedAt" : "2020-11-24T15:51:18.731932Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.customrole.CustomRole",
  "_title" : "Test Custom Role 59"
}, {
  "id" : "ee4d0944-ef0d-4e14-9ca5-19cf10cdaefa",
  "name" : "Test Custom Role 57",
  "createdBy" : "88c1a808-c3ec-458d-abdb-6b773b8b0db5",
  "createdAt" : "2020-11-24T15:51:18.671338Z",
  "updatedAt" : "2020-11-24T15:51:18.671338Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.customrole.CustomRole",
  "_title" : "Test Custom Role 57"
} ]

Get Custom Role

GET /custom-roles/{id}

Authorization

This endpoint requires read action on the custom-role resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

The human friendly name of this {@link CustomRole}.

Size must be between 1 and 256 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link CustomRole} was created.

updatedAt

String

false

The date-time at which this {@link CustomRole} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link CustomRole} was deleted. This will be null for an {@link CustomRole} that has not been deleted. If this property is not null, then the {@link CustomRole} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-roles/ba2e4576-5a4b-48d9-9b22-e07946b37c21' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJlTHExRnJteTR4UlVyZms0amI2WHVnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjNkNGY4MDNhLWY4M2MtNDBhZS1hZmViLTM0MjFlMjI4NGQxMyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiOTU2YjFhYjUtNDE4YS00YjkzLWFhZDEtNWJjZWQ0MWE3NDU0XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.ZRqpzBFmChE63ICUtmY2gBS6Ui4zRy6338dzqUsRcepa-LKxRiEIfOLZaLGOePyOTG2zW60DRmn5AqTw09AkP7_RRIlGRp_lA3Dcdjh_VYKc5BYjURar93zD9ZFIVImmDW5YrIJ0djtKLmSQRVfBRGFh9jL3-6t3wfrrhhpMqkkzw8w35fuWFeweHakTOSadipRzk1cn10rZmHmVUCtCltNMudRyIaJLbh_6xIdt_jgy6MwCHmafqNOGtxlDDCkLbQqjRikVjdvUcn_hL5WD6gDjFirAWwszlPylMYDnh3T-dxC0yK7htOQ6m8IpssIqynDQF0tTpyTFMpfXIdRymA'

Example response

HTTP/1.1 200 OK
Content-Length: 379
Content-Type: application/json;charset=UTF-8

{
  "id" : "ba2e4576-5a4b-48d9-9b22-e07946b37c21",
  "name" : "Test Custom Role 66",
  "createdBy" : "874d45c9-2457-4c18-8922-1cba39fb4d09",
  "createdAt" : "2020-11-24T15:51:18.938111Z",
  "updatedAt" : "2020-11-24T15:51:18.938111Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.customrole.CustomRole",
  "_title" : "Test Custom Role 66"
}

Create Custom Role

POST /custom-roles

Authorization

This endpoint requires create action on the custom-role resource type.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

false

Size must be between 1 and 256 inclusive.

Response fields

Path Type Optional Description

id

String

false

name

String

false

The human friendly name of this {@link CustomRole}.

Size must be between 1 and 256 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link CustomRole} was created.

updatedAt

String

false

The date-time at which this {@link CustomRole} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link CustomRole} was deleted. This will be null for an {@link CustomRole} that has not been deleted. If this property is not null, then the {@link CustomRole} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-roles' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJfa29NVWJoeGNFZTJRaXh0Y05maG1RIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6Ijc2NjliM2IwLWFiNmUtNGZiNC1hNjBiLTFhZGU1ZjYxYzk4ZiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYjY3MTAyZjktODQyNC00NDBiLWEzMzEtNzFkN2FiMjU3YjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.RQPGbLCxsDr1D_K0k8tZ4vTNoOF0zt5PZMx0xA8D0titfvJc_T5PIKA4rhff8XppqqwCv1h8qzd7HcN03g0GtzdvY0O486WpBGOARRh_YM-8Uu8Ah1st7sFR7DVQ-x_uLflhSHmKAuduo3y6AQWk_sdTn57IRaG9o0Y49RQ_pvA8JxawJEP-5GD5u4dqqKPljzyjdPwJoLj3yquhSo7fHOUP5v0jnqYGU8RZi0_pnf2b-i7al_H9gQzHPE_OphsBX7IhnvBy6hEpr5NUjHQoFxXCmu54ipKI6BDd8FcUsdGo-ibFUVO0Pp0aWcikem8tcwf1dhBlgCcqyG9B5SkvpA' \
    -H 'Content-Type: application/json' \
    -d '{"name":"Test Custom Role Create"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 387

{
  "id" : "2b60dc7c-8202-49e1-92d2-c1738ad33475",
  "name" : "Test Custom Role Create",
  "createdBy" : "7669b3b0-ab6e-4fb4-a60b-1ade5f61c98f",
  "createdAt" : "2020-11-24T15:51:19.033114Z",
  "updatedAt" : "2020-11-24T15:51:19.033114Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "type" : "io.netfoundry.auth.domainv2.customrole.CustomRole",
  "_title" : "Test Custom Role Create"
}

Delete Custom Role

DELETE /custom-roles/{id}

Authorization

This endpoint requires delete action on the custom-role resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-roles/7066eab0-0acd-433c-844c-17bca47ffd5b' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtX200SDBrbGFrQ0g5aURJcmVKalZ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjFmMzRjMDcxLTQ0YTctNGE1NC04ODdiLTc1MGViMDg0MDRhNSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNmU2NmViNzktYzhiMS00MDU4LTljMzItZjcxZDVhNDAzMjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Jj9tZrLl8ST_9NK6AbqJKkskZoxWgzDK9POenavCcMXjNxAnLP8mIqCWtCwkuDmz5REaBTuekjvExJzqcyNcd7-oxbf-hKHfpAr08BZucycD52uJrxD_M0jEbdTdJunovXd3ZTKvJ8KIgM0FeTV_Ih5plB35J49QWEuQlPrNSpGEcY9wRW5MwK3VXJoIdx1eIyFEBYq2Xr6WbyL8Dkfh-TTXxMkPgrfQ1_y401AwyVvIVPiKUwdDQwVw4DxXXzoqt0D2s5JfvozptsaHyrerpkFHEjCtXkCk_7e4bVP5PThkVLVl834_SnWLC0IG1ZbTLCVkTJ2f45jzXhnc6e31pQ'

Example response

HTTP/1.1 200 OK

Grant Custom Role (deprecated)

POST /custom-roles/{id}/identity-grants/{identityId}

Deprecated.

Deprecated. Use {@link CustomRoleGrantController#createCustomRoleGrant} to grant an identity a standard role.

Authorization

This endpoint requires the following actions:

  • read action on the custom-role resource type

  • create action on the custom-role-grant resource type

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have create action under the annotated resource.
Client must have read action on the annotated resource.

identityId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-roles/5fc6f178-a239-4c84-969f-140001e35216/identity-grants/6bcc6e10-7f23-4564-afae-cba43c74aab5' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJucmgtN0c3YUx1cnVXdkxLNzdLenZnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjdlNzgyMjVkLTU4ZDEtNDUwZS1hOTEyLWI2ZGI1YmU4MDNmZSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZDQ4YTQ0NjktMDNkNS00ZTJiLWFkMzMtZTA2ZmM4MzQ5ODM3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fSx7XCJpZFwiOlwiNDdkMDI0YjctZjUwZi00ZTdkLWFlMTktZDc4NzM2MzYwYmE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.LIezcmLkoy2hdCE6q4_zMWTcgxiMQz_k-MrqMvMxQcIsRHh9POQKrHoubimFhbJbqm7-VvIP9C8bEI4SojTogmi16TBAs6UekZE_S4HhAw90Y13hoSYCRWtc-1btq-yOJPFH8n0Itdqux4h47ZZjk2FtW87YUf1MFu6z2MGiZSPpDmpF6NNr8wO_LIaoD9DqjhtLP4RCRDZqnd79Qen_rq1zkXqJBfmUOU1xNyWgcsQtNyMWBXoxhW7uA5dfRX76fLXwvAtYn01ZZtU7a7dkFFYFddCAZc0XlS5Viq-U1TYystefe7w0IMi62lwk6q69DZI0UcKVrw00qp1sBENICw'

Example response

HTTP/1.1 200 OK

Revoke Custom Role (deprecated)

DELETE /custom-roles/{id}/identity-grants/{identityId}

Deprecated.

Deprecated. Use {@link CustomRoleGrantController#createCustomRoleGrant} to grant an identity a standard role.

Authorization

This endpoint requires the following actions:

  • read action on the custom-role resource type

  • delete action on the custom-role-grant resource type

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

identityId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-roles/587e305a-36bc-450b-8c44-2fbfbd7a84cc/identity-grants/ae8cb1e5-534b-4012-a4b0-10047d74d8f3' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJOZXZwX3JCUTZBQzBUUGRFaUJnX1FnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImJiY2YzNDA4LWI5MWItNDRkNS1hMmJiLTNjMDViODM1YjY1YyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OSwiZXhwIjoxNjA2MjM2Njc5LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiY2JiM2NjNWYtZmY0Zi00YTk1LWIyOWEtMzM0NWZiOWRiZWFjXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fSx7XCJpZFwiOlwiMmI5MGRkNzAtN2E2My00ZWFiLWIzYTktNmQwODAzYzAzMmQ2XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc5fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.UfZRYacMo-4kOSaintAoGlO7_ovrLrnkcWjhZY7nnpF1fABnm3hwYKHFqVPDNwpRedggvjNUAihKdKHwgfhDTC2y43LDs0a5tL_j-sIiBTsy0ISpHxJyR_A-U5mITdbZo0_1H47VBeGRbrbbUHiQSWEfUbgFC2zZOgZI9ILHzo_FeOsVujhntPKbetdVgrjeOz2CacJmIPSLGEtNnyo245PNMUNMHzh7rfEEynO6Y-69iDMkicSHTIdQ-dDDZzxyd_I4oyRIG240f6AxFos45gQBhac1xWOWOC1bOaxilyjdJ2BhVEPzBJLjRZdxySnVFcGnvIjTWXin1KQtEzvH9A'

Example response

HTTP/1.1 200 OK

Custom Role Actions

Find Custom Role Actions

GET /custom-role-actions

Returns a set of {@link CustomRoleAction}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the custom-role-action resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

customRoleId

Object

true

Filters results to those from one of the specified {@link CustomRole}s.

resourceActionId

Object

true

Filters results to those that grant one of the specified {@link ResourceAction}s.

path

Object

true

Filters results to those that target any resource along the specified path.
For example, if the path is to Network X which is under Network Group Y, this would restrict the results to {@link CustomRoleAction}s that grant an action on any resource under Network X, an action on Network X itself, or an action on Network Group Y. Combine this query parameter with resourceActionIds to limit the results to the types of actions along the path that are of interest.
The path value must start with a domain code followed by a colon. It may then have a comma delimited sequence of colon separated resource type code and resource id pairs. The path structure must match that of the server defined resource tree for the specified resources in the specified domain.

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].customRoleId

String

false

The {@link CustomRole} that this {@link CustomRoleAction} belongs to. This {@link CustomRoleAction} should be granted to any identity that is granted this linked {@link CustomRole}.

[].resourceActionId

String

false

The {@link ResourceAction} that this {@link CustomRoleAction} confers to the identities that hold the linked {@link CustomRole}.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link CustomRoleAction} was created.

[].updatedAt

String

false

The date-time at which this {@link CustomRoleAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link CustomRoleAction} was deleted. This will be null for an {@link CustomRoleAction} that has not been deleted. If this property is not null, then the {@link CustomRoleAction} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[].path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link CustomRoleAction} targets. For example, if this {@link CustomRoleAction} is "Update Widget Service" then this property defines the (id) path of/to the "Widget Service" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to the {@link ResourceAction#getResourceTypeId()}. Both must target the same {@link ResourceType}.

[].path[].resourceId

String

false

[].path[].resourceTypeId

String

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-role-actions' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJIcldYYXI4MERxQU1pUnNHSzZxUjB3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjUxYjhkNWYzLTg4NDctNDJkOS04ZmZkLTk5NjgwYTdkZDYzYiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYTU4ZTZiN2UtYWY5OS00ZTAzLTlmZDgtOGI5MzJkYWYyMzNiXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.aPltpbdP3LOB7Ck3d92K1xAh6DAjdqHJvcSl7UWiFDe-Gqsm8zlAgLnYsFPcevao7nt2DGsd-FiZaFepSc8tZWYvpLhgesqXBVT-Lf6odouUY9ogCwhNvgdI5I28Jr-EJCpetxaiszHG-Bb58236QrGiJVRSeauvIcgNR388BTuTygphHjLM0Ml6TKVQa2hgQbgghVAw_tDFZtXneVk0GUwyhKGXhBV8TVsfgeB91JLDYMQ-fTcqzok4ge5k2eVnNqKwFjNV4Asf5WHhFgoEhNRPR_LByG9KbvkU79bM_ASNrDJ3yn97VanKdpDfpUM4xe570x7oizSU6GYCp8zxFg'

Example response

HTTP/1.1 200 OK
Content-Length: 1283
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "5d63a1bc-1bfd-4f89-ba5e-acb3278c945e",
  "customRoleId" : "74a9a6c3-106c-40bc-acab-780c837ad8d0",
  "resourceActionId" : "ad216f99-40ec-4075-bb19-b43f8682da98",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.734681Z",
  "updatedAt" : "2020-11-24T15:51:13.734681Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ ],
  "_title" : "Read Organization, All"
}, {
  "id" : "6b0737a0-9b96-4dfe-86fc-5a0c3e0eddfd",
  "customRoleId" : "74a9a6c3-106c-40bc-acab-780c837ad8d0",
  "resourceActionId" : "b78af76b-3c93-4055-b308-ee31121ce8f6",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.734681Z",
  "updatedAt" : "2020-11-24T15:51:13.734681Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ ],
  "_title" : "Read Azure Subscription, All"
}, {
  "id" : "2ef49110-eefe-488d-b070-0e58a649fabd",
  "customRoleId" : "74a9a6c3-106c-40bc-acab-780c837ad8d0",
  "resourceActionId" : "d9926d63-db27-4ee9-b192-47b1b474f9b2",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.734681Z",
  "updatedAt" : "2020-11-24T15:51:13.734681Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ ],
  "_title" : "Read Resource Action, All"
} ]

Get Custom Role Action

GET /custom-role-actions/{id}

Authorization

This endpoint requires read action on the custom-role-action resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

customRoleId

String

false

The {@link CustomRole} that this {@link CustomRoleAction} belongs to. This {@link CustomRoleAction} should be granted to any identity that is granted this linked {@link CustomRole}.

resourceActionId

String

false

The {@link ResourceAction} that this {@link CustomRoleAction} confers to the identities that hold the linked {@link CustomRole}.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link CustomRoleAction} was created.

updatedAt

String

false

The date-time at which this {@link CustomRoleAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link CustomRoleAction} was deleted. This will be null for an {@link CustomRoleAction} that has not been deleted. If this property is not null, then the {@link CustomRoleAction} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link CustomRoleAction} targets. For example, if this {@link CustomRoleAction} is "Update Widget Service" then this property defines the (id) path of/to the "Widget Service" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to the {@link ResourceAction#getResourceTypeId()}. Both must target the same {@link ResourceType}.

path[].resourceId

String

false

path[].resourceTypeId

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-role-actions/71c38d10-e483-4172-90aa-45da6a0b0e90' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQZ0hOdWtJWVFpTWlpSFA1RTBVeFZRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjRhNjhkZGZjLTQ3YjgtNGYxMy1iOTNjLWYwNmJlOGExOGI2ZCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNDg3ZjZjZjMtNTRkYi00ZjFjLWI4NzQtYjgzYTg4ZDVkMTRmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.M1wooeRoEb2dRPDpQ6cRnKufKTvMjqj_08zS2vX0ZL-gmghPCt-aBYFT3yYMid-pAVHIee0ygK1i9JfofSglqF_pSsX_HlgatSXLU_Pt48AFFDVaVFr04Fb-aK9DZO0hefOJL6sEKBEEm9hzMu_CmMcvC5K5z0Z2sfcKvEu5nMKPllMIfSAvzbJUS2RZJL6kJOpc4FcWU7M6yqvL7Qa6rN7qdhJzGXT2hIievc1AqGlydchOYf0jd7B0aUPvwxGnBX8gE3yE8sMt3MZtdOSQ7hXrUflsvXmj4f-lyz67AmDo7WnQlnlnvoJL5uHsel6nucRm_8hKiDH8B1YaPgWuFg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 613

{
  "id" : "71c38d10-e483-4172-90aa-45da6a0b0e90",
  "customRoleId" : "5facc1bf-ee3f-4544-9bad-ccae2360625d",
  "resourceActionId" : "7def66ae-0e5f-4bec-a2f1-6a1f349a1fc8",
  "createdBy" : "5b253073-ee3e-47b5-b75e-e1cefb00defb",
  "createdAt" : "2020-11-24T15:51:17.793422Z",
  "updatedAt" : "2020-11-24T15:51:17.793422Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "c5abcaa8-9fcf-47a6-8839-6dbf1d422500",
    "resourceTypeId" : "dbb07c78-d549-4dfd-acf1-44af6305ee5e"
  } ],
  "_title" : "Test Action 29 Test Type 28 on/under Test Type 28 c5abcaa8-9fcf-47a6-8839-6dbf1d422500"
}

Create Custom Role Action

POST /custom-role-actions

Authorization

This endpoint requires the following actions:

  • create action on the custom-role-action resource type

  • read action on the custom-role resource type

  • read action on the resource-action resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

customRoleId

String

false

Client must have create action under the annotated resource.
Client must have read action on the annotated resource.

resourceActionId

String

false

Client must have read action on the annotated resource.

path

Array[Object]

false

path[].resourceId

String

false

path[].resourceTypeId

String

true

Response fields

Path Type Optional Description

id

String

false

customRoleId

String

false

The {@link CustomRole} that this {@link CustomRoleAction} belongs to. This {@link CustomRoleAction} should be granted to any identity that is granted this linked {@link CustomRole}.

resourceActionId

String

false

The {@link ResourceAction} that this {@link CustomRoleAction} confers to the identities that hold the linked {@link CustomRole}.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link CustomRoleAction} was created.

updatedAt

String

false

The date-time at which this {@link CustomRoleAction} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link CustomRoleAction} was deleted. This will be null for an {@link CustomRoleAction} that has not been deleted. If this property is not null, then the {@link CustomRoleAction} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link CustomRoleAction} targets. For example, if this {@link CustomRoleAction} is "Update Widget Service" then this property defines the (id) path of/to the "Widget Service" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to the {@link ResourceAction#getResourceTypeId()}. Both must target the same {@link ResourceType}.

path[].resourceId

String

false

path[].resourceTypeId

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-role-actions' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJJUDgwLXVpTjR0TTg1TEJ1NXdPeFJnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImY0OTgxZjkzLTJiZGEtNGJhMC04NGY0LTE0ZWU4YTYwNmU0OCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYjNmMmJiYjYtODRmYy00OWY1LTkwNGEtMjFlNzhjMGY4OTViXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fSx7XCJpZFwiOlwiN2U1NWIwMGYtYmVhYy00NTc5LTgxMWYtNzc2M2Y4MDY5ZDNmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fSx7XCJpZFwiOlwiMDkxMjgxODEtZWFhZC00Y2UxLTk3ODUtZjBlYzg3N2E1YWRiXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.ACx7VUIbgjAl1zPihGVlFMf8MQKlqGEjlxCTCeu5ob9V0ujlNlugskt7LLeDwtFWqI66sS4ozMdyMwCIV9t7AVS6bTy0R7ZV0KeNWLQBefyGYZ-Sgof31BzvV24sd6cba1g0rWF47_039oxyt3KuRoaluetXGQEkQFmjMF2Cfd3WcBtMVaPBwqDwqcT42e9o9rzu-6hyGzBy9MYAv2JhUSHNpMu8s6jrIm_cQHVZbux-Je0fTMFZkXMjZ0mUfQWEMnWr-aJ1LIBB5VsEy5rlt82eeLKdldPh_L1xI1iIuuuqCUgWmbvtNZYFPugPpE3FHLMCKOHQnMSJWhc6acCwJA' \
    -H 'Content-Type: application/json' \
    -d '{"customRoleId":"c0318b29-da2d-49f1-bed0-029953480bfe","resourceActionId":"830173d3-74dc-4f83-9feb-4879f8ba6df7","path":[{"resourceId":"a473a5bd-a969-4b91-ba63-84469e6cafdd","resourceTypeId":"c61d3c25-bcaa-4aee-9f07-1d8b371a534a"}]}'

Example response

HTTP/1.1 200 OK
Content-Length: 604
Content-Type: application/json;charset=UTF-8

{
  "id" : "fab864a9-ac28-4832-8fa3-35f50657c3a7",
  "customRoleId" : "c0318b29-da2d-49f1-bed0-029953480bfe",
  "resourceActionId" : "830173d3-74dc-4f83-9feb-4879f8ba6df7",
  "createdBy" : "f4981f93-2bda-4ba0-84f4-14ee8a606e48",
  "createdAt" : "2020-11-24T15:51:17.756444Z",
  "updatedAt" : "2020-11-24T15:51:17.756444Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "a473a5bd-a969-4b91-ba63-84469e6cafdd",
    "resourceTypeId" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a"
  } ],
  "_title" : "Test Action Test Type on/under Test Type a473a5bd-a969-4b91-ba63-84469e6cafdd"
}

Delete Custom Role Action

DELETE /custom-role-actions/{id}

Authorization

This endpoint requires delete action on the custom-role-action resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-role-actions/6ff959dc-39d8-4074-8b25-b3a27066ec68' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJLQ3NBWk1QYXNQMTFPZGwwUWdYMV93IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImRiNWYzM2U5LWY1MmUtNGZmYy1iODY2LWYzNGQ1MmM4NTY3MSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZWJmMGZkYjAtNWZjMi00YjAzLWFhNGQtYTZiNWQzMGZmNzIxXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.JK8oGNYqgxUkqya1da9XYjTvt8lKQYLFERfL6W7yX0bbW6XjGtBgctrDL1dV2CT02E3uZMYCl8hqBcmiGyDI-RAnPPKuAPqUUEhTheJ7sk0VsIMttMZEySnWiixooUWkpnUaeKa-xZcxfalVBu06auBfepkfcjpzy2eXJdmoyBRZbk7Yq3boHD5JCk5AjzZSJ8lW8_EFcQ2qny1ha7PTsxY12oAuqOR9foAZf4-FX3gWclUYuvEU1p-MTxdPmp1a_RTcs3ns6IXlVzsuK-LTDNsPOEb4Jvc9KL9pyvepq1Djuab4XSJNOQ0BpALE8iXZwkX6vf_NxlMljfnCz6aGhg'

Example response

HTTP/1.1 200 OK

Custom Roles Grants

Find Custom Role Grants

GET /custom-role-grants

Returns a set of {@link CustomRoleGrant}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the custom-role-grant resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

customRoleId

Object

true

Filters results to grants to one of the specified {@link CustomRole}s.

customRoleIds

Object

true

Deprecated..

identityId

Object

true

Filters results to those granted to one of the specified identity ids.

identityIds

Object

true

Deprecated..

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].identityId

String

false

[].customRoleId

String

false

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link CustomRoleGrant} was created.

[].updatedAt

String

false

The date-time at which this {@link CustomRoleGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link CustomRoleGrant} was deleted. This will be null for an {@link CustomRoleGrant} that has not been deleted. If this property is not null, then the {@link CustomRoleGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-role-grants' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJlOU9oLUd1OFVGbVJ3ZFlrX2FTMm1RIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjY5NTA1MTljLWMxMDAtNDI0YS1iNmRiLTFmYWI0MTQxZDlkZCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYmUyOWU4NjktYzI0ZS00MTVkLWJlODMtMWQ4ZmVjZjI3NDNmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.MonRaj6U-CD_HsagSH7g5_9FEx_RcuCoHu7xb_pkYBouSjkjz6qE6MW4en7aGrTQ601VGqsASI7R601BLRjuFbPPqSLPPGDMCqtSI8Z6fSAQaquc7l7O57IVStrBqx_q_T3lTvOm1bIeklQQstV8D2IKDjwlUc5_-ur5AZYqAH_MtEASKQyDrMdH1l3EUBY_l9vuyvYXbIg4UFU06_VqZH6rG90VEnXSeGq6aXoqx0MowAJWzNTqhnyyUDK2OjwIJKerbXWfnGbHiPTaMuKc-aCbEwjL3dnuTVIoycoA5JVOsl0BhqWFl6slqVwt9rHhUkAO2K7GzqkScKibfCib5g'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 1415

[ {
  "id" : "3336e371-1a15-4896-997a-1a3bd78caa26",
  "identityId" : "b7349e4d-ffc7-474a-ab16-2c90a8f0c01d",
  "customRoleId" : "233ae92e-4b5d-4cab-9549-5d55fd1cbf6c",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.637073Z",
  "updatedAt" : "2020-11-24T15:51:13.637073Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Read-Only, ALL Auth Domain Resources to identity b7349e4d-ffc7-474a-ab16-2c90a8f0c01d"
}, {
  "id" : "ac0b53b3-f45d-48da-a532-123f6af79717",
  "identityId" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "customRoleId" : "233ae92e-4b5d-4cab-9549-5d55fd1cbf6c",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.636892Z",
  "updatedAt" : "2020-11-24T15:51:13.636892Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Read-Only, ALL Auth Domain Resources to identity 2b6f496d-36f1-4e66-a205-8abcf1d41d74"
}, {
  "id" : "7896c5d1-ce23-4cae-8975-fcf781d0c3e5",
  "identityId" : "e5f14eba-5792-4a1a-bcf1-9fa176637dd5",
  "customRoleId" : "233ae92e-4b5d-4cab-9549-5d55fd1cbf6c",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.637141Z",
  "updatedAt" : "2020-11-24T15:51:13.637141Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Read-Only, ALL Auth Domain Resources to identity e5f14eba-5792-4a1a-bcf1-9fa176637dd5"
} ]

Get Custom Role Grant

GET /custom-role-grants/{id}

Authorization

This endpoint requires read action on the custom-role-grant resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

identityId

String

false

customRoleId

String

false

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link CustomRoleGrant} was created.

updatedAt

String

false

The date-time at which this {@link CustomRoleGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link CustomRoleGrant} was deleted. This will be null for an {@link CustomRoleGrant} that has not been deleted. If this property is not null, then the {@link CustomRoleGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-role-grants/21803307-68ca-47ba-8cd9-26eb32514e4d' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJSUFBpcHhRZVpGcnJMMFEzdTZWUF9RIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImY2MDMwOWU3LWFhNGUtNDRkYi1hOTU1LTVkOTQzMDUwZmFkYSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiM2M0ODczZWUtMTg0My00YTllLTg0ODUtZTBlOTQ1ZDBhZjcwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.hWGix_d8C_uY1hbE6kqYeiQ4Ks35eRSDbaEkJMXXpoyToRWQo-gexJBZ0a_luTDq-zmHj6AZY9T6OlTe_6RpBniojUzf5Eqfr0KTh31qibFF_TXDDsK1GCvK48Bj1j3efpa5AawdRpHXTsjAIUtOpJjoMzaVBcc2j3ijLerrRIOCNQCMvVlxZlGjtXkkl0iAgIL6XbYsrjg-Kd1aIjw9yKzxFc2mT2mDcr3AWGMQ3oYgWXXzgA189HH5DEtunaRVF4Ss84cc7LXxyj37LsyrEC8ctQk5epXLigUwX8lPWq-z9UqFybno9iRYfTfP40CbWcHEhwJQI15TopqcdpWMrA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 452

{
  "id" : "21803307-68ca-47ba-8cd9-26eb32514e4d",
  "identityId" : "fb66c28d-31a6-49cb-86e0-7664ff141812",
  "customRoleId" : "ee4d0944-ef0d-4e14-9ca5-19cf10cdaefa",
  "createdBy" : "1f61d30d-e5c4-465d-81d0-1aecf40b7e2f",
  "createdAt" : "2020-11-24T15:51:18.672624Z",
  "updatedAt" : "2020-11-24T15:51:18.672624Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Test Custom Role 57 to identity fb66c28d-31a6-49cb-86e0-7664ff141812"
}

Create Custom Role Grant

POST /custom-role-grants

Authorization

This endpoint requires the following actions:

  • create action on the custom-role-grant resource type

  • read action on the custom-role resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

customRoleId

String

false

Client must have create action under the annotated resource.
Client must have read action on the annotated resource.

identityId

String

false

Response fields

Path Type Optional Description

id

String

false

identityId

String

false

customRoleId

String

false

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link CustomRoleGrant} was created.

updatedAt

String

false

The date-time at which this {@link CustomRoleGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link CustomRoleGrant} was deleted. This will be null for an {@link CustomRoleGrant} that has not been deleted. If this property is not null, then the {@link CustomRoleGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-role-grants' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxdmN2clJBaHBIcS02MHVLT2FUTk9BIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjU1MjZhNDY4LWY0MjAtNGY2Mi04ZDQzLTY5OTBiY2NlZjgxYiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNjA0ZTlmNjUtNGI0NS00MzBjLTk1NzItYWQyN2QxYjY1YzI1XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fSx7XCJpZFwiOlwiZTMwZmQ2Y2ItN2JiOS00NmFkLThjZWMtOThlM2JhODMxYjViXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.TUmeNAbHlq1-KimD-P5spOR6ph28kZNxJlXUCcl5P5-_KyPE3afRTCl7rIca8UUCWbWwgxzLGTYcDx-9eeBwLU5Gi9lFP7bEp4wCZOyUJdUQjZdKjVJOv8eF1ek6LYeOdRMs_auaVY0LQm96cwaaeL4eYImXLY901k565iYDT3cIGdK6di7NhlkwJ5ZS4FeZ3a0PC2KXlQupLSaOVppU46w5E8wLpyQtuVyO-Ec-Q9-8pPKYGYJXmF87pANJVPjgcRHxabusVaKfr0Tim8-mJZGxEWCCz1avAv9ayM04ta4sllkPEK_rfQWw44VT0bRjAIyYsxt1vaDQ949bgICvHA' \
    -H 'Content-Type: application/json' \
    -d '{"customRoleId":"0f42cd99-33ea-4bb3-937b-f1a4eddff19d","identityId":"16e78c9f-9bc4-4cfb-8c30-f6a9d3e14f53"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 452

{
  "id" : "bfae49c6-dc94-44b0-92e9-def83bb01de5",
  "identityId" : "16e78c9f-9bc4-4cfb-8c30-f6a9d3e14f53",
  "customRoleId" : "0f42cd99-33ea-4bb3-937b-f1a4eddff19d",
  "createdBy" : "5526a468-f420-4f62-8d43-6990bccef81b",
  "createdAt" : "2020-11-24T15:51:18.741745Z",
  "updatedAt" : "2020-11-24T15:51:18.741745Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Test Custom Role 59 to identity 16e78c9f-9bc4-4cfb-8c30-f6a9d3e14f53"
}

Delete Custom Role Grant

DELETE /custom-role-grants/{id}

Authorization

This endpoint requires delete action on the custom-role-grant resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/custom-role-grants/1263a60b-6b7c-4482-b5f2-009b46aee64b' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiItb1Qza0o5RHp4RGZ5dEZzYmpueDNnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjkyZjdiMzVhLTA0N2ItNGEzNy04YTE2LWJkMDY1NWM4MTBiOCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiMmQ1ZGZjYTYtMTdjNi00Yzg2LTgzMjAtMzJhMjBmYjc3ZTAzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.TmublBZUnTgRiBMS9WtTww5q8ryafnURD9aowLuXRCrbb3rX7Lch90g2LtQlik2Gs3ML12cefrvEW5zPOuIyV-QkHa8ZeZtL61bIKTS7pVgx50jQ88L-aQefOVMYdxGP9xwMdYJ4O_BJAl1RlKTrC7YNUl53iY_WGdvHFXrz9bdXOnw9b0z7fdC8b7-5Ct-EWGfJGRJXGItvraaVH1sd8yUlnHif3KP06UXPtNYlDsYvKwg_qOe0eh4QfJTmJa4WG9qSqp77Qp34SkYs6KxBIn8W66Yabf3BKH3ZqntVa2XwuHW49GflGDvai9gq80ThcpR0v97_SS09QbmnHcl73w'

Example response

HTTP/1.1 200 OK

Standard Roles

Find Standard Roles

GET /standard-roles

Returns a set of {@link StandardRole}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the standard-role resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

standardRoleTypeId

Object

true

Filters results to those that are of one of the specified {@link StandardRoleType}s.

identityId

Object

true

Filters results to those which have been granted to one of the specified identities.

resourceId

Object

true

Filters results to those that specifically target one of the specified resources.
For example, if Network id X is passed, this would restrict the results to instances of a Network X Standard Role, such as Network Admin of Network X, Network Read-Only of Network X, etc. This would exclude Network Group Standard Roles, even if the Network Group contains Network X.

path

Object

true

Filters results to those that target any resource along the specified path.
For example, if the path is to Network X which is under Network Group Y, this would restrict the results to {@link CustomRoleAction}s that grant an action on any resource under Network X, an action on Network X itself, or an action on Network Group Y. Combine this query parameter with resourceActionIds to limit the results to the types of actions along the path that are of interest.
The path value must start with a domain code followed by a colon. It may then have a comma delimited sequence of colon separated resource type code and resource id pairs. The path structure must match that of the server defined resource tree for the specified resources in the specified domain.

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].standardRoleTypeId

String

false

The 'type' of this {@link StandardRole}.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link StandardRole} was created.

[].updatedAt

String

false

The date-time at which this {@link StandardRole} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link StandardRole} was deleted. This will be null for an {@link StandardRole} that has not been deleted. If this property is not null, then the {@link StandardRole} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[].path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link StandardRole} targets. For example, if this {@link StandardRole} is "ACME Corporation Account Manager" then this property defines the (id) path of/to the "ACME Corporation" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to this {@link StandardRole#standardRoleType}'s resource type. Both must target the same {@link ResourceType}.

[].path[].resourceId

String

false

[].path[].resourceTypeId

String

true

[].type

String

true

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-roles' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJaX1BLa1JxYWZ5aDFKaVNHNXQzOUl3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjZlOTlkOWM4LTk1OWItNDFlYS05OGYxLWNhNzg4N2I5NDhjMiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiMmU3ZTRhYTEtZDIxNC00MzNjLWE1ZDEtOWIyNjJiYmZhZDkxXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.ZY8I9h9uVnkU4MfNqM0610UR3FUnuIDZCgUYYTGpFqJmF5xOwW4DIDrFfIFiLFmDM2Tcze4Dsr_4bG8Iq5d5kosYZzzSkuT3xc3Lus5zgV2HzenBh1DaLU8d9xAHpEFHAMvYAi5wuYiZUYZTNtxcorh-14L2Z7TLG_imnwoi0ZptRBHjjCfB_NJCWNwiBcr4tH1-ovkMM-fLzr6GnPHCx8S8hVv2ZXL4kXmR7o4AR6eNggdj18NbMKcy1EeKUgmzruijXcpwH_v7Hgj1exmEApCqokla7vE8flvP-WLPvnsp8RusrVQYDZc1KMcOkvov_XoPtPFCiNFPyLc9kywVxg'

Example response

HTTP/1.1 200 OK
Content-Length: 1793
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "88d8fe8d-a666-4c8e-8b8a-5432ee0dbe68",
  "standardRoleTypeId" : "b0e8f68f-9fdc-4df1-8418-031260bc3ff0",
  "createdBy" : "d4b534c5-c688-4591-82be-7544d95b5d67",
  "createdAt" : "2020-11-24T15:51:16.879133Z",
  "updatedAt" : "2020-11-24T15:51:16.879133Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "212c5a47-02be-4a8e-a9e6-8af17975df04",
    "resourceTypeId" : "dede70ef-ee12-44a3-89eb-e73e102b7ed3"
  } ],
  "type" : "io.netfoundry.auth.domainv2.standardrole.StandardRole",
  "_title" : "Test Type 15 Admin - 212c5a47-02be-4a8e-a9e6-8af17975df04"
}, {
  "id" : "3fe4e9e3-560c-4f57-98a7-8ccd13638281",
  "standardRoleTypeId" : "aa6d27af-7e68-44fd-bc25-c6889de573b9",
  "createdBy" : "776934ec-80a6-4173-9dfc-b2598e01de33",
  "createdAt" : "2020-11-24T15:51:17.050804Z",
  "updatedAt" : "2020-11-24T15:51:17.050804Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "cafc8067-a44d-4552-9141-60575515a27b",
    "resourceTypeId" : "2e7788fb-a1c7-4420-a2e4-1b67a962b3e9"
  } ],
  "type" : "io.netfoundry.auth.domainv2.standardrole.StandardRole",
  "_title" : "Test Type 19 Admin - cafc8067-a44d-4552-9141-60575515a27b"
}, {
  "id" : "1dbd6f66-7a73-4d7c-b217-c10323f185ff",
  "standardRoleTypeId" : "cc5bdd2c-8f10-41ee-bcfb-8de13a7a2fa0",
  "createdBy" : "1cdbbd2e-ce25-4ce3-a7bb-50ac1acec04e",
  "createdAt" : "2020-11-24T15:51:16.960911Z",
  "updatedAt" : "2020-11-24T15:51:16.960911Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "d38be0e5-2db3-4261-abfe-d52661b61ac0",
    "resourceTypeId" : "d9be9820-8fbe-49ab-88e9-63fef8850842"
  } ],
  "type" : "io.netfoundry.auth.domainv2.standardrole.StandardRole",
  "_title" : "Test Type 17 Admin - d38be0e5-2db3-4261-abfe-d52661b61ac0"
} ]

Get Standard Role

GET /standard-roles/{id}

Authorization

This endpoint requires read action on the standard-role resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

standardRoleTypeId

String

false

The 'type' of this {@link StandardRole}.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link StandardRole} was created.

updatedAt

String

false

The date-time at which this {@link StandardRole} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link StandardRole} was deleted. This will be null for an {@link StandardRole} that has not been deleted. If this property is not null, then the {@link StandardRole} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link StandardRole} targets. For example, if this {@link StandardRole} is "ACME Corporation Account Manager" then this property defines the (id) path of/to the "ACME Corporation" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to this {@link StandardRole#standardRoleType}'s resource type. Both must target the same {@link ResourceType}.

path[].resourceId

String

false

path[].resourceTypeId

String

true

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-roles/1dbd6f66-7a73-4d7c-b217-c10323f185ff' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJsVWE2a21ld2NfMmxKXzRxcDdEMGZnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjZmMzM0ZTI2LWQzMWYtNGJiNS04MTFhLTJkMTI1ZGFmOGRmNSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNmVkNjU0ZTItNjFiZS00NmM1LThiZjItMjRiODQ3YTg1NDM1XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc2fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.dq7_FCy7bgdbpCqnzqbPiCSlhiE911ubpobVuivFYlTqa4_5WVw1K1PSskIjJU0YB_xV_x3QqsJvnlfsJr__SAnQYCqcg_kpK0Ady3uUK8rWeEWFHCOtQuMcXYXZIvNXZFimwATHL2AK-tWNJCxKB62Q7LizXEPioz88_IkcKZ3IQ7uqUSfhp6juqeA34YHyq5afetGIbaa3ktcy3GzIrVMjsympcsVlAqAIGbxGe1MTPWj77Bm0yRgNUmP2XgqiKrb0rnarrD_Yksp8Sj6VCNndvJFSQjmGn62hls6Cr1pCorIlyG26YdZTGGts_w0YxdheAX9vrDRi8YjszUKvBw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 595

{
  "id" : "1dbd6f66-7a73-4d7c-b217-c10323f185ff",
  "standardRoleTypeId" : "cc5bdd2c-8f10-41ee-bcfb-8de13a7a2fa0",
  "createdBy" : "1cdbbd2e-ce25-4ce3-a7bb-50ac1acec04e",
  "createdAt" : "2020-11-24T15:51:16.960911Z",
  "updatedAt" : "2020-11-24T15:51:16.960911Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "d38be0e5-2db3-4261-abfe-d52661b61ac0",
    "resourceTypeId" : "d9be9820-8fbe-49ab-88e9-63fef8850842"
  } ],
  "type" : "io.netfoundry.auth.domainv2.standardrole.StandardRole",
  "_title" : "Test Type 17 Admin - d38be0e5-2db3-4261-abfe-d52661b61ac0"
}

Create Standard Role

POST /standard-roles

Authorization

This endpoint requires the following actions:

  • create action on the standard-role resource type

  • read action on the standard-role-type resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

standardRoleTypeId

String

false

Client must have create action under the annotated resource.
Client must have read action on the annotated resource.

path

Array[Object]

false

path[].resourceId

String

false

path[].resourceTypeId

String

true

Response fields

Path Type Optional Description

id

String

false

standardRoleTypeId

String

false

The 'type' of this {@link StandardRole}.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link StandardRole} was created.

updatedAt

String

false

The date-time at which this {@link StandardRole} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link StandardRole} was deleted. This will be null for an {@link StandardRole} that has not been deleted. If this property is not null, then the {@link StandardRole} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

path

Array[Object]

false

The path (ordered pairs of resource type and id) from resource tree root to the target resource that this {@link StandardRole} targets. For example, if this {@link StandardRole} is "ACME Corporation Account Manager" then this property defines the (id) path of/to the "ACME Corporation" resource. The path, specifically the ordered list of resource types that it contains, is co-variant to this {@link StandardRole#standardRoleType}'s resource type. Both must target the same {@link ResourceType}.

path[].resourceId

String

false

path[].resourceTypeId

String

true

type

String

true

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-roles' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJmcGpDemdQWlpQZVlrYmFlaS1KaFZ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6Ijc3NjkzNGVjLTgwYTYtNDE3My05ZGZjLWIyNTk4ZTAxZGUzMyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYjBkODY1NjYtNTI1Ny00NTk4LWJjNTctZjNkZjNlNWEyNDRiXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fSx7XCJpZFwiOlwiN2YwMDdjMTUtNDUwMC00ZjNiLTg5ZjktYmQ5ZDAyNjQ3NzNlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.ZvM7Y8vCiWu75RidUlqMlXrfgTjjpvCNMtDHyawepB5pyk0S8f56p6eZptmzekVc_G-QK-PmdkWMK7O6Qf0uLPxwHYOUpVthxnRGjL_5GDkH_MN291ArmwCHWEIC-m6A-m182wtk6nmS2ypABtx-eOZ5ogRirhImKnqgCEfNGwFwft5wlBsFBnB_LvpuvSctHwOdodSa042Exlu4wf-IALVzMjm_Yf7tC91116gD-ES7bMsFQRyMRM_BINodrSofgz8MQviQ0WCOjUN19rOwm753Z77KUQVPvHOBMv0SaFuh1Df_vbyumHotYdiY_veKlsT6-BmBOtXuXkiRp0fO0Q' \
    -d '{"standardRoleTypeId":"aa6d27af-7e68-44fd-bc25-c6889de573b9","path":[{"resourceId":"cafc8067-a44d-4552-9141-60575515a27b","resourceTypeId":"2e7788fb-a1c7-4420-a2e4-1b67a962b3e9"}]}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 595

{
  "id" : "3fe4e9e3-560c-4f57-98a7-8ccd13638281",
  "standardRoleTypeId" : "aa6d27af-7e68-44fd-bc25-c6889de573b9",
  "createdBy" : "776934ec-80a6-4173-9dfc-b2598e01de33",
  "createdAt" : "2020-11-24T15:51:17.050804Z",
  "updatedAt" : "2020-11-24T15:51:17.050804Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "path" : [ {
    "resourceId" : "cafc8067-a44d-4552-9141-60575515a27b",
    "resourceTypeId" : "2e7788fb-a1c7-4420-a2e4-1b67a962b3e9"
  } ],
  "type" : "io.netfoundry.auth.domainv2.standardrole.StandardRole",
  "_title" : "Test Type 19 Admin - cafc8067-a44d-4552-9141-60575515a27b"
}

Delete Standard Role

DELETE /standard-roles/{id}

Authorization

This endpoint requires delete action on the standard-role resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-roles/51885196-3d99-4a51-b090-64b88565b109' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJqbS14Zjl5cnlWNkpCYWRsMUJZWEdBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjY4OWY3ODYwLWFmODYtNDU1Ni1hNTVlLTJiYjliZjI3ZDUwZSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiMzkxZTZjMTItNWMyZS00OTA1LWE2MzgtMTQ3OGMyYjIzYmI2XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc3fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.ipNbWfRvn0z6pRwi3zIPi5EoKs2gRiAVzi_ze6iUwfsfbdEXB0IwOz-T3TXnrvHGdXXRLC_E4JBKdSG7glyLZkWfz3TmxVD3Do_6P8WmJbTfgxbmTm-3K8pWhuqD6sjJPCF_6aSCn6uXT57ztS-HVkvDtS9tT2Zwj5PbSxryyh9IGgUbC5IDKAD2MTZH04Z1SLOuV112WJI6YyM4HDVP7XQdYk2Itn8rRc6-mbKNW9b5egu7xBhFgKyTDI5ob3zcb6aE2PUUvePomdX1-K-LRXOBAoCEtTgipHP8EhrTFglE6aRBGMQnT4U8Imstuse21SJrpOeiMpjIeTfB0mQS4w'

Example response

HTTP/1.1 200 OK

Standard Roles Grants

Find Standard Role Grants

GET /standard-role-grants

Returns a set of {@link StandardRoleGrant}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the standard-role-grant resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

standardRoleId

Object

true

Filters results to grants to one of the specified {@link StandardRole}s.

standardRoleIds

Object

true

Deprecated..

identityId

Object

true

Filters results to those granted to one of the specified identity ids.

identityIds

Object

true

Deprecated..

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].identityId

String

false

[].standardRoleId

String

false

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link StandardRoleGrant} was created.

[].updatedAt

String

false

The date-time at which this {@link StandardRoleGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link StandardRoleGrant} was deleted. This will be null for an {@link StandardRoleGrant} that has not been deleted. If this property is not null, then the {@link StandardRoleGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-role-grants' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJGTURua3MySlNzUlZsOXR3UzBBOGdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImFkZDE0ZTIxLWVhNWYtNGFmMS1iZmJmLWM2ZDE2NmVmNzEzMCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZDllMjI3NzctOThkOS00NGVlLWEwY2UtMjAwMWMwMTVmMTk5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.QIML0wLTi4HPFWDGKwBhJ4mBCbpwq49xWzp1CEF4BVEoaB2PGjeWM4bXVt1HtrjhNnK5M9GhKXFsF6EcoCbnGOQkN9hKGqJqEYJT66-PWYkBzwIaZGS7Z4J_ZIL_2B-VpJEu7_ocsny-rtrAOM-PyUCtLGxW2mBPk-_OY6Fk2hv_KmTuHME6aFirAz08XPIBFAfyfj4ebSH_V_2C3tMu8PD-sXT3EiCVS7wg3_cx1UerYZhMwWUa6Fq6RRJZqhCSsS7SHp38JZlkD3GyRIf1R9dYXAoiHTRkMDoYvbj9evxn6XJHPGBlKPdHnA6k2wu_mC0pNq-VNyc93tvZJgdF2w'

Example response

HTTP/1.1 200 OK
Content-Length: 1540
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "3d20c369-5933-4056-89e4-5969d00ca72a",
  "identityId" : "5d08e5a5-4e6c-4a05-a085-2ded226317ed",
  "standardRoleId" : "88d8fe8d-a666-4c8e-8b8a-5432ee0dbe68",
  "createdBy" : "e3c6e962-8d56-4fdb-839c-82a25b9eb21c",
  "createdAt" : "2020-11-24T15:51:16.930643Z",
  "updatedAt" : "2020-11-24T15:51:16.930643Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Test Type 15 Admin - 212c5a47-02be-4a8e-a9e6-8af17975df04 to identity 5d08e5a5-4e6c-4a05-a085-2ded226317ed"
}, {
  "id" : "0eb68d38-355e-4fe1-ab4c-b4295e646d42",
  "identityId" : "b7ea51e3-7a80-46a1-9a3b-517401580360",
  "standardRoleId" : "3190ccd1-e934-4298-b6b2-094413ab8f42",
  "createdBy" : "628e5eb9-9d0f-4f65-8ddb-6d8b8ea72e0a",
  "createdAt" : "2020-11-24T15:51:17.196554Z",
  "updatedAt" : "2020-11-24T15:51:17.205944Z",
  "deletedAt" : "2020-11-24T15:51:17.205Z",
  "deletedBy" : "af7c8495-a505-4d8d-9fe3-f13ca0ade23b",
  "_title" : "Grant Test Type 23 Admin - 91134f3b-8273-4f27-93da-9216ebcb5f77 to identity b7ea51e3-7a80-46a1-9a3b-517401580360"
}, {
  "id" : "1ec0e7ba-7776-4e0a-8a55-b8ffcf574f48",
  "identityId" : "9baa73e7-bb42-4fa5-a7aa-2bd08aeb8722",
  "standardRoleId" : "0af2e91c-429b-422e-a6b4-4cb72687794e",
  "createdBy" : "f30dce75-877e-4cc6-a99d-5952d3071dea",
  "createdAt" : "2020-11-24T15:51:18.819126Z",
  "updatedAt" : "2020-11-24T15:51:18.819126Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Test Type 61 Admin - 35dda946-39ca-4fb3-a5a3-730873bc870c to identity 9baa73e7-bb42-4fa5-a7aa-2bd08aeb8722"
} ]

Get Standard Role Grant

GET /standard-role-grants/{id}

Authorization

This endpoint requires read action on the standard-role-grant resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

identityId

String

false

standardRoleId

String

false

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link StandardRoleGrant} was created.

updatedAt

String

false

The date-time at which this {@link StandardRoleGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link StandardRoleGrant} was deleted. This will be null for an {@link StandardRoleGrant} that has not been deleted. If this property is not null, then the {@link StandardRoleGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-role-grants/09d1c8c2-8547-4bdc-8892-4c2b581c07d1' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0N1dSeUMwT2xUellsNmgxZnBTZWJ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6Ijg1OTI5M2E3LWJlNGEtNDhhZi1hM2FmLWUwZmIyM2UyMjdhNyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZWUxODc1MzItNWIwMi00ZjE4LThmMDUtNWIwNGM5YjcwNzQwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.XqVFNW44wMdjzvcky_sS-7sKnQWYQ8b9iKCLGUVkad6k4apqnOwWUUtMT8P3UgVsW15ZhtqRuw7C7hCfKJBX6NOFqEnMF2epXCPvIPzF7s_uYSjtGa0sbvRLd3yMsRqBOdh5ZEcgne6YGQ2ltoCRwpejeZY3D9dZQJGMhQ311ru1n04ZKm2akZmbLYYfxH6mCW0BY8V5FyUAiez4X9BAoPTbKqa7M1ejU4OZQ5ii1RQRnehDUJ_F1aN71SsgHu_khDYQJYcWu5a1rkCgwMgL2yaAEeZw5Y0mKv2ibDQcKFUivLqSbbB_RTTm7ts9x-RqMQNLtWS5NpGjvWAXAPfx-A'

Example response

HTTP/1.1 200 OK
Content-Length: 492
Content-Type: application/json;charset=UTF-8

{
  "id" : "09d1c8c2-8547-4bdc-8892-4c2b581c07d1",
  "identityId" : "07093a67-3694-44af-9b1d-6ae4197f7a9b",
  "standardRoleId" : "df23b708-9348-4874-aac2-a1a93b501c6e",
  "createdBy" : "32bd8918-a0cd-4094-8047-447efbe8eff4",
  "createdAt" : "2020-11-24T15:51:18.873939Z",
  "updatedAt" : "2020-11-24T15:51:18.873939Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Test Type 63 Admin - 436910e1-573d-4114-921d-04efe458b373 to identity 07093a67-3694-44af-9b1d-6ae4197f7a9b"
}

Create Standard Role Grant

POST /standard-role-grants

Authorization

This endpoint requires the following actions:

  • create action on the standard-role-grant resource type

  • read action on the standard-role resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

standardRoleId

String

false

Client must have create action under the annotated resource.
Client must have read action on the annotated resource.

identityId

String

false

Response fields

Path Type Optional Description

id

String

false

identityId

String

false

standardRoleId

String

false

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link StandardRoleGrant} was created.

updatedAt

String

false

The date-time at which this {@link StandardRoleGrant} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link StandardRoleGrant} was deleted. This will be null for an {@link StandardRoleGrant} that has not been deleted. If this property is not null, then the {@link StandardRoleGrant} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-role-grants' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJLeWZ5SDVOclNsZ3lpQ0RkN0ZUZ0F3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImYzMGRjZTc1LTg3N2UtNGNjNi1hOTlkLTU5NTJkMzA3MWRlYSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiMGUwNDA2YzEtNjY5NC00MmNmLThmZDgtN2NiYWEwNjZkNWNhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fSx7XCJpZFwiOlwiN2ZiYmM3ZWMtYzUxMi00NTliLWI4Y2ItMzBjMGIwNzg1ZTRmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.HsF1FVZ0265BhzGMPixiYT-ixb78E0QFTeKV2nphVL4pd2TmusG9sVlaLc342yuVAtmG-oE4uKRAaGd3GFMIvnKaKW49ZfztZcneztSjTntvrI7z3apoO3uu4_jiiSmLwWQZjXjdCkD1iQgFy0ypBfdeRslcmJhynG7nng5XstmToblB8X2fZztKdKGRMUlE-W0RZn-Gy5fhQuqRz-B5LeLIlINL4eW4t31WsMV9XPE6E3WwZI6mmWgU3b6qJN0RzTTuL57Yyr5sMaiI9SGDD-EBoL7rEFoM52tr2O-IqUEuGEwFH6ROb8Xh7DV9l1PUwtD5ml4p6S6mzx8J0zFOFA' \
    -d '{"standardRoleId":"0af2e91c-429b-422e-a6b4-4cb72687794e","identityId":"9baa73e7-bb42-4fa5-a7aa-2bd08aeb8722"}'

Example response

HTTP/1.1 200 OK
Content-Length: 492
Content-Type: application/json;charset=UTF-8

{
  "id" : "1ec0e7ba-7776-4e0a-8a55-b8ffcf574f48",
  "identityId" : "9baa73e7-bb42-4fa5-a7aa-2bd08aeb8722",
  "standardRoleId" : "0af2e91c-429b-422e-a6b4-4cb72687794e",
  "createdBy" : "f30dce75-877e-4cc6-a99d-5952d3071dea",
  "createdAt" : "2020-11-24T15:51:18.819126Z",
  "updatedAt" : "2020-11-24T15:51:18.819126Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Grant Test Type 61 Admin - 35dda946-39ca-4fb3-a5a3-730873bc870c to identity 9baa73e7-bb42-4fa5-a7aa-2bd08aeb8722"
}

Delete Standard Role Grant

DELETE /standard-role-grants/{id}

Authorization

This endpoint requires delete action on the standard-role-grant resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-role-grants/b192aa31-f2bc-429a-9b9a-2828f2ba89c8' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJrSDNFeG4zUE5rSG1KSmxHeVptYWxRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjkxM2UyMzhjLTBhOWEtNDk1NC04NjYxLTFjODRkYzUzMjhkOCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiOTA4OGEyNzQtNDRlZi00OGE5LWJlNGItZmU3NzZhN2UwYjVkXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.YftdxzJ0pIYOEAgcDcqfGIcV5bDyQQ1SOVFN4kPbY3w-tvJJDfU4x2bV4IBgpSH6E-jVJsWw0krKXpf9rx0uJGOXR3llF_wUD31Cic9YACF0wCFmrbR6lTLq_mZ6bXJH5l8lRLX8xJcGGBLcZCIx8EDrAK-P_LBKRWumKcl-v-5xcP3q79AnmERFLXpO7-qVHPZBCfYf3zY9LYxUKcGjHVBQCoFomszt7C7pCzfRl2D3syysBbdSoUpdAd2JaOt7WuqNftzUcTN2bzVBdI936ggdQUafVj5hcWl5Zw82k7mP-yEcmT3GKf707SrgB9D2rzbDpwAkIroFMIAiK649Ww'

Example response

HTTP/1.1 200 OK

Standard Role Types

Find Standard Role Types

GET /standard-role-types

Returns a set of {@link StandardRoleType}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the standard-role-type resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

resourceTypeId

Object

true

Filters results to those that target one of the specified {@link ResourceType}s.

resourceTypeIds

Object

true

Deprecated..

authorizationStrategyName

Object

true

Filters results to those that are of one of the specified strategies.

authorizationStrategyNames

Object

true

Deprecated..

includedByStandardRoleTypeId

Object

true

Filters results to those whose actions are fully included by the specified {@link StandardRoleType}. In other words, all returned {@link StandardRoleType}s are logical sub-sets of the {@link StandardRoleType} specified by this query parameter.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].resourceTypeId

String

false

[].authorizationStrategyName

String

false

Size must be between 1 and 64 inclusive.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link StandardRoleType} was created.

[].updatedAt

String

false

The date-time at which this {@link StandardRoleType} was updated. The only supported 'update' on this bean is to mark it as deleted.

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-role-types' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ6MXdKRUNIQzhsLUh1YXJGcHN4dkZ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImNmODg5OGM1LWJhM2QtNGNlNS1hMmMwLTc2MTQ0ZTRhYTBlYiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYmMxNDExNTctNmM5ZS00ZThlLWI4MjUtNTg4ZTgxY2M3ZTY3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Bb-aEmUELwj77cIVijHTSE2Y3pTDsnnXUW6FWHxdM3inxGKPBm2a2vzCEif-9kEN5r21aQRUNaj1UtgEVqWqdPWcFL5aZJtCJlfJ4bddsAaZvLjNNESaLOzEZQl0ow64r1c8nxH-JL52l5i0febksm7y5-6O_t8RAQRqfcsLx0u446Ugnyt_lQeDZ31hWpCrvoVDwfbwlq5ipcsfyuY3mAZrQngAyN3M8HzF7y-BOXzw7gZrPmvCQQpWx9CePAnfDujM7h6xEKSxdspJFC_W5ZgIRUhCXHbBgfnFjENM6FL1X8_zuSPYKhPbMxXNJa4A1qoN_UT71lMjsNiGXPlHQg'

Example response

HTTP/1.1 200 OK
Content-Length: 1031
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "0ec3a978-c583-466a-8c6a-a4a2f6dc95ec",
  "resourceTypeId" : "19c6adb6-41ca-4b5a-90b8-698568c5f32e",
  "authorizationStrategyName" : "Read-Only",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.645374Z",
  "updatedAt" : "2020-11-24T15:51:13.645374Z",
  "_title" : "Standard Role Read-Only"
}, {
  "id" : "24796e8f-d671-48bb-a5e5-098d5f783657",
  "resourceTypeId" : "19c6adb6-41ca-4b5a-90b8-698568c5f32e",
  "authorizationStrategyName" : "Admin",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.645374Z",
  "updatedAt" : "2020-11-24T15:51:13.645374Z",
  "_title" : "Standard Role Admin"
}, {
  "id" : "e049d395-8457-4992-b947-c9357539df95",
  "resourceTypeId" : "d3f1b18b-b2fb-41df-8ea6-074208653bda",
  "authorizationStrategyName" : "Admin",
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.645374Z",
  "updatedAt" : "2020-11-24T15:51:13.645374Z",
  "_title" : "Custom Role Admin"
} ]

Get Standard Role Type

GET /standard-role-types/{id}

Authorization

This endpoint requires read action on the standard-role-type resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

resourceTypeId

String

false

authorizationStrategyName

String

false

Size must be between 1 and 64 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link StandardRoleType} was created.

updatedAt

String

false

The date-time at which this {@link StandardRoleType} was updated. The only supported 'update' on this bean is to mark it as deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-role-types/fd06371d-5e3d-4cb6-a9a3-8d12f648b035' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJLWTY3eDhQWjBGWVJwSzhFOEJKdkxRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjEzZmFmNmRmLWU3NzQtNDA5Ny1iNDVlLTU5MWNmYmI4MmRhNCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNGQ2MzcyZDMtOWNjOC00YTkyLThjYzAtOTgyZjUyNjRhNDFhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.OGO7JBM-zidLaJZujOXaatqTAKExIFYrGXGW0GqagxR_brRhvnNnoYccoWSHaohBEXAssm1tWVBWUgv-CZD4HE2cb4ihROtSvAt9ulTSUnOZzNsP32aC-puIkxBbr33rBg4lLcA1SJDiaj3jnDW8fhRCXHe1ADuK7f8_60apu5eA-COG31V1YySufzjyEtZeMdkmuG0FK60smxwaAwSOaqZoNBiy_DkOOzli6GAGB9BVnPlEInj9WnHpvH2iTLHZLreej3zZ8pIHHOvFy8wdM6i1nkSlzFrwfiFFMcY1JwdnM1lJUpOfJ0w9aI98v9jczn2INvg5KHdoPz0CTpRDyA'

Example response

HTTP/1.1 200 OK
Content-Length: 338
Content-Type: application/json;charset=UTF-8

{
  "id" : "fd06371d-5e3d-4cb6-a9a3-8d12f648b035",
  "resourceTypeId" : "d963579a-f66b-4d09-ac53-9891bbd71436",
  "authorizationStrategyName" : "Admin",
  "createdBy" : "25888b20-1fbe-44ca-945d-fe777a81b72f",
  "createdAt" : "2020-11-24T15:51:18.553143Z",
  "updatedAt" : "2020-11-24T15:51:18.553143Z",
  "_title" : "Test Type 56 Admin"
}

Create Standard Role Type

POST /standard-role-types

Authorization

This endpoint requires the following actions:

  • create action on the standard-role-type resource type

  • read action on the resource-type resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

resourceTypeId

String

false

Client must have read action on the annotated resource.

authorizationStrategy

String

false

Response fields

Path Type Optional Description

id

String

false

resourceTypeId

String

false

authorizationStrategyName

String

false

Size must be between 1 and 64 inclusive.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link StandardRoleType} was created.

updatedAt

String

false

The date-time at which this {@link StandardRoleType} was updated. The only supported 'update' on this bean is to mark it as deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/standard-role-types' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwM0d5RGZSQkRjSHR6NVBDTTZFWlVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImEzMmYzMWY4LThlZmYtNDJmYS05NjdmLWZhYzk5NjllMWRkYyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZmQ1ODBhNzUtZGQ5YS00NmVmLTg0NmEtMGY1YTM4Y2I0YWZlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fSx7XCJpZFwiOlwiODAwMjcyZDktZTExZi00ODY5LWE3ZWEtZWRkYWRmNjcyNjk3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.DkKQbaVRYYip8KUrTaPxsJt9xXm2N7cGAGDOA7wlFh_-5zuYm07ILjG5EkCKlL8yfYKFpV1E1th7yYlAn5Fgia0-9KVP-dKcOvY4I5AfWFtWIsh0f62-JYRwYQ1KhRS445Ke7tWK3vYii3zmcYDEREr8jXyo6LrLsB3BBteI3xjv3dfw5KIO18YyTwW9lEo-1Fyv5Bwrjuiv5k9QvlBZRXaFo0oQLwaQzlEy02ylkagwRQNzG1j4QGzbAqRx_JsyjFDjhvMVO2QIioFj2k92J9wGZ6tS3L8a6a6jMeJaNxnuyOZNFp7oLRuCKO2PROkch6jEv3Sk-CRsogsuxBUpKg' \
    -H 'Content-Type: application/json' \
    -d '{"resourceTypeId":"c61d3c25-bcaa-4aee-9f07-1d8b371a534a","authorizationStrategy":"Admin"}'

Example response

HTTP/1.1 200 OK
Content-Length: 335
Content-Type: application/json;charset=UTF-8

{
  "id" : "326602c8-cee7-474c-b7a8-d4a9d87a36eb",
  "resourceTypeId" : "c61d3c25-bcaa-4aee-9f07-1d8b371a534a",
  "authorizationStrategyName" : "Admin",
  "createdBy" : "a32f31f8-8eff-42fa-967f-fac9969e1ddc",
  "createdAt" : "2020-11-24T15:51:18.525671Z",
  "updatedAt" : "2020-11-24T15:51:18.525671Z",
  "_title" : "Test Type Admin"
}

Resource Action Inclusions in Standard Roles

Find Action Inclusions

GET /action-inclusions

Returns a set of {@link ActionInclusion}s that the client is authorized to read and which match the specified (optional) query parameters.

If multiple query parameters are specified, then results must match each query parameter that is set. If a query parameter supports multiple values, then a result must match at least one of the values. In other words, distinct query parameters are AND’d while value matching within a single query parameter act as an OR condition. For example a query parameter "?x=1,2&y=3" becomes (X == 1 OR X == 2) AND (Y == 3).

Authorization

This endpoint requires read action on the action-inclusion resource type.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

resourceActionId

Object

true

Filters results to those that apply to one of the specified {@link ResourceAction}s.

authorizationStrategyName

Object

true

Filters results to those that apply to one of the specified strategies.

isDeleted

Boolean

true

When true, returns only those that are marked as deleted. When false, returns only those that are not marked deleted. When not set, returns all those that are otherwise matching, whether they are marked deleted or not.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

[].resourceActionId

String

false

[].authorizationStrategyName

String

false

Size must be between 1 and 64 inclusive.

[].includeWhenAbove

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is above the {@link StandardRoleType}'s {@link ResourceType}.

[].includeWhenAt

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is the same as the {@link StandardRoleType}'s {@link ResourceType}.

[].includeWhenBelow

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is below the {@link StandardRoleType}'s {@link ResourceType}.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link ActionInclusion} was created.

[].updatedAt

String

false

The date-time at which this {@link ActionInclusion} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link ActionInclusion} was deleted. This will be null for an {@link ActionInclusion} that has not been deleted. If this property is not null, then the {@link ActionInclusion} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/action-inclusions' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ2QldockRYTUNaaGo0ZnAtM3pUOXRRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImE3NTMwYmRhLTM4NGItNDkwZS1hNTYwLTJkYzYxOTE5MGRjOSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZjE3MTE2NzMtMTA3NS00YmI5LTg3NjAtMzIyMjVkY2NhOWNlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.BnIIKVYr3taCz6PwSt8YWt1Z10E_8V7GPmVMjBvcRrIDJiyBSN3KVzI-FsfpCfi41P2jam8HM5QI5p0R3O05PL0yNhkFrVq06f09h45MFY1dborY2KaxCF09kpj9K1SmL97m4CTrRfeSwmDzsIBlBoPiSmLd1QdWrSzg_YkPVePTh2wTR6R43ZOC_BXHTd-1CCpL5CmXk_NWMM0pJSZfS4KCNPJAAl-O-0qu3My_g9ELSxH4DfqCuyaAZMiYIqIHGoMfQamFzkOAKiJ_QQfC-NVn2jJKtco0RLgc0RDRiUzu7gGEUtbBgiM8Cya5RdtZzKDBPUq-QJKD9Rf8coCUmQ'

Example response

HTTP/1.1 200 OK
Content-Length: 1572
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "0f84e07b-4a76-4409-82ef-ea489dd8a1e6",
  "resourceActionId" : "b876dcdf-4bd5-42b4-9358-a095b3a0c052",
  "authorizationStrategyName" : "Admin",
  "includeWhenAbove" : false,
  "includeWhenAt" : false,
  "includeWhenBelow" : true,
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.904535Z",
  "updatedAt" : "2020-11-24T15:51:13.904535Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Inclusion Rules for Create Edge Router Policy in Admin Standard Roles"
}, {
  "id" : "c444a398-a458-46eb-8928-9f70946525d5",
  "resourceActionId" : "4a32bcf2-92b7-4fe6-a92f-829a91bb3e31",
  "authorizationStrategyName" : "Contributor",
  "includeWhenAbove" : false,
  "includeWhenAt" : false,
  "includeWhenBelow" : true,
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.904223Z",
  "updatedAt" : "2020-11-24T15:51:13.904223Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Inclusion Rules for Delete Edge Router in Contributor Standard Roles"
}, {
  "id" : "25043b9b-f882-40fc-99a7-0b9cb82c8c78",
  "resourceActionId" : "9357068b-8d96-421b-bfba-a22b2ed29205",
  "authorizationStrategyName" : "Read-Only",
  "includeWhenAbove" : true,
  "includeWhenAt" : true,
  "includeWhenBelow" : true,
  "createdBy" : "0ab1b47d-a5de-4f39-a3bd-7b130cacf401",
  "createdAt" : "2020-11-24T15:51:13.460308Z",
  "updatedAt" : "2020-11-24T15:51:13.460308Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Inclusion Rules for Read Geo Region in Read-Only Standard Roles"
} ]

Get Action Inclusion

GET /action-inclusions/{id}

Authorization

This endpoint requires read action on the action-inclusion resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have read action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

resourceActionId

String

false

authorizationStrategyName

String

false

Size must be between 1 and 64 inclusive.

includeWhenAbove

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is above the {@link StandardRoleType}'s {@link ResourceType}.

includeWhenAt

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is the same as the {@link StandardRoleType}'s {@link ResourceType}.

includeWhenBelow

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is below the {@link StandardRoleType}'s {@link ResourceType}.

createdBy

String

false

The identity id that created this resource.

createdAt

String

false

The date-time at which this {@link ActionInclusion} was created.

updatedAt

String

false

The date-time at which this {@link ActionInclusion} was updated. The only supported 'update' on this bean is to mark it as deleted.

deletedAt

String

true

The date-time at which this {@link ActionInclusion} was deleted. This will be null for an {@link ActionInclusion} that has not been deleted. If this property is not null, then the {@link ActionInclusion} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

_title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/action-inclusions/e3d22549-4d79-4afc-a439-af78c4a74f35' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJacWpQZjFjSUNTMWgtbFZubnRMOV93IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjIzNGY2ZDFlLTg0ZTMtNGMxZS04MjBiLTAyY2MwMDlhODdkMCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiNGRkMmE4NzktZGYzMy00Y2FhLThmZmQtNzdhODdlYmY5M2MwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.TIbWWG1FgaqEByNRvC8CKz2uXCQYV2rx4nhrfDorXINnp78hGzEGVo3qS6trXmTZeLz3pIWifXEVGlIm-lzlC6BuvQp2XZ7LxHW1wuc9cJQvbsRHtSWsUrRleIdzZ6BG1SUdTZcPshb0rO__7GpyT7PXpthybffenkq0IDEPXpmXKyllbVIFWysljLFPtzRBj9aWHbGDbfgw3S50HAYvO6nTTUhWfiVb9aFFrpsyLUGNirKQ9BWxogAWvPqSe4S8NJvftrEvzvXz0y9hC-6Eaa0M4FUNdej4pFrkCz4vmwmsWmmSdZGtxE6dCNv96JDYzV5iE2q3MvldP7Q9TzWvtA'

Example response

HTTP/1.1 200 OK
Content-Length: 522
Content-Type: application/json;charset=UTF-8

{
  "id" : "e3d22549-4d79-4afc-a439-af78c4a74f35",
  "resourceActionId" : "7d1c8ebf-1e68-440e-921a-b927fa2935b0",
  "authorizationStrategyName" : "Admin",
  "includeWhenAbove" : false,
  "includeWhenAt" : true,
  "includeWhenBelow" : true,
  "createdBy" : "87c97f44-82aa-4755-b114-adb205c50305",
  "createdAt" : "2020-11-24T15:51:18.242228Z",
  "updatedAt" : "2020-11-24T15:51:18.242228Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Inclusion Rules for Test Action 42 Test Type 41 in Admin Standard Roles"
}

Create Action Inclusion

POST /action-inclusions

Authorization

This endpoint requires the following actions:

  • create action on the action-inclusion resource type

  • read action on the resource-action resource type

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

resourceActionId

String

false

Client must have read action on the annotated resource.

includeWhen

Map

false

Response fields

Path Type Optional Description

[].id

String

false

[].resourceActionId

String

false

[].authorizationStrategyName

String

false

Size must be between 1 and 64 inclusive.

[].includeWhenAbove

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is above the {@link StandardRoleType}'s {@link ResourceType}.

[].includeWhenAt

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is the same as the {@link StandardRoleType}'s {@link ResourceType}.

[].includeWhenBelow

Boolean

true

True if the linked {@link ResourceAction} should be included in {@link StandardRole}s where this {@link ResourceAction}'s {@link ResourceType} is below the {@link StandardRoleType}'s {@link ResourceType}.

[].createdBy

String

false

The identity id that created this resource.

[].createdAt

String

false

The date-time at which this {@link ActionInclusion} was created.

[].updatedAt

String

false

The date-time at which this {@link ActionInclusion} was updated. The only supported 'update' on this bean is to mark it as deleted.

[].deletedAt

String

true

The date-time at which this {@link ActionInclusion} was deleted. This will be null for an {@link ActionInclusion} that has not been deleted. If this property is not null, then the {@link ActionInclusion} is 'marked' as being deleted. For data retention reasons, we never actually delete a resource.

[].deletedBy

String

true

The identity id that deleted this resource. This will be null until the resource is marked deleted.

[]._title

String

true

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/action-inclusions' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwamM0MEtnRllwbDNsbS0yaEhnM3VnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6Ijc4OWM2NWU2LWI0ZjAtNDQwMC05NGE2LWU1MTEzYmJmZDllMiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiYmEwMjc1YjQtYzViMS00OGJhLWE5MjAtM2E0NGQzYWU3NTliXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fSx7XCJpZFwiOlwiN2RhZGNmZGEtYzYzNS00OWI3LThlYjQtMDUxZGY3ODU1NjM3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.EcYbXP61pGVEY0GixFUiaFboX9KOq1tzR8KtSzqp5xkO-1jfwkJuW4ed3x4o4n7CxissGeGMpLTzKCPKdtNrKQA0_BWzPp8iBVqooGRSV0h2IBJYhYHrJD1gCKoWWNNhuTTfIGaX5JME-jn11BXF5EQXK0fpdjzpuawpjk0oMdGbZiiiYwa_ij1uxFdDvqqJr4ba2sD7nGTGeL_BA7V3EEXR1m6nJYIQHwCKz6_KXvg1iAEdiwGsH43QB0nsF0LI6KoMNkj3FYK7wu8hvo8QRbKu0aNwj4CdK3Q8LzSvZQwDExVibwTk4TpChzV6qgAEhZ_nJWKaipriX5wpQxJxJQ' \
    -d '{"resourceActionId":"d62b52a3-665a-4741-8e83-0fa1fb7e8c88","includeWhen":{"Admin":{"above":false,"at":true,"below":true}}}'

Example response

HTTP/1.1 200 OK
Content-Length: 526
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "4d8ad17e-bbff-4c47-b0f1-01f2bdad779a",
  "resourceActionId" : "d62b52a3-665a-4741-8e83-0fa1fb7e8c88",
  "authorizationStrategyName" : "Admin",
  "includeWhenAbove" : false,
  "includeWhenAt" : true,
  "includeWhenBelow" : true,
  "createdBy" : "789c65e6-b4f0-4400-94a6-e5113bbfd9e2",
  "createdAt" : "2020-11-24T15:51:18.327531Z",
  "updatedAt" : "2020-11-24T15:51:18.327531Z",
  "deletedAt" : null,
  "deletedBy" : null,
  "_title" : "Inclusion Rules for Test Action 48 Test Type 47 in Admin Standard Roles"
} ]

Delete Action Inclusion

DELETE /action-inclusions/{id}

Authorization

This endpoint requires delete action on the action-inclusion resource type.

Path parameters

Parameter Type Optional Description

id

Object

false

Client must have delete action on the annotated resource.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/action-inclusions/3ba04724-ddca-4974-a70a-65835aae6c9c' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkdjBMbHdzZFdNYkZlcVBBUGxmbEtBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjUzMDk1ZTA5LWUyMTktNDQ3Yy1hMDU5LWUyYzg3Nzk1Y2FlYiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3OCwiZXhwIjoxNjA2MjM2Njc4LCJncmFudHMtc3VwZXIiOiJbXSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbe1wiaWRcIjpcIjdjY2MzMDM0LTljMGUtNDI2My1iMGE4LWE5YzU1NzE2ZTYwZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjQxYzFlZGVhLTlkNmItNGJjOS04NDgxLTVlMDllMjI3MjEwZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImY5YjE4ZjkwLTYxZDEtNDgyNS04Nzc2LWI1OWEwYTQyODY4N1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjI2NGEwMTI3LWMzNzktNGMzYy05NDMwLTc1NjQxY2MwYmZlM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImRiOWQzNmM5LWQ4NWItNDIxNy05ZTc3LTc1ZDMyYzBkZDkyYVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcIjE3ODI0ZGFjLTUzYzUtNGE5MS04YjRkLTk1YTUyNGM0YzgzM1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH0se1wiaWRcIjpcIjIxNzEwZDhiLWViN2MtNGUyNS1iOWU4LWEyMzVmOGU4ZDcxOVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImZhZGEyNjkyLTY1MzktNGVkMC1hODFhLWY0ZjNlODg4OTQ3YVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3M30se1wiaWRcIjpcImVlNDAzNzRlLWE1ZWEtNDgwZi1iMzk0LTE1ZWFkMDI0ZjE2MFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3NX0se1wiaWRcIjpcImZkMmIzNzBlLTVjOGMtNDU2OS1iZjYzLWM2YzU5ODEyMTBmNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3OH1dIiwiZ3JhbnRzLWFjdGlvbiI6Ilt7XCJpZFwiOlwiZjkyYTgwNDItYmU5OC00NzgzLTg1NWMtYjQ1NzhlMmUxMTg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc4fV0iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.MEcHmw55_A2rddHBHLviDKQHjSibrVtzPRHbteRSVYb0ED6Zf0CNzcmjtUq_dxj89_TbugfOR8gEfR7upbXL__YJ-7JuhIGxwGejf6fqtlfBmbSJW13qv_7h58w_12H0sZKcSInsWShGNuVgN0m-iFHCZPF3tedmITouSr8cKJSjR6M1iWWySvzhT5_22DDeeLFogEOtXapeJMcONg0e9oKFKC1X_OX1SQ3keWTPFrfy-1rMvjLuE1kpqjmNvLyHKjV7WKpiRmpUPLzr16aISzgv6fQ4BKxigoZU4_7XhlLZa-VPOWi37RQUizj4q8EbpAFosFF9_Zk0ycEIJCPVyQ'

Example response

HTTP/1.1 200 OK

Deprecated Resources

Resources

Find Resources

GET /resources

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

nameLike

String

true

descriptionLike

String

true

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

name

String

false

description

String

false

resourceTemplateId

String

true

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resources' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Length: 1152
Content-Type: application/json;charset=UTF-8

{
  "content" : [ {
    "id" : "2b374a00-bf8d-4874-8cb5-5ce67adff0e0",
    "name" : "nfrn:orgs:*:nets:*:gateway-clusters:*:endpoints:*",
    "description" : "All Gateway Cluster Endpoints",
    "resourceTemplateId" : null,
    "createdAt" : "2020-11-24T15:51:12.590110Z"
  }, {
    "id" : "cdace3ea-d75b-11e9-b01a-d05099466715",
    "name" : "nfrn:*",
    "description" : "All NetFoundry Resources",
    "resourceTemplateId" : null,
    "createdAt" : "2020-11-24T15:51:12.590110Z"
  }, {
    "id" : "cdace5d7-d75b-11e9-b01a-d05099466715",
    "name" : "nfrn:orgs:*",
    "description" : "All Organizations",
    "resourceTemplateId" : null,
    "createdAt" : "2020-11-24T15:51:12.590110Z"
  } ],
  "pageable" : {
    "sort" : {
      "sorted" : false,
      "unsorted" : true,
      "empty" : true
    },
    "pageSize" : 20,
    "pageNumber" : 0,
    "offset" : 0,
    "unpaged" : false,
    "paged" : true
  },
  "totalPages" : 3,
  "last" : false,
  "totalElements" : 50,
  "numberOfElements" : 20,
  "sort" : {
    "sorted" : false,
    "unsorted" : true,
    "empty" : true
  },
  "first" : true,
  "number" : 0,
  "size" : 20,
  "empty" : false
}

Get Resource

GET /resources/{idOrName}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

idOrName

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

description

String

false

resourceTemplateId

String

true

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resources/2eba57d8-087c-43e2-b4d2-5423c4b5939f' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Length: 193
Content-Type: application/json;charset=UTF-8

{
  "id" : "2eba57d8-087c-43e2-b4d2-5423c4b5939f",
  "name" : "nfrn:tests:*:foos:*",
  "description" : "All Foos",
  "resourceTemplateId" : null,
  "createdAt" : "2020-11-24T15:51:15.238910Z"
}

Create Resource

POST /resources

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

false

description

String

false

audience

String

true

Response fields

Path Type Optional Description

id

String

false

name

String

false

description

String

false

resourceTemplateId

String

true

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resources' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"name":"nfrn:tests:*:random:*","description":"random test resource","audience":"io.netfoundry.tests"}'

Example response

HTTP/1.1 200 OK
Content-Length: 207
Content-Type: application/json;charset=UTF-8

{
  "id" : "e1209810-d669-4bfd-bdd4-20f610f14ab7",
  "name" : "nfrn:tests:*:random:*",
  "description" : "random test resource",
  "resourceTemplateId" : null,
  "createdAt" : "2020-11-24T15:51:17.660722Z"
}

Delete Resource

DELETE /resources/{id}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/resources/1928540a-67dd-44f6-96e9-63f0a3077aa7' -i -X DELETE

Example response

HTTP/1.1 200 OK

Actions

Find Actions

GET /actions

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

nameLike

String

true

descriptionLike

String

true

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

name

String

false

Must match the regular expression :[a-zA-Z0-9-].

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/actions' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJzRGxWaDdjdTQ3RjVVdnZLRC1VY3V3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjRkNWIwYmVhLTJmYjYtNDk1NC05ZGQ0LTRmMmRjNzEwMTA5OSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcImIyZmFmNzhjLWVlMTAtNDdmZi1iNzRjLTIwNTg0OWMxOTczY1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3N31dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.Kxs88Nrvu215X-YGf4EVouq4Q8RYBssn2MYYOpi3FTE5EIeRvy6gRBws3QMsLsrVzbTcS4qswgsALLSWNqBOaAde5yOyycbytQxUrFRRImRfo2ji-PPDCV1PRjPA2dEkLBY0LVfiCM1o6fVRpFzhYwOQ9sZJL7v8ISpg1tL1QCSB2N8uacGDVO3dcDMgaqEt-v8SdZfSP05XF-H3DEJB6FKpQ9jVVDpbNIpfiGPzA-aSJjd9ixiixo6CLoV7WLlPZERA2cl7HJZxHhRRJlexIoIiFOJkJY3xMm_pgkOoFT3DN9Fnla9toEpAB4b71h9P9EK5Y6E63QeZQb3iZhn8DA'

Example response

HTTP/1.1 200 OK
Content-Length: 1052
Content-Type: application/json;charset=UTF-8

{
  "content" : [ {
    "id" : "a68353ea-b58d-441e-8714-b5ed62c75f22",
    "name" : "networks:create-aws-autoscale-endpoint",
    "description" : "Create AWS Auto-Scale Endpoints",
    "createdAt" : "2020-11-24T15:51:12.566194Z"
  }, {
    "id" : "ce0b865f-d75b-11e9-b01a-d05099466715",
    "name" : "*:*",
    "description" : "All Actions",
    "createdAt" : "2020-11-24T15:51:12.566194Z"
  }, {
    "id" : "ce0b8832-d75b-11e9-b01a-d05099466715",
    "name" : "azure-subscriptions:*",
    "description" : "All Azure Subscription Actions",
    "createdAt" : "2020-11-24T15:51:12.566194Z"
  } ],
  "pageable" : {
    "sort" : {
      "sorted" : false,
      "unsorted" : true,
      "empty" : true
    },
    "pageSize" : 20,
    "pageNumber" : 0,
    "offset" : 0,
    "unpaged" : false,
    "paged" : true
  },
  "totalPages" : 9,
  "last" : false,
  "totalElements" : 173,
  "numberOfElements" : 20,
  "sort" : {
    "sorted" : false,
    "unsorted" : true,
    "empty" : true
  },
  "first" : true,
  "number" : 0,
  "size" : 20,
  "empty" : false
}

Get Action

GET /actions/{idOrName}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

idOrName

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

Must match the regular expression :[a-zA-Z0-9-].

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/actions/86a24a16-9aa4-425d-8b70-1807ad3310c2' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJFUXc4aHBOZGN3eV96RURHSUoxRlJRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImM2NmViZjkzLWUwNzQtNDI4MS1iZTg4LTEyNWZhNGExNjYwMyIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjgwMTEyMDQ1LWMwNWMtNDkwOS05OWE3LTFlNzhkYjQ3MzIxN1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3N31dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.L9BpXWirFSDIz7kB-VRVXg8FX9cxCDa_LCfLr84BnjV__2CItyPF0JMAVHef6DJtlRccd-49bIjcpwc9BUoUGwn1suylQNLhMr6U-eafGzOZRXtNVHQPpv9CaongJvV9NHVDJGtb1_p9JWWnpo4CWDsxIADYrJiakp7dkfSqus1eaah1Sy51HDCvXK7L0b8zJIMfY2oAcYOCp2xvXS-nHF6Cxiov9027Mloge0rnun53A-unUcNOhL_VXo5mUL3pBGwey-DwXVZUrm3WzlyAu96ibwnnTycpMPvDSGP1DC2gijwNupV5P2KwiHeBDpUd_rTDFj044G_Cs_n2F6GWlQ'

Example response

HTTP/1.1 200 OK
Content-Length: 161
Content-Type: application/json;charset=UTF-8

{
  "id" : "86a24a16-9aa4-425d-8b70-1807ad3310c2",
  "name" : "tests:create-foo",
  "description" : "Create Foo",
  "createdAt" : "2020-11-24T15:51:15.230481Z"
}

Create Action

POST /actions

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

false

Must match the regular expression :[a-zA-Z0-9-].

description

String

false

Response fields

Path Type Optional Description

id

String

false

name

String

false

Must match the regular expression :[a-zA-Z0-9-].

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/actions' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJNM3pmRkVWSk15RFpxNmlvcWFLRWZnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjM1Zjk3MTY1LTczMjUtNDBjOS1hMGU4LWM3MzIwYzcxZjEwYiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcImJiNzVhN2JkLTdmY2EtNGFhNS1iMjhlLWIwNDQ0ZGZiYWJkYlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3N31dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.XZ7GklMOYHwumfgv4MVC2X8xDc4po4pFXGzQPKZFklLflS4c9tP7UAVtucMrCQB5E9GeP96x8NlUfUSP9xuTD-YCY7EUBgeQF1lv7kbd5MH7vmLLSuGz3-lKkDn8y0TyEmr0H6q1vipNpKg8QEePnwldf9iRX0VT5xlzHBHdSrkBDlBaooRkUf1P7eZ6cUoLgJJq1UAuwJ-C5DVBa_I6lSKVWE2Mvwb8dsa7r6aR7tM0uesFQNVGJKvLSlz6bPEoVrZBv6HvHCe6wMyeNqdn4lZVc123iulYf2UhZuh5bR3R05zYm8OceDQKEBaooGud6ZfGK1iXVcf0H984kt3yUA' \
    -H 'Content-Type: application/json' \
    -d '{"name":"nfrn:get-widget","description":"Getting a widget"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 166

{
  "id" : "37c8146c-f1df-4a6c-af7c-246ab6680c4c",
  "name" : "nfrn:get-widget",
  "description" : "Getting a widget",
  "createdAt" : "2020-11-24T15:51:17.454607Z"
}

Policies

Find Policies

GET /policies

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

resourceIdIn

Object

true

actionIdIn

Object

true

descriptionLike

String

true

roleId

Object

true

identityId

Object

true

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

resourceId

String

false

actionId

String

false

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/policies' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0VHlJTUZxSFl3ZW9sTHNYdVNJUFNnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImFhODI2ZDc1LWYyMzgtNGRkYi1iYjg2LTBiODg0NmExOTQ3ZSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjhkNzJhZDhkLWVjMDktNDdjZi04N2FjLWM2OGQyN2I2OGYxYlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3Nn1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.h7QBYFBT-Nccg0GqyZhWAhJ840EvK-psztUb7QvVjz00eAsVhOLlUV37uqNxknZsKt2SuiCjwWMiWY_icy8OvYysgBDrcwzVgRIDQdmPXx8zqn-_7Hdvub60g_vKw2I2GojE6ovZzjWFO0RR7ch4Po_aq-TtaL3468qPycLz2OkphSXq1bi1z1jSM0FAxlxSRYEcTFxrKqazjT1eeT-M1sglt0TL0AMaR7SlExZBmHuzrENzOYoV0AZQAwVynvn4WmSXcmG_HTZaT1RfdklIMgOSbPbdO80_2hkprNslBJJiNBrpeCWk9kEWDq-129zmDftUCPX7lDb2spEA0N5w5A'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 1215

{
  "content" : [ {
    "id" : "0597e8f7-be2b-11e9-b33b-d05099466715",
    "resourceId" : "d862d360-d75b-11e9-b01a-d05099466715",
    "actionId" : "d180d08a-d75b-11e9-b01a-d05099466715",
    "description" : "",
    "createdAt" : "2020-11-24T15:51:12.612413Z"
  }, {
    "id" : "0597e924-be2b-11e9-b33b-d05099466715",
    "resourceId" : "d862d360-d75b-11e9-b01a-d05099466715",
    "actionId" : "d180d1a5-d75b-11e9-b01a-d05099466715",
    "description" : "",
    "createdAt" : "2020-11-24T15:51:12.612413Z"
  }, {
    "id" : "0597e934-be2b-11e9-b33b-d05099466715",
    "resourceId" : "d862d360-d75b-11e9-b01a-d05099466715",
    "actionId" : "d180cffa-d75b-11e9-b01a-d05099466715",
    "description" : "",
    "createdAt" : "2020-11-24T15:51:12.612413Z"
  } ],
  "pageable" : {
    "sort" : {
      "sorted" : false,
      "unsorted" : true,
      "empty" : true
    },
    "pageSize" : 20,
    "pageNumber" : 0,
    "offset" : 0,
    "unpaged" : false,
    "paged" : true
  },
  "totalPages" : 9,
  "last" : false,
  "totalElements" : 171,
  "numberOfElements" : 20,
  "sort" : {
    "sorted" : false,
    "unsorted" : true,
    "empty" : true
  },
  "first" : true,
  "number" : 0,
  "size" : 20,
  "empty" : false
}

Get Policy

GET /policies/{id}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

resourceId

String

false

actionId

String

false

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/policies/6b0094d7-f794-40f6-99b1-601db3b0f018' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJKb0J5Rjktd0RtaVVpcENGTzFxVGx3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImY3NDhiNzJjLTU2YzktNGZkZS1iNGQ5LTlkMzQ2ODVmZWI3MiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjgyYmY1OWM3LWU5MjktNDdmMy1hYTI4LTIwYTA4MmUyOGJlYlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3Nn1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.SUMd_3hxZu8tztUIG0zamcUEPPMvUjoZCk8nb9zsg54y2ABg_NJ12yl6Ot5vKsfbOZPs0HoWaMedXvxGk4vBZZHK9SPfpT6mcZJCpwp8wgWOfK4bwLiRV3yn3UohhyfVx9Y-eOopPJaLTolPUx10idf4ZCHb8dryP_OZmdwj0fUt50d6-ov9IOEiwKGgn-0gMpvssYSwVAJTf4KtK5Im49s6QBDUTd8KE2K7JWMdcMF3ItTeFZPQBDXUM-pMp6lDLsry6JQQj84guNbsEJTTGRwlNcQcygFp1rR48JZ0nrKy_Mh8ILQN7k0vnSOOk6pIcJSy6wn7ozq6XxewvPwHwA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 255

{
  "id" : "6b0094d7-f794-40f6-99b1-601db3b0f018",
  "resourceId" : "2eba57d8-087c-43e2-b4d2-5423c4b5939f",
  "actionId" : "86a24a16-9aa4-425d-8b70-1807ad3310c2",
  "description" : "Create Foo for All Foos",
  "createdAt" : "2020-11-24T15:51:15.245879Z"
}

Create Policy

POST /policies

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

resourceId

String

false

actionId

String

false

Response fields

Path Type Optional Description

id

String

false

resourceId

String

false

actionId

String

false

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/policies' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJpSF96OWl4a1d3aXVucUFNY0Q0Vk93IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImNhZDNjOTY1LTM5NmItNDA4NS05YmYxLTZhZjcxMjUyZTE4ZSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjk0OWE1OTU4LWI5ZDYtNGMzZC1hMGMwLTZiODljYTc1MmJkZFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3Nn1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.TuZ3YlFy1ZipmOS0TAIb7ZgqgYqcp7vKvi5uhWdfJ0CwvkTr8UWOJkbzqCBcvYNgEgiEBV3whlo7JGX1EVtKbzmf8B4FIiqoTSCDbaRSTrOehlWkrsp78c8wZzg1mD1NEzx83w8rXXqg9yN7SLE3nYrMLi-SSoNEddnWhdf2JnL5K82Sc20u51czciQJNFLw8n5eiOuqf_UOSAanDZI1K-ZDcO7HrmBK5yWbGuBsA0XrSzV_hXbOysYnoevKM8cwRansJ87XvCzBLqzskKg7eHFhhSShwsEno6KGDdHMXNb9UdgzWkdnrHhCcqzhw11jG4H1N6sbpYuNgfAwMD6D5Q' \
    -H 'Content-Type: application/json' \
    -d '{"resourceId":"d75c19ed-8c44-4e22-b878-530327cf2a9c","actionId":"187875f2-ace7-48c1-bd3e-b3218dfbcf53"}'

Example response

HTTP/1.1 200 OK
Content-Length: 264
Content-Type: application/json;charset=UTF-8

{
  "id" : "20ec66b2-8749-4613-894f-ee333ee1cf7c",
  "resourceId" : "d75c19ed-8c44-4e22-b878-530327cf2a9c",
  "actionId" : "187875f2-ace7-48c1-bd3e-b3218dfbcf53",
  "description" : "Random Action 13 on All Random12",
  "createdAt" : "2020-11-24T15:51:16.821303Z"
}

Delete Policy

DELETE /policies/{id}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/policies/4fe8deb8-b773-4733-ad34-c3bf91843a9d' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJVQ1ZyeGRKT2E3UlNIR3RRcjFvSUZ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgwZGEyM2RkLWFiMzAtNGE1OS04NTFlLWZiOGJhZjk5NWZkZSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjg0MDc0OTIxLTI2NTctNDk4Mi1hNDdlLTA2MTVmNDBjMDIzNlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3Nn1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.TB0mzEIdEamvSXvl1lODk6gvoRi-u65cNslc--4-7wqssB0W60uJcIfvf8xmhWM6vXtrmsoYkqkIuvfkAlnJ2OEpD-z-t-5JwiYs1k32ZYAW3BcbjmxZiuSi_2JhN70pticWdcPlyrcSNk3Upp5YuaMJSML8ou5r1dMgxInTrMhP9V4o9He1zgDNwZ-Qe5D-0PmQwdzMvPGpQStqRXjgrk2-xW4iE0Sp5xGqN2PYkjPfRZXRvikSUcpM2PzDt-2T_m3Pa8yT6t7McQR3x5VVMkELqCDK4axxS3vZIc5hryvlSbj2eQ6F3m8X-I00MmeGrSz9PkIzLTZlMjFfADG1xg'

Example response

HTTP/1.1 200 OK

Grant Policy To Identity

PUT /policies/{id}/identity-grants/{identityId}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

identityId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/policies/d8943d3d-8baf-4696-ba3e-8ff0ee7f657e/identity-grants/3298d0ae-6bf2-479d-9ebe-0b552ba52fd9' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxMUl4NjAzNENsSWE4QVlyMGtIbzBRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjE5OGVkMzIyLTk4MjEtNDM1Ni05ZTAzLWIwNWQ3ZTY3NmM3MiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjAzOTU4ZmZmLTFkZTQtNDZkNi1iMjYxLTFiMzQ2OTNjNzcwN1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3Nn1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.XfWFO1zOGXpribL3SY61I1dMq8lL3XMIvwClQp5yohA4sNsA30NvJCsH59BmXAipnvWLZ0LJGkL4hI5AXrainsNADlbTnp1qd71_dCj6kx5EzFHSbx1V3mfaOkVGqCT8-UDPUp9nVE0nBiQcsABj-GzJ_gb6EKvE4b_eN58ccBYtNVyBMVVhacUxsh6AOd-VjEBeKoQdqyVVX55egWm9xZe0XD-FO2UPWcQJzma3Doe7IqNabtdN5lpK5CxHZpNvyift2C8fjhgiwS02KsGCI-lwDDjOmEOga_TlmtUBvdf0n0HqFqlEtq22xBaF1gliO2EHnU4aF_HdBR3Ujupdyw'

Example response

HTTP/1.1 200 OK

Revoke Policy From Identity

DELETE /policies/{id}/identity-grants/{identityId}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

identityId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/policies/97a011e0-ad12-4030-a1c9-1c2fc631f8b2/identity-grants/bf079ae0-6154-40d4-a35b-b769a6b6dd2f' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJpZmFvc3NITjFxM2FNX0RpQTFVR3dBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImUyYTViMGY0LTBhNzItNDNlMy1hOGQ4LWM2NzM1MjU4ODk4MiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcImE0MDA3ZGY4LWJhYzEtNDgxYS04ZWMzLTgzNzUyYTJhNjQyN1wiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3Nn1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.f33CmWyAUtY2fPYm_9YyaAFaOqX5Th_MAQwi5mKBZYbRppTRDaqP-jQTC0M8VRfGYYv32f7hhldLrDhBVZE6jNpAgrruhLopz7IsGtpqalYDEVe_OztmrcXUKr85__3TTO9WB-kkKSi-EHyBxC_PKnWpTtE9G3uifwfhOOM1Xj6CX4SMPeCciYWIWfAUlBIaA1Z6BEtwTDuka0rT3ZvVqnfEtgPoCCKIwMF9GCI0iSvv4yQj0hzXAHzOQRNG_GGtKvWv8qXD4rhYf0iv-2ugMPQXzKaUOHAdggyd8wW7-OeoSt9krjQJq8tb87EWhZkDBAF0cpFM6-oeyHtE7QN0eg'

Example response

HTTP/1.1 200 OK

Grant Policy To Role

PUT /policies/{id}/role-grants/{roleId}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

roleId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/policies/fd26d5e8-cbe1-496c-9ee9-85b16de47adb/role-grants/5fdcf000-55a0-41cb-a72f-0dd151f73f53' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJqWS05d2tHYTBHMkFGQjFiQTExVnV3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6Ijc0NDlkOGU1LTBkZjQtNDM1My1hMzNmLWM2OGZiZDk4NmM2NCIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjNmMjNhOTc5LTkzNjktNGI5YS04YTM3LWY0OTM2ZmY5YWRhZlwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3Nn1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.OTP03j9uHYvfc4wo1M0lGOj1tXit1YWD92-Xgqi2vzZgBxeXwYRZIt1zLqF5UD37D39KN9-Fi-Yd5M4Pgprv97ekA2DJUEmBOsrqQEB_FDLUPDgBkBG1uMvvOHuWf83vOCNgEn16RPh45CON-G3qZLTEiLNyt24yoHTKT9PamXsaCP5EkXZLNJGx4UR30pNVPkfksO5LcHt4CxjWae3U2zhNe-LzscleGO_gVPfX7Fd7H41WaEE12lBDPqEBJJI4b8GmypkK0yWfod-KEtu7AlrmGe5Biqb8M1hD-89TuCk6Wh7Zw4BrbXFOcc4ol-MQkUORjPYuHbkwNlsxYz_sWQ'

Example response

HTTP/1.1 200 OK

Revoke Policy From Role

DELETE /policies/{id}/role-grants/{roleId}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

roleId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/policies/54dc51e0-8e73-4ba3-90a6-f63f7a3ee606/role-grants/2093b236-6973-434a-a0c4-2e7965c59257' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJvbjhVOU0zS3FFa0hVQjJ6TVprYXVRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImQ5NzRhZTgwLWNhNTItNGRmMS1hYjE1LTJkMjQ4MTlhYmY4YSIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NiwiZXhwIjoxNjA2MjM2Njc2LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcIjYyODYyZjE5LWQ2ZGMtNDI2YS05MDAzLWM0MGJkMTFkNmQ2ZVwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3Nn1dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.HNyBeM5M32fiF8BTwSgbooTGkpAfnQ7abRY1pXg0xrsCmxLtJyyGBABgFs3yQi_kQKp16hx-RU9pGK8Zo7fE2cj_iw4EQyzQNl4U3le1OXc6qgt77DKGerzKTDBP1_A-bozcRyjwS389oQToAoMc89EG3zfkqzmPon9NzRPrxxKLSjLBMpPDNl2rOsYvRBQX26YnD52g_wdwuQ_0ePGLPNE0Uv3CIEU4_b5nqOVywDkEUNSdx5DzF6kl5LU0RsZ6Zbawi0ODxVLcxfCbArDE9sJy5GojZLWodK2OZYJqSWcythv4BJlCky2IMb3rnWp7nBi0yso7IOedXDhzzdDOrA'

Example response

HTTP/1.1 200 OK

Roles

Find Roles

GET /roles

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

nameLike

String

true

descriptionLike

String

true

policyId

Object

true

identityId

Object

true

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

name

String

false

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/roles' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Length: 1049
Content-Type: application/json;charset=UTF-8

{
  "content" : [ {
    "id" : "ce46aba4-d75b-11e9-b01a-d05099466715",
    "name" : "super-user",
    "description" : "Super User - All Access",
    "createdAt" : "2020-11-24T15:51:12.625763Z"
  }, {
    "id" : "ceea2e98-d75b-11e9-b01a-d05099466715",
    "name" : "Organization Admin",
    "description" : "All Actions on All Tenants",
    "createdAt" : "2020-11-24T15:51:12.625763Z"
  }, {
    "id" : "cf0481e9-d75b-11e9-b01a-d05099466715",
    "name" : "Organization (Read Only)",
    "description" : "Read Only Actions on All Tenants",
    "createdAt" : "2020-11-24T15:51:12.625763Z"
  } ],
  "pageable" : {
    "sort" : {
      "sorted" : false,
      "unsorted" : true,
      "empty" : true
    },
    "pageSize" : 20,
    "pageNumber" : 0,
    "offset" : 0,
    "unpaged" : false,
    "paged" : true
  },
  "totalPages" : 1,
  "last" : true,
  "totalElements" : 10,
  "numberOfElements" : 10,
  "sort" : {
    "sorted" : false,
    "unsorted" : true,
    "empty" : true
  },
  "first" : true,
  "number" : 0,
  "size" : 20,
  "empty" : false
}

Get Role

GET /roles/{idOrName}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

idOrName

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/roles/61d243d9-bbe0-4f15-8caa-a6e718146e48' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 167

{
  "id" : "61d243d9-bbe0-4f15-8caa-a6e718146e48",
  "name" : "Foo Admin",
  "description" : "All Foo related actions",
  "createdAt" : "2020-11-24T15:51:15.251635Z"
}

Create Role

POST /roles

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

false

description

String

false

Response fields

Path Type Optional Description

id

String

false

name

String

false

description

String

false

createdAt

String

false

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/roles' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"name":"Test Role 5384fd00-970e-4a48-874a-1d45d1affaaa","description":"Random test role"}'

Example response

HTTP/1.1 200 OK
Content-Length: 197
Content-Type: application/json;charset=UTF-8

{
  "id" : "379b2632-2ad8-44bc-b151-c95d67767088",
  "name" : "Test Role 5384fd00-970e-4a48-874a-1d45d1affaaa",
  "description" : "Random test role",
  "createdAt" : "2020-11-24T15:51:19.437662Z"
}

Delete Role

DELETE /roles/{id}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/roles/4c55bd8b-82e5-42a6-9c81-65cd2037b6fd' -i -X DELETE

Example response

HTTP/1.1 200 OK

Grant Role To Identity

PUT /roles/{id}/identity-grants/{identityId}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

identityId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/roles/961e08b2-9b56-4a61-b723-ad4df08b098f/identity-grants/3a40127f-8442-4ef9-969b-79e54b710257' -i -X PUT

Example response

HTTP/1.1 200 OK

Revoke Role From Identity

DELETE /roles/{id}/identity-grants/{identityId}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

id

Object

false

identityId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/roles/e96ff8fa-dd64-4923-9355-4b3c9ff4097c/identity-grants/b244982f-546f-4f47-8459-6d297d359ef1' -i -X DELETE

Example response

HTTP/1.1 200 OK

Claims

Find Claims

GET /claims

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

identityIdIn

Object

true

roleIdIn

Object

true

policyIdIn

Object

true

resourceNameLike

String

true

actionNameLike

String

true

audience

String

true

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

resource

String

false

The policy resource name.

action

String

false

The policy action name.

Example request

$ curl 'https://gateway.netFoundry.io/auth/v1/claims' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ4X1NZSGlmUXhraEZlVGpmWWRNcFpnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjEyYTJlZWFhLTI3ZjItNGJhNC1hNzQ5LWU3MzU1YzNhN2FlNiIsImF1ZCI6ImlvLm5ldGZvdW5kcnkuYXV0aCIsImlhdCI6MTYwNjIzMzA3NywiZXhwIjoxNjA2MjM2Njc3LCJncmFudHMtc3VwZXIiOiJbe1wiaWRcIjpcImJlMjUwNDRlLWViZDItNDQ0Zi1hZTVlLWNhMzhiOTc1ZTY0OFwiLFwibGFzdE1vZGlmaWVkXCI6MTYwNjIzMzA3N31dIiwiZ3JhbnRzLWN1c3RvbSI6IltdIiwiZ3JhbnRzLXB1YmxpYyI6Ilt7XCJpZFwiOlwiN2NjYzMwMzQtOWMwZS00MjYzLWIwYTgtYTljNTU3MTZlNjBlXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiNDFjMWVkZWEtOWQ2Yi00YmM5LTg0ODEtNWUwOWUyMjcyMTBmXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZjliMThmOTAtNjFkMS00ODI1LTg3NzYtYjU5YTBhNDI4Njg3XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjY0YTAxMjctYzM3OS00YzNjLTk0MzAtNzU2NDFjYzBiZmUzXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZGI5ZDM2YzktZDg1Yi00MjE3LTllNzctNzVkMzJjMGRkOTJhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiMjE3MTBkOGItZWI3Yy00ZTI1LWI5ZTgtYTIzNWY4ZThkNzE5XCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZmFkYTI2OTItNjUzOS00ZWQwLWE4MWEtZjRmM2U4ODg5NDdhXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDczfSx7XCJpZFwiOlwiZWU0MDM3NGUtYTVlYS00ODBmLWIzOTQtMTVlYWQwMjRmMTYwXCIsXCJsYXN0TW9kaWZpZWRcIjoxNjA2MjMzMDc1fV0iLCJncmFudHMtYWN0aW9uIjoiW10iLCJncmFudHMtc3RhbmRhcmQiOiJbXSJ9.ZuwK6kZ4creuzcSEdeBGsIqyAdo8o3NqXIj-xkotJ9NnxdOA_uxU9WIDg4o4Ej9L9-_6z623pX3z6KCCRcL7oughZJNepxJEg_WPrOiiU769WMki33GKoWr6sw11hcUjsyCGySFbWziAXL-y22YuB7V03ZIhH50As8tOYw_poCFyBnMp7J1i-HYLxPy8VaSxtRo8mTgrDrkNEoRxCawODFJ7v63qJgRFN4VC46jKyiSJ-QoeKp_Fjz657zoyYE3lQn9fhVem9Cv0voYPcYEjhmxynmdw-SUgYhdXGK6P1crbvGVzjKgZAPsXW8wyawt4vvUdixihzaa6o4ZLrqNW9Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 532

{
  "content" : [ {
    "resource" : "nfrn:tenants:*",
    "action" : "tenants:get-tenants"
  }, {
    "resource" : "nfrn:tenants:*",
    "action" : "tenants:get-tenants"
  }, {
    "resource" : "nfrn:orgs:*:billingkeys:*",
    "action" : "billing:create-keys"
  } ],
  "pageable" : "INSTANCE",
  "totalPages" : 1,
  "last" : true,
  "totalElements" : 21,
  "numberOfElements" : 21,
  "sort" : {
    "sorted" : false,
    "unsorted" : true,
    "empty" : true
  },
  "first" : true,
  "number" : 0,
  "size" : 0,
  "empty" : false
}