IAM API¶
The IAM API provides management capabilities for users, roles, policies, and access tokens.
Authentication¶
All IAM API endpoints require Bearer token authentication.
--header 'Authorization: Bearer xxx'
Authorization Levels¶
The IAM API has the following authorization levels:
- General Access: Basic user information retrieval and updates
- Project Authorization: Management of project-related resources (
authzWithProject
) - Admin Only: Accessible only to system administrators (
authzOnlyAdmin
)
ListUser¶
Retrieve a list of users.
Endpoint¶
GET: /iam/list-user/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
user_id |
number | query | User ID | |
sub |
string | query | User subject |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/list-user/'
Response¶
Status: 200 OK
{
"data": {
"user": [
{
"user_id": 1001,
"sub": "user-sub-001",
"name": "User Name",
"user_idp_key": "idp-key-001",
"activated": true,
"created_at": 1629337534,
"updated_at": 1629337534
}
]
}
}
GetUser¶
Retrieve detailed user information.
Endpoint¶
GET: /iam/get-user/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
user_id |
number | query | yes | User ID |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/get-user/?user_id=1001'
Response¶
Status: 200 OK
{
"data": {
"user": {
"user_id": 1001,
"sub": "user-sub-001",
"name": "User Name",
"user_idp_key": "idp-key-001",
"activated": true,
"created_at": 1629337534,
"updated_at": 1629337534
}
}
}
IsAdmin¶
Check if a user has administrator privileges.
Endpoint¶
GET: /iam/is-admin/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
user_id |
number | query | yes | User ID |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/is-admin/?user_id=1001'
Response¶
Status: 200 OK
{
"data": {
"admin": true
}
}
PutUser¶
Create or update user information.
Endpoint¶
POST: /iam/put-user/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
user.name |
string | body | yes | User name |
user.activated |
boolean | body | Activation status |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"user": {"name": "New User Name", "activated": true}}' \
'https://{your-site}/api/v1/iam/put-user/'
Response¶
Status: 200 OK
{
"data": {
"user": {
"user_id": 1001,
"sub": "user-sub-001",
"name": "New User Name",
"user_idp_key": "idp-key-001",
"activated": true,
"created_at": 1629337534,
"updated_at": 1629947204
}
}
}
ListRole¶
Retrieve a list of roles. (Project authorization required)
Endpoint¶
GET: /iam/list-role/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | query | yes | Project ID |
role_id |
number | query | Role ID | |
name |
string | query | Role name |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/list-role/?project_id=1001'
Response¶
Status: 200 OK
{
"data": {
"role": [
{
"role_id": 1001,
"name": "admin",
"project_id": 1001,
"created_at": 1629337534,
"updated_at": 1629337534
}
]
}
}
GetRole¶
Retrieve detailed role information. (Project authorization required)
Endpoint¶
GET: /iam/get-role/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | query | yes | Project ID |
role_id |
number | query | yes | Role ID |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/get-role/?project_id=1001&role_id=1001'
Response¶
Status: 200 OK
{
"data": {
"role": {
"role_id": 1001,
"name": "admin",
"project_id": 1001,
"created_at": 1629337534,
"updated_at": 1629337534
}
}
}
PutRole¶
Create or update a role. (Project authorization required)
Endpoint¶
POST: /iam/put-role/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
role.name |
string | body | yes | Role name |
role.project_id |
number | body | yes | Project ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "role": {"name": "editor", "project_id": 1001}}' \
'https://{your-site}/api/v1/iam/put-role/'
Response¶
Status: 200 OK
{
"data": {
"role": {
"role_id": 1002,
"name": "editor",
"project_id": 1001,
"created_at": 1629947204,
"updated_at": 1629947204
}
}
}
DeleteRole¶
Delete a role. (Project authorization required)
Endpoint¶
POST: /iam/delete-role/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
role_id |
number | body | yes | Role ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "role_id": 1002}' \
'https://{your-site}/api/v1/iam/delete-role/'
Response¶
Status: 200 OK
{"data":{}}
AttachRole¶
Assign a role to a user. (Project authorization required)
Endpoint¶
POST: /iam/attach-role/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
user_id |
number | body | yes | User ID |
role_id |
number | body | yes | Role ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "user_id": 1001, "role_id": 1001}' \
'https://{your-site}/api/v1/iam/attach-role/'
Response¶
Status: 200 OK
{
"data": {
"user_role": {
"user_id": 1001,
"role_id": 1001,
"project_id": 1001,
"created_at": 1629947204,
"updated_at": 1629947204
}
}
}
DetachRole¶
Remove a role from a user. (Project authorization required)
Endpoint¶
POST: /iam/detach-role/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
user_id |
number | body | yes | User ID |
role_id |
number | body | yes | Role ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "user_id": 1001, "role_id": 1001}' \
'https://{your-site}/api/v1/iam/detach-role/'
Response¶
Status: 200 OK
{"data":{}}
ListPolicy¶
Retrieve a list of policies. (Project authorization required)
Endpoint¶
GET: /iam/list-policy/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | query | yes | Project ID |
policy_id |
number | query | Policy ID | |
name |
string | query | Policy name |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/list-policy/?project_id=1001'
Response¶
Status: 200 OK
{
"data": {
"policy": [
{
"policy_id": 1001,
"name": "ReadOnlyPolicy",
"project_id": 1001,
"action_ptn": "finding:ListFinding",
"resource_ptn": "*",
"created_at": 1629337534,
"updated_at": 1629337534
}
]
}
}
GetPolicy¶
Retrieve detailed policy information. (Project authorization required)
Endpoint¶
GET: /iam/get-policy/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | query | yes | Project ID |
policy_id |
number | query | yes | Policy ID |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/get-policy/?project_id=1001&policy_id=1001'
Response¶
Status: 200 OK
{
"data": {
"policy": {
"policy_id": 1001,
"name": "ReadOnlyPolicy",
"project_id": 1001,
"action_ptn": "finding:ListFinding",
"resource_ptn": "*",
"created_at": 1629337534,
"updated_at": 1629337534
}
}
}
PutPolicy¶
Create or update a policy. (Project authorization required)
Endpoint¶
POST: /iam/put-policy/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
policy.name |
string | body | yes | Policy name |
policy.project_id |
number | body | yes | Project ID |
policy.action_ptn |
string | body | yes | Action pattern |
policy.resource_ptn |
string | body | yes | Resource pattern |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "policy": {"name": "WritePolicy", "project_id": 1001, "action_ptn": "finding:*", "resource_ptn": "*"}}' \
'https://{your-site}/api/v1/iam/put-policy/'
Response¶
Status: 200 OK
{
"data": {
"policy": {
"policy_id": 1002,
"name": "WritePolicy",
"project_id": 1001,
"action_ptn": "finding:*",
"resource_ptn": "*",
"created_at": 1629947204,
"updated_at": 1629947204
}
}
}
DeletePolicy¶
Delete a policy. (Project authorization required)
Endpoint¶
POST: /iam/delete-policy/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
policy_id |
number | body | yes | Policy ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "policy_id": 1002}' \
'https://{your-site}/api/v1/iam/delete-policy/'
Response¶
Status: 200 OK
{"data":{}}
AttachPolicy¶
Assign a policy to a role. (Project authorization required)
Endpoint¶
POST: /iam/attach-policy/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
role_id |
number | body | yes | Role ID |
policy_id |
number | body | yes | Policy ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "role_id": 1001, "policy_id": 1001}' \
'https://{your-site}/api/v1/iam/attach-policy/'
Response¶
Status: 200 OK
{
"data": {
"role_policy": {
"role_id": 1001,
"policy_id": 1001,
"project_id": 1001,
"created_at": 1629947204,
"updated_at": 1629947204
}
}
}
DetachPolicy¶
Remove a policy from a role. (Project authorization required)
Endpoint¶
POST: /iam/detach-policy/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
role_id |
number | body | yes | Role ID |
policy_id |
number | body | yes | Policy ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "role_id": 1001, "policy_id": 1001}' \
'https://{your-site}/api/v1/iam/detach-policy/'
Response¶
Status: 200 OK
{"data":{}}
ListAccessToken¶
Retrieve a list of access tokens. (Project authorization required)
Endpoint¶
GET: /iam/list-access-token/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | query | yes | Project ID |
access_token_id |
number | query | Access token ID | |
name |
string | query | Token name |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/list-access-token/?project_id=1001'
Response¶
Status: 200 OK
{
"data": {
"access_token": [
{
"access_token_id": 1001,
"name": "api-token-001",
"description": "API token",
"project_id": 1001,
"expired_at": 1660873534,
"created_at": 1629337534,
"updated_at": 1629337534
}
]
}
}
GenerateAccessToken¶
Generate a new access token. (Project authorization required)
Endpoint¶
POST: /iam/generate-access-token/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
access_token.name |
string | body | yes | Token name |
access_token.description |
string | body | Token description | |
access_token.project_id |
number | body | yes | Project ID |
access_token.expired_at |
number | body | yes | Expiration time (Unix timestamp) |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "access_token": {"name": "new-api-token", "description": "New API token", "project_id": 1001, "expired_at": 1660873534}}' \
'https://{your-site}/api/v1/iam/generate-access-token/'
Response¶
Status: 200 OK
{
"data": {
"access_token_id": 1002,
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}
UpdateAccessToken¶
Update an access token. (Project authorization required)
Endpoint¶
POST: /iam/update-access-token/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
access_token.access_token_id |
number | body | yes | Access token ID |
access_token.name |
string | body | Token name | |
access_token.description |
string | body | Token description | |
access_token.expired_at |
number | body | Expiration time (Unix timestamp) |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "access_token": {"access_token_id": 1002, "name": "updated-api-token", "description": "Updated API token"}}' \
'https://{your-site}/api/v1/iam/update-access-token/'
Response¶
Status: 200 OK
{
"data": {
"access_token": {
"access_token_id": 1002,
"name": "updated-api-token",
"description": "Updated API token",
"project_id": 1001,
"expired_at": 1660873534,
"created_at": 1629337534,
"updated_at": 1629947204
}
}
}
DeleteAccessToken¶
Delete an access token. (Project authorization required)
Endpoint¶
POST: /iam/delete-access-token/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
access_token_id |
number | body | yes | Access token ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "access_token_id": 1002}' \
'https://{your-site}/api/v1/iam/delete-access-token/'
Response¶
Status: 200 OK
{"data":{}}
AttachAccessToken¶
Assign a role to an access token. (Project authorization required)
Endpoint¶
POST: /iam/attach-access-token/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
access_token_id |
number | body | yes | Access token ID |
role_id |
number | body | yes | Role ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "access_token_id": 1001, "role_id": 1001}' \
'https://{your-site}/api/v1/iam/attach-access-token/'
Response¶
Status: 200 OK
{
"data": {
"access_token_role": {
"access_token_id": 1001,
"role_id": 1001,
"project_id": 1001,
"created_at": 1629947204,
"updated_at": 1629947204
}
}
}
DetachAccessToken¶
Remove a role from an access token. (Project authorization required)
Endpoint¶
POST: /iam/detach-access-token/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
access_token_id |
number | body | yes | Access token ID |
role_id |
number | body | yes | Role ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "access_token_id": 1001, "role_id": 1001}' \
'https://{your-site}/api/v1/iam/detach-access-token/'
Response¶
Status: 200 OK
{"data":{}}
ListUserReserved¶
Retrieve a list of reserved users. (Project authorization required)
Endpoint¶
GET: /iam/list-user-reserved/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | query | yes | Project ID |
reserved_id |
number | query | Reserved ID |
Code Sample¶
curl -XGET \
--header 'Authorization: Bearer xxx' \
'https://{your-site}/api/v1/iam/list-user-reserved/?project_id=1001'
Response¶
Status: 200 OK
{
"data": {
"user_reserved": [
{
"reserved_id": 1001,
"user_idp_key": "reserved-user-001",
"role_id": 1001,
"project_id": 1001,
"created_at": 1629337534,
"updated_at": 1629337534
}
]
}
}
PutUserReserved¶
Create or update a reserved user. (Project authorization required)
Endpoint¶
POST: /iam/put-user-reserved/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
user_reserved.user_idp_key |
string | body | yes | User IDP key |
user_reserved.role_id |
number | body | yes | Role ID |
user_reserved.project_id |
number | body | yes | Project ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "user_reserved": {"user_idp_key": "new-reserved-user", "role_id": 1001, "project_id": 1001}}' \
'https://{your-site}/api/v1/iam/put-user-reserved/'
Response¶
Status: 200 OK
{
"data": {
"user_reserved": {
"reserved_id": 1002,
"user_idp_key": "new-reserved-user",
"role_id": 1001,
"project_id": 1001,
"created_at": 1629947204,
"updated_at": 1629947204
}
}
}
DeleteUserReserved¶
Delete a reserved user. (Project authorization required)
Endpoint¶
POST: /iam/delete-user-reserved/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
project_id |
number | body | yes | Project ID |
reserved_id |
number | body | yes | Reserved ID |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"project_id": 1001, "reserved_id": 1002}' \
'https://{your-site}/api/v1/iam/delete-user-reserved/'
Response¶
Status: 200 OK
{"data":{}}
UpdateUserAdmin¶
Update user administrator privileges. (Admin only)
Endpoint¶
POST: /admin/update-user-admin/
Parameters¶
Name | Type | In | Required | Description |
---|---|---|---|---|
user_id |
number | body | yes | User ID |
admin |
boolean | body | yes | Administrator privilege status |
Code Sample¶
curl -XPOST \
--header 'Authorization: Bearer xxx' \
--header 'Content-Type: application/json' \
--data '{"user_id": 1001, "admin": true}' \
'https://{your-site}/api/v1/admin/update-user-admin/'
Response¶
Status: 200 OK
{
"data": {
"user": {
"user_id": 1001,
"sub": "user-sub-001",
"name": "User Name",
"user_idp_key": "idp-key-001",
"activated": true,
"admin": true,
"created_at": 1629337534,
"updated_at": 1629947204
}
}
}