コンテンツにスキップ

IAM API

The IAM API provides management capabilities for users, roles, policies, and access tokens.

Authentication

All IAM API endpoints require Bearer token authentication.

--header 'Authorization: Bearer xxx'

Authorization Levels

The IAM API has the following authorization levels:

  • General Access: Basic user information retrieval and updates
  • Project Authorization: Management of project-related resources (authzWithProject)
  • Admin Only: Accessible only to system administrators (authzOnlyAdmin)

ListUser

Retrieve a list of users.

Endpoint

GET: /iam/list-user/

Parameters

Name Type In Required Description
user_id number query User ID
sub string query User subject

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/list-user/'

Response

Status: 200 OK
{
  "data": {
    "user": [
      {
        "user_id": 1001,
        "sub": "user-sub-001",
        "name": "User Name",
        "user_idp_key": "idp-key-001",
        "activated": true,
        "created_at": 1629337534,
        "updated_at": 1629337534
      }
    ]
  }
}

GetUser

Retrieve detailed user information.

Endpoint

GET: /iam/get-user/

Parameters

Name Type In Required Description
user_id number query yes User ID

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/get-user/?user_id=1001'

Response

Status: 200 OK
{
  "data": {
    "user": {
      "user_id": 1001,
      "sub": "user-sub-001",
      "name": "User Name",
      "user_idp_key": "idp-key-001",
      "activated": true,
      "created_at": 1629337534,
      "updated_at": 1629337534
    }
  }
}

IsAdmin

Check if a user has administrator privileges.

Endpoint

GET: /iam/is-admin/

Parameters

Name Type In Required Description
user_id number query yes User ID

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/is-admin/?user_id=1001'

Response

Status: 200 OK
{
  "data": {
    "admin": true
  }
}

PutUser

Create or update user information.

Endpoint

POST: /iam/put-user/

Parameters

Name Type In Required Description
user.name string body yes User name
user.activated boolean body Activation status

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"user": {"name": "New User Name", "activated": true}}' \
    'https://{your-site}/api/v1/iam/put-user/'

Response

Status: 200 OK
{
  "data": {
    "user": {
      "user_id": 1001,
      "sub": "user-sub-001",
      "name": "New User Name",
      "user_idp_key": "idp-key-001",
      "activated": true,
      "created_at": 1629337534,
      "updated_at": 1629947204
    }
  }
}

ListRole

Retrieve a list of roles. (Project authorization required)

Endpoint

GET: /iam/list-role/

Parameters

Name Type In Required Description
project_id number query yes Project ID
role_id number query Role ID
name string query Role name

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/list-role/?project_id=1001'

Response

Status: 200 OK
{
  "data": {
    "role": [
      {
        "role_id": 1001,
        "name": "admin",
        "project_id": 1001,
        "created_at": 1629337534,
        "updated_at": 1629337534
      }
    ]
  }
}

GetRole

Retrieve detailed role information. (Project authorization required)

Endpoint

GET: /iam/get-role/

Parameters

Name Type In Required Description
project_id number query yes Project ID
role_id number query yes Role ID

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/get-role/?project_id=1001&role_id=1001'

Response

Status: 200 OK
{
  "data": {
    "role": {
      "role_id": 1001,
      "name": "admin",
      "project_id": 1001,
      "created_at": 1629337534,
      "updated_at": 1629337534
    }
  }
}

PutRole

Create or update a role. (Project authorization required)

Endpoint

POST: /iam/put-role/

Parameters

Name Type In Required Description
project_id number body yes Project ID
role.name string body yes Role name
role.project_id number body yes Project ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "role": {"name": "editor", "project_id": 1001}}' \
    'https://{your-site}/api/v1/iam/put-role/'

Response

Status: 200 OK
{
  "data": {
    "role": {
      "role_id": 1002,
      "name": "editor",
      "project_id": 1001,
      "created_at": 1629947204,
      "updated_at": 1629947204
    }
  }
}

DeleteRole

Delete a role. (Project authorization required)

Endpoint

POST: /iam/delete-role/

Parameters

Name Type In Required Description
project_id number body yes Project ID
role_id number body yes Role ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "role_id": 1002}' \
    'https://{your-site}/api/v1/iam/delete-role/'

Response

Status: 200 OK
{"data":{}}

AttachRole

Assign a role to a user. (Project authorization required)

Endpoint

POST: /iam/attach-role/

Parameters

Name Type In Required Description
project_id number body yes Project ID
user_id number body yes User ID
role_id number body yes Role ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "user_id": 1001, "role_id": 1001}' \
    'https://{your-site}/api/v1/iam/attach-role/'

Response

Status: 200 OK
{
  "data": {
    "user_role": {
      "user_id": 1001,
      "role_id": 1001,
      "project_id": 1001,
      "created_at": 1629947204,
      "updated_at": 1629947204
    }
  }
}

DetachRole

Remove a role from a user. (Project authorization required)

Endpoint

POST: /iam/detach-role/

Parameters

Name Type In Required Description
project_id number body yes Project ID
user_id number body yes User ID
role_id number body yes Role ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "user_id": 1001, "role_id": 1001}' \
    'https://{your-site}/api/v1/iam/detach-role/'

Response

Status: 200 OK
{"data":{}}

ListPolicy

Retrieve a list of policies. (Project authorization required)

Endpoint

GET: /iam/list-policy/

Parameters

Name Type In Required Description
project_id number query yes Project ID
policy_id number query Policy ID
name string query Policy name

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/list-policy/?project_id=1001'

Response

Status: 200 OK
{
  "data": {
    "policy": [
      {
        "policy_id": 1001,
        "name": "ReadOnlyPolicy",
        "project_id": 1001,
        "action_ptn": "finding:ListFinding",
        "resource_ptn": "*",
        "created_at": 1629337534,
        "updated_at": 1629337534
      }
    ]
  }
}

GetPolicy

Retrieve detailed policy information. (Project authorization required)

Endpoint

GET: /iam/get-policy/

Parameters

Name Type In Required Description
project_id number query yes Project ID
policy_id number query yes Policy ID

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/get-policy/?project_id=1001&policy_id=1001'

Response

Status: 200 OK
{
  "data": {
    "policy": {
      "policy_id": 1001,
      "name": "ReadOnlyPolicy",
      "project_id": 1001,
      "action_ptn": "finding:ListFinding",
      "resource_ptn": "*",
      "created_at": 1629337534,
      "updated_at": 1629337534
    }
  }
}

PutPolicy

Create or update a policy. (Project authorization required)

Endpoint

POST: /iam/put-policy/

Parameters

Name Type In Required Description
project_id number body yes Project ID
policy.name string body yes Policy name
policy.project_id number body yes Project ID
policy.action_ptn string body yes Action pattern
policy.resource_ptn string body yes Resource pattern

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "policy": {"name": "WritePolicy", "project_id": 1001, "action_ptn": "finding:*", "resource_ptn": "*"}}' \
    'https://{your-site}/api/v1/iam/put-policy/'

Response

Status: 200 OK
{
  "data": {
    "policy": {
      "policy_id": 1002,
      "name": "WritePolicy",
      "project_id": 1001,
      "action_ptn": "finding:*",
      "resource_ptn": "*",
      "created_at": 1629947204,
      "updated_at": 1629947204
    }
  }
}

DeletePolicy

Delete a policy. (Project authorization required)

Endpoint

POST: /iam/delete-policy/

Parameters

Name Type In Required Description
project_id number body yes Project ID
policy_id number body yes Policy ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "policy_id": 1002}' \
    'https://{your-site}/api/v1/iam/delete-policy/'

Response

Status: 200 OK
{"data":{}}

AttachPolicy

Assign a policy to a role. (Project authorization required)

Endpoint

POST: /iam/attach-policy/

Parameters

Name Type In Required Description
project_id number body yes Project ID
role_id number body yes Role ID
policy_id number body yes Policy ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "role_id": 1001, "policy_id": 1001}' \
    'https://{your-site}/api/v1/iam/attach-policy/'

Response

Status: 200 OK
{
  "data": {
    "role_policy": {
      "role_id": 1001,
      "policy_id": 1001,
      "project_id": 1001,
      "created_at": 1629947204,
      "updated_at": 1629947204
    }
  }
}

DetachPolicy

Remove a policy from a role. (Project authorization required)

Endpoint

POST: /iam/detach-policy/

Parameters

Name Type In Required Description
project_id number body yes Project ID
role_id number body yes Role ID
policy_id number body yes Policy ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "role_id": 1001, "policy_id": 1001}' \
    'https://{your-site}/api/v1/iam/detach-policy/'

Response

Status: 200 OK
{"data":{}}

ListAccessToken

Retrieve a list of access tokens. (Project authorization required)

Endpoint

GET: /iam/list-access-token/

Parameters

Name Type In Required Description
project_id number query yes Project ID
access_token_id number query Access token ID
name string query Token name

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/list-access-token/?project_id=1001'

Response

Status: 200 OK
{
  "data": {
    "access_token": [
      {
        "access_token_id": 1001,
        "name": "api-token-001",
        "description": "API token",
        "project_id": 1001,
        "expired_at": 1660873534,
        "created_at": 1629337534,
        "updated_at": 1629337534
      }
    ]
  }
}

GenerateAccessToken

Generate a new access token. (Project authorization required)

Endpoint

POST: /iam/generate-access-token/

Parameters

Name Type In Required Description
project_id number body yes Project ID
access_token.name string body yes Token name
access_token.description string body Token description
access_token.project_id number body yes Project ID
access_token.expired_at number body yes Expiration time (Unix timestamp)

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "access_token": {"name": "new-api-token", "description": "New API token", "project_id": 1001, "expired_at": 1660873534}}' \
    'https://{your-site}/api/v1/iam/generate-access-token/'

Response

Status: 200 OK
{
  "data": {
    "access_token_id": 1002,
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }
}

UpdateAccessToken

Update an access token. (Project authorization required)

Endpoint

POST: /iam/update-access-token/

Parameters

Name Type In Required Description
project_id number body yes Project ID
access_token.access_token_id number body yes Access token ID
access_token.name string body Token name
access_token.description string body Token description
access_token.expired_at number body Expiration time (Unix timestamp)

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "access_token": {"access_token_id": 1002, "name": "updated-api-token", "description": "Updated API token"}}' \
    'https://{your-site}/api/v1/iam/update-access-token/'

Response

Status: 200 OK
{
  "data": {
    "access_token": {
      "access_token_id": 1002,
      "name": "updated-api-token",
      "description": "Updated API token",
      "project_id": 1001,
      "expired_at": 1660873534,
      "created_at": 1629337534,
      "updated_at": 1629947204
    }
  }
}

DeleteAccessToken

Delete an access token. (Project authorization required)

Endpoint

POST: /iam/delete-access-token/

Parameters

Name Type In Required Description
project_id number body yes Project ID
access_token_id number body yes Access token ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "access_token_id": 1002}' \
    'https://{your-site}/api/v1/iam/delete-access-token/'

Response

Status: 200 OK
{"data":{}}

AttachAccessToken

Assign a role to an access token. (Project authorization required)

Endpoint

POST: /iam/attach-access-token/

Parameters

Name Type In Required Description
project_id number body yes Project ID
access_token_id number body yes Access token ID
role_id number body yes Role ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "access_token_id": 1001, "role_id": 1001}' \
    'https://{your-site}/api/v1/iam/attach-access-token/'

Response

Status: 200 OK
{
  "data": {
    "access_token_role": {
      "access_token_id": 1001,
      "role_id": 1001,
      "project_id": 1001,
      "created_at": 1629947204,
      "updated_at": 1629947204
    }
  }
}

DetachAccessToken

Remove a role from an access token. (Project authorization required)

Endpoint

POST: /iam/detach-access-token/

Parameters

Name Type In Required Description
project_id number body yes Project ID
access_token_id number body yes Access token ID
role_id number body yes Role ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "access_token_id": 1001, "role_id": 1001}' \
    'https://{your-site}/api/v1/iam/detach-access-token/'

Response

Status: 200 OK
{"data":{}}

ListUserReserved

Retrieve a list of reserved users. (Project authorization required)

Endpoint

GET: /iam/list-user-reserved/

Parameters

Name Type In Required Description
project_id number query yes Project ID
reserved_id number query Reserved ID

Code Sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/iam/list-user-reserved/?project_id=1001'

Response

Status: 200 OK
{
  "data": {
    "user_reserved": [
      {
        "reserved_id": 1001,
        "user_idp_key": "reserved-user-001",
        "role_id": 1001,
        "project_id": 1001,
        "created_at": 1629337534,
        "updated_at": 1629337534
      }
    ]
  }
}

PutUserReserved

Create or update a reserved user. (Project authorization required)

Endpoint

POST: /iam/put-user-reserved/

Parameters

Name Type In Required Description
project_id number body yes Project ID
user_reserved.user_idp_key string body yes User IDP key
user_reserved.role_id number body yes Role ID
user_reserved.project_id number body yes Project ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "user_reserved": {"user_idp_key": "new-reserved-user", "role_id": 1001, "project_id": 1001}}' \
    'https://{your-site}/api/v1/iam/put-user-reserved/'

Response

Status: 200 OK
{
  "data": {
    "user_reserved": {
      "reserved_id": 1002,
      "user_idp_key": "new-reserved-user",
      "role_id": 1001,
      "project_id": 1001,
      "created_at": 1629947204,
      "updated_at": 1629947204
    }
  }
}

DeleteUserReserved

Delete a reserved user. (Project authorization required)

Endpoint

POST: /iam/delete-user-reserved/

Parameters

Name Type In Required Description
project_id number body yes Project ID
reserved_id number body yes Reserved ID

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id": 1001, "reserved_id": 1002}' \
    'https://{your-site}/api/v1/iam/delete-user-reserved/'

Response

Status: 200 OK
{"data":{}}

UpdateUserAdmin

Update user administrator privileges. (Admin only)

Endpoint

POST: /admin/update-user-admin/

Parameters

Name Type In Required Description
user_id number body yes User ID
admin boolean body yes Administrator privilege status

Code Sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"user_id": 1001, "admin": true}' \
    'https://{your-site}/api/v1/admin/update-user-admin/'

Response

Status: 200 OK
{
  "data": {
    "user": {
      "user_id": 1001,
      "sub": "user-sub-001",
      "name": "User Name",
      "user_idp_key": "idp-key-001",
      "activated": true,
      "admin": true,
      "created_at": 1629337534,
      "updated_at": 1629947204
    }
  }
}