Authentication

To manage data in a vault, you need to create and authenticate a service account for the vault. See Create a Service Account for a tutorial. Once you’ve done that, you should have a Bearer Token for your service account. To authenticate your requests, simply include it as a header parameter as follows:

authorization : Bearer {BEARER_TOKEN}.

Bearer

Access token, prefixed by Bearer: Bearer <token>. Retrieved using Generate Tokens End-Point

Security Scheme Type API Key
Header parameter name: Authorization

Accounts

List Accounts

Lists accounts that the context user has access to.

Authorizations:
query Parameters
userID
string

User ID.

name
string

Optional name filter.

status
string
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"

Optional status filter.

  • NONE: NONE is undefined and should not be used.
offset
string <int64>
Default: "0"

Pagination Offset. - indicates the record number to start retrieving data.

limit
string <int64>
Default: "25"

Pagination Limit. - indicates the number of records to retrieve.

accountID
string

Optional parent Account ID. If specified, only Accounts under the parent will be returned..

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/accounts?userID=string&name=string&status=NONE&offset=0&limit=25&accountID=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "Account": {
    }
}

Create Account

Create an account. This also internally creates a Master API Key which can be used to access all the resources and sub-resources of this account.

Authorizations:
Request Body schema: application/json
object (v1Account)

Responses

Request samples

Content type
application/json
{
  • "Account": {
    }
}

Response samples

Content type
application/json
{
  • "ID": "string",
  • "defaultWorkspaceID": "string"
}

Get Account By ID

Retreives the account using the provided ID.

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/accounts/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "Account": {
    }
}

Delete Account

Deletes the account and its child entities with the given ID.

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X DELETE \
  https://manage.skyflowapis.com/v1/accounts/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "ID": "string"
}

Update Account

Updates the account with the given ID.

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
object (v1Account)
ID
string (ID to uniquely update an account.)

Responses

Request samples

Content type
application/json
{
  • "Account": {
    },
  • "ID": "string"
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

List Members

Lists members belonging to the provided account.

Authorizations:
path Parameters
ID
required
string
query Parameters
filterOps.email
string

Email filter.

filterOps.type
string
Default: "NONE"
Enum: "NONE" "USER" "GROUP" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT"

Member Type filter.

  • NONE: NONE is undefined and should not be used.
  • USER: Indicates the Member is of type User.
  • GROUP: Indicates the Member is of type Group.
  • SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount.
  • SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
filterOps.name
string

Name filter.

filterOps.status
string
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"

Status filter.

  • NONE: NONE is undefined and should not be used.
sortOps.sortBy
string

Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).

sortOps.orderBy
string
Default: "ASCENDING"
Enum: "ASCENDING" "DESCENDING"

Either ascending or descending order specification.

offset
string <int64>
Default: "0"

Pagination offset. - indicates the record number to start retrieving data

limit
string <int64>
Default: "25"

Pagination limit. - indicates the number of records to retrieve

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/accounts/:ID/members?filterOps.email=string&filterOps.type=NONE&filterOps.name=string&filterOps.status=NONE&sortOps.sortBy=string&sortOps.orderBy=ASCENDING&offset=0&limit=25' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "result": { },
  • "error": {
    }
}

Update Account Status

Updates an account's status.

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (ID of the directory object to update)
status
string (v1ObjectStatus)
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"
  • NONE: NONE is undefined and should not be used.

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "status": "NONE"
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Audit

Returns Audit Events based on the query parameters

Based on the request query parameters, the api returns a list of audit events which meets the criteria

Authorizations:
query Parameters
filterOps.context.changeID
string

Unique ID for Audit Event.

filterOps.context.requestID
string

Internal autogenerated Request ID unique for each request.

filterOps.context.traceID
string

Trace ID of the request made by client.

filterOps.context.sessionID
string

Session ID as part of which the user is executing queries.

filterOps.context.actor
string

Actor for the request. Based on actortype, Format for the actor could be - userID or emailID or serviceAccountID

filterOps.context.actorType
string
Default: "NONE"
Enum: "NONE" "USER" "GROUP" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT"

ActorType for the request. It could be USER or SERVICE_ACCOUNT

  • NONE: NONE is undefined and should not be used.
  • USER: Indicates the Member is of type User.
  • GROUP: Indicates the Member is of type Group.
  • SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount.
  • SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
filterOps.context.accessType
string
Default: "ACCESS_NONE"
Enum: "ACCESS_NONE" "API" "SQL"

The access type of the request. The access type could be (API, SQL etc.)

filterOps.parentAccountID
string

The parent accountID of the resource.

filterOps.accountID
string

The accountID of the resource.

filterOps.workspaceID
string

The workspaceID of the resource.

filterOps.vaultID
string

The vaultID of the resource.

filterOps.resourceIDs
string

Resources associated with the request (Comma Separated). This is to provide better search capabilities. (Comma Separated). Could be group resource and user resource ids and types. Key will be of the form 'vault/id', 'user/id', etc. Any single Resource matches, the result will be returned

filterOps.actionType
string
Default: "NONE"
Enum: "NONE" "ASSIGN" "CREATE" "DELETE" "EXECUTE" "LIST" "READ" "UNASSIGN" "UPDATE" "VALIDATE" "LOGIN"

The audit action type (INSERT, UPDATE, etc).

filterOps.resourceType
string
Default: "NONE_API"
Enum: "NONE_API" "ACCOUNT" "AUDIT" "BASE_DATA_TYPE" "FIELD_TEMPLATE" "FILE" "GROUP" "KEY" "POLICY" "PROTO_PARSE" "RECORD" "ROLE" "RULE" "SECRET" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT" "TOKEN" "USER" "VAULT" "VAULT_TEMPLATE" "WORKFLOW" "WORKFLOW_RUN" "WORKSPACE" "TABLE" "POLICY_TEMPLATE" "MEMBER" "VAULTFUNCTIONCONFIG"

The resource method name. The Resource method names as in api docs

filterOps.tags
string

Tags associated with Event if any (Comma Separated). This is to provide better search capabilities (Comma Separated). Where Keys could be login, get, dml, etc. Any single Tag matches, the result will be returned

filterOps.responseCode
integer <int32>

The https response code for the operation.

filterOps.startTime
string

The start timestamp for the query.

filterOps.endTime
string

The end timestamp for the query.

filterOps.apiName
string

api name (grpc service name).

filterOps.responseMessage
string

response or error message, like SUCCESS etc....

sortOps.sortBy
string

Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).

sortOps.orderBy
string
Default: "ASCENDING"
Enum: "ASCENDING" "DESCENDING"

Either ascending or descending order specification.

afterOps.timestamp
string

The timestamp provided in previous response's nextOps attribute. Cannot be clubbed with sortOps or offset. For first time call, leave blank..

afterOps.changeID
string

The changeID provided in previous response's nextOps attribute. Cannot be clubbed with sortOps or offset. For first time call, leave blank..

limit
integer <int64>
Default: "25"

Pagination Limit. - indicates the number of records to retrieve.

offset
integer <int64>
Default: "0"

Pagination Offset. - indicates the record number to start retrieving data.

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/audit/events?filterOps.context.changeID=string&filterOps.context.requestID=string&filterOps.context.traceID=string&filterOps.context.sessionID=string&filterOps.context.actor=string&filterOps.context.actorType=NONE&filterOps.context.accessType=ACCESS_NONE&filterOps.parentAccountID=string&filterOps.accountID=string&filterOps.workspaceID=string&filterOps.vaultID=string&filterOps.resourceIDs=string&filterOps.actionType=NONE&filterOps.resourceType=NONE_API&filterOps.tags=string&filterOps.responseCode=0&filterOps.startTime=string&filterOps.endTime=string&filterOps.apiName=string&filterOps.responseMessage=string&sortOps.sortBy=string&sortOps.orderBy=ASCENDING&afterOps.timestamp=string&afterOps.changeID=string&limit=25&offset=0' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "event": [
    ],
  • "nextOps": {
    }
}

Authentication

Get auth public keys

Get the auth public keys.

Authorizations:

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/auth/sa/oauth/keys \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "keys": [
    ]
}

Get the auth token

Generates the auth bearer token for a user signed JWT token.

Authorizations:
Request Body schema: application/json
grant_type
string (grant_type)

grant_type: urn:ietf:params:oauth:grant-type:jwt-bearer

assertion
string (assertion)

assertion: User signed JWT token

Responses

Request samples

Content type
application/json
{
  • "grant_type": "string",
  • "assertion": "string"
}

Response samples

Content type
application/json
{
  • "accessToken": "string",
  • "tokenType": "string"
}

Bearer token

Verifies the username/password combination and generates the access/bearer token for the API users to consume.

Authorizations:
Request Body schema: application/json
username
string (Username)

The email address of the Skyflow user.

password
string (Password)

Password of this user.

Responses

Request samples

Content type
application/json
{
  • "username": "bob@acme.com",
  • "password": "MyP@$$w0rd"
}

Response samples

Content type
application/json
{
  • "accessToken": "eyJraWKiOiJ0aUdXd3JWcVNsRU50RUkWbGt2LUkwSklLejhReExzX0dZbzEtdl8zODk0IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aLM6IkFULmRYV3h6VG04Vm1aU3FzRVZKMEhrTE14dmRQUWFWTzc1ckZuOIKtTmU3eUUiLCJpc3MiOiJodHRwczovL2F1dGguc2t5Zmxvdy5kZXYvb2F1dGgyL2RlZmF1bHQiLCJhdWQiOiJhcGm3Oy9kZWZhdWx0IiwiaWF0IjoxNTg4MjM3MTg4LCJleHAiOjE1ODgyNDA3ODgsImNpZCI6IjBvYTUxXmXza0JqOWh1TUxhNHg2IiwidWlkIjoiMDB1NWR6aHA5QmJSaG9Wa1I0eDYiLCJzY3MwOlsicHJvZmlsZSIsIm9wZW5pZCIsImVtYWlsIl0sInN1YiI6Imtpc2hvcmUuYmFuZGlAc2t5Zmxvdy5jb20ifQ.mtiz1gP3u6t0vTTgKAzPvLLFLsyHFr9W-CREq0rnyj1_zc5siF3nt4y9-UMf2chsRJPgoNGOiXCiOGaiGvWD5VBr6nUS8I4m_Mp3mr0a7mQ-wQxYiw2K2F2C9AS2MSQSJGU5hyl1H3uqVH6YOLePRBtSmz3ez9v47_EP7KiOhmRmGTI7j7oahaW_9g8SVIL1H5RJ1ctSmBRt7frYOAs564uwYni1wbzH48tDj8PKm5sj2-EpvcMh4kVyq259Ken-Bcp2hpECTtbEjfgtGf2TjExTozFBYY3kobKApJ5xBz-7k_tlCECYRvWKrdOgnx1kdBkX5WziWyFWrvj1kRzQtg"
}

BaseDataTypes

List Base Data Types

Authorizations:

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/base-data-types \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "baseDataTypes": [
    ]
}

FieldTemplates

List Field Templates

Lists the Field Templates belonging to the provided account ID. If no account ID is passed, the context account ID will be used.

Authorizations:
query Parameters
accountID
string

Account ID. Account ID requesting List Field Templates

offset
integer <int64>
Default: "0"

Pagination Offset. - indicates the record number to start retrieving data.

limit
integer <int64>
Default: "25"

Pagination Limit. - indicates the number of records to retrieve.

filterOps.name
string

Name filter.

filterOps.status
string
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"

Status filter.

  • NONE: NONE is undefined and should not be used.
sortOps.sortBy
string

Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).

sortOps.orderBy
string
Default: "ASCENDING"
Enum: "ASCENDING" "DESCENDING"

Either ascending or descending order specification.

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/field-templates?accountID=string&offset=0&limit=25&filterOps.name=string&filterOps.status=NONE&sortOps.sortBy=string&sortOps.orderBy=ASCENDING' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "fieldTemplates": [
    ]
}

Create Field Template

FOR INTERNAL USE ONLY

Authorizations:
Request Body schema: application/json
accountID
string
name
string
description
string
object (v1Field)
object (v1Schema)

Responses

Request samples

Content type
application/json
{
  • "accountID": "string",
  • "name": "string",
  • "description": "string",
  • "field": {
    },
  • "compositeField": {
    }
}

Response samples

Content type
application/json
{
  • "template": {
    }
}

Get Field Template

Retreives a Field Template using the provided ID.

Authorizations:
path Parameters
ID
required
string

ID of the Field Template

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/field-templates/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "template": {
    }
}

Delete Field Template

FOR INTERNAL USE ONLY

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X DELETE \
  https://manage.skyflowapis.com/v1/field-templates/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "template": {
    }
}

Update Field Template

FOR INTERNAL USE ONLY

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string
name
string
description
string
object (v1Field)
object (v1Schema)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "name": "string",
  • "description": "string",
  • "field": {
    },
  • "compositeField": {
    }
}

Response samples

Content type
application/json
{
  • "template": {
    }
}

Update Field Template Status

FOR INTERNAL USE ONLY

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (ID of the directory object to update)
status
string (v1ObjectStatus)
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"
  • NONE: NONE is undefined and should not be used.

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "status": "NONE"
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Validate Field Template JSON schema

Authorizations:
Request Body schema: application/json
object (v1Field)
object (v1Schema)

Responses

Request samples

Content type
application/json
{
  • "field": {
    },
  • "compositeField": {
    }
}

Response samples

Content type
application/json
{
  • "isValid": true,
  • "errors": [
    ]
}

Groups

List groups

Streams Groups which matches the conditions set in query parameters and using Information from Additional Resource Headers or fallsback to Access Token

Authorizations:
query Parameters
offset
string <int64>
Default: "0"

Pagination Offset. - indicates the record number from which to start retrieving data.

limit
string <int64>
Default: "25"

Pagination Limit. - indicates the number of records to be retrieved.

accountID
string

ID of the account to which the group belongs..

email
string

Group email. - using which the records are to be fetched.

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/groups?offset=0&limit=25&accountID=string&email=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "group": {
    }
}

Create a group

Creates a group.

Authorizations:
Request Body schema: application/json
object (v1Group)
accountID
string (Account ID under which the group should be created.)
userIDs
Array of strings (IDs of the users to be added to the group upon creation.)

Responses

Request samples

Content type
application/json
{
  • "accountID": "g2400b4c4c9c11ea8baaacde48001122",
  • "group": {
    }
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Get group by ID

Retreives a group with the provided ID.

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/groups/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "group": {
    }
}

Delete a group

Deletes a group with the provided ID.

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X DELETE \
  https://manage.skyflowapis.com/v1/groups/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "ID": "string"
}

Update a group

Updates a group with the provided ID.

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (ID to update a group.)
object (v1Group)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "group": {
    }
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

List users in a group

Gets all users of a group with the provided ID.

Authorizations:
path Parameters
ID
required
string
query Parameters
offset
string <int64>
Default: "0"

Pagination Offset. - indicates the record number from which to start retrieving data.

limit
string <int64>
Default: "25"

Pagination Limit. - indicates the number of records to be retrieved.

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/groups/:ID/users?offset=0&limit=25' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "result": { },
  • "error": {
    }
}

Add Users to a group

Adds users with provided IDs to a group with provided ID.

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (ID of the group to add to.)
UserIDs
Array of strings (ID of the users to add to the group.)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "UserIDs": [
    ]
}

Response samples

Content type
application/json
{
  • "IDs": [
    ]
}

Remove users from a group

Removes Users by Provided IDs from a Group by Provided ID.

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (ID of the Group to remove the users from.)
UserIDs
Array of strings (ID of the users to be removed.)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "UserIDs": [
    ]
}

Response samples

Content type
application/json
{
  • "ID": [
    ]
}

Roles

List Permissions of Member

Lists permissions that have been assigned to a member.

Authorizations:
path Parameters
member.ID
required
string
query Parameters
member.type
required
string
Default: "NONE"
Enum: "NONE" "USER" "GROUP" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT"

Member Type. Type of the member.

  • NONE: NONE is undefined and should not be used.
  • USER: Indicates the Member is of type User.
  • GROUP: Indicates the Member is of type Group.
  • SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount.
  • SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
member.name
string

Member name. Name of the member.

member.email
string

Member email. Email address of the member.

member.status
string
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"

Member status. Status of the member.

  • NONE: NONE is undefined and should not be used.

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/members/:member.ID/permissions?member.type=NONE&member.name=string&member.email=string&member.status=NONE' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "permissions": [
    ]
}

List Roles of Member

Lists role to resource pairs that have been assigned to a member.

Authorizations:
path Parameters
member.ID
required
string
query Parameters
member.type
required
string
Default: "NONE"
Enum: "NONE" "USER" "GROUP" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT"

Member Type. Type of the member.

  • NONE: NONE is undefined and should not be used.
  • USER: Indicates the Member is of type User.
  • GROUP: Indicates the Member is of type Group.
  • SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount.
  • SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
member.name
string

Member name. Name of the member.

member.email
string

Member email. Email address of the member.

member.status
string
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"

Member status. Status of the member.

  • NONE: NONE is undefined and should not be used.
offset
string <int64>
Default: "0"

Pagination offset. - indicates the record number to start retrieving data

limit
string <int64>
Default: "25"

Pagination limit. - indicates the number of records to retrieve

filterOps.name
string

Name filter.. Name of the Role to search for.

filterOps.resource.ID
required
string

Resource ID. Resource for which the policies are being defined.

filterOps.resource.type
required
string
Default: "NONE"
Enum: "NONE" "ORGANIZATION" "VAULT" "NOTEBOOK" "ACCOUNT" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT" "WORKFLOW" "WORKFLOW_RUN" "VAULT_TEMPLATE" "WORKSPACE" "FIELD_TEMPLATE" "RECORD" "TOKEN" "VAULT_FUNCTION_CONFIG"

Resource Type. Type of the resource being defined.

  • NONE: is undefined and should not be used.
  • ORGANIZATION: Indicates the Resource Type to be Organization.
  • VAULT: Indicates the Resource Type to be Vault.
  • NOTEBOOK: Indicates the Resource Type to be Notebook.
  • ACCOUNT: Indicates the Resource Type to be Account.
  • SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account.
  • SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount.
  • WORKFLOW: Indicates the Resource Type to be Workflow.
  • WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs.
  • VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template.
  • WORKSPACE: Indicates the Resource Type to be Workspace
  • FIELD_TEMPLATE: Indicates the Resource Type to be Field Template.
  • RECORD: Indicates the Resource Type to be Record
  • TOKEN: Indicates the Resource Type to be Token
  • VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.
filterOps.resource.name
string

Resource Name. Name of the Resource.

filterOps.roleType
string
Default: "NONE"
Enum: "NONE" "SYSTEM" "CUSTOM"

Role Type filter.. Role Type to filter on.

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/members/:member.ID/roles?member.type=NONE&member.name=string&member.email=string&member.status=NONE&offset=0&limit=25&filterOps.name=string&filterOps.resource.ID=string&filterOps.resource.type=NONE&filterOps.resource.name=string&filterOps.roleType=NONE' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "roleToResource": [
    ]
}

List Roles of Policy

Lists Roles that have been assigned to a Policy

Authorizations:
path Parameters
policyID
required
string
query Parameters
filterOps.name
string

Role Name..

sortOps.sortBy
string

Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).

sortOps.orderBy
string
Default: "ASCENDING"
Enum: "ASCENDING" "DESCENDING"

Either ascending or descending order specification.

offset
string <int64>
Default: "0"

Pagination offset. - indicates the record number to start retrieving data

limit
string <int64>
Default: "25"

Pagination limit. - indicates the number of records to retrieve

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/policies/:policyID/roles?filterOps.name=string&sortOps.sortBy=string&sortOps.orderBy=ASCENDING&offset=0&limit=25' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "role": {
    }
}

List pre-defined role definitions

List the supported pre-defined role definitions.

Authorizations:
query Parameters
resourceType
string
Default: "NONE"
Enum: "NONE" "ORGANIZATION" "VAULT" "NOTEBOOK" "ACCOUNT" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT" "WORKFLOW" "WORKFLOW_RUN" "VAULT_TEMPLATE" "WORKSPACE" "FIELD_TEMPLATE" "RECORD" "TOKEN" "VAULT_FUNCTION_CONFIG"

Optional resource type to filter for..

  • NONE: is undefined and should not be used.
  • ORGANIZATION: Indicates the Resource Type to be Organization.
  • VAULT: Indicates the Resource Type to be Vault.
  • NOTEBOOK: Indicates the Resource Type to be Notebook.
  • ACCOUNT: Indicates the Resource Type to be Account.
  • SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account.
  • SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount.
  • WORKFLOW: Indicates the Resource Type to be Workflow.
  • WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs.
  • VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template.
  • WORKSPACE: Indicates the Resource Type to be Workspace
  • FIELD_TEMPLATE: Indicates the Resource Type to be Field Template.
  • RECORD: Indicates the Resource Type to be Record
  • TOKEN: Indicates the Resource Type to be Token
  • VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/roleDefinitions?resourceType=NONE' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "roleDefinitions": [
    ]
}

List Roles

List Roles on a Resource

Authorizations:
query Parameters
resource.ID
required
string

Resource ID. Resource for which the policies are being defined.

resource.type
required
string
Default: "NONE"
Enum: "NONE" "ORGANIZATION" "VAULT" "NOTEBOOK" "ACCOUNT" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT" "WORKFLOW" "WORKFLOW_RUN" "VAULT_TEMPLATE" "WORKSPACE" "FIELD_TEMPLATE" "RECORD" "TOKEN" "VAULT_FUNCTION_CONFIG"

Resource Type. Type of the resource being defined.

  • NONE: is undefined and should not be used.
  • ORGANIZATION: Indicates the Resource Type to be Organization.
  • VAULT: Indicates the Resource Type to be Vault.
  • NOTEBOOK: Indicates the Resource Type to be Notebook.
  • ACCOUNT: Indicates the Resource Type to be Account.
  • SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account.
  • SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount.
  • WORKFLOW: Indicates the Resource Type to be Workflow.
  • WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs.
  • VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template.
  • WORKSPACE: Indicates the Resource Type to be Workspace
  • FIELD_TEMPLATE: Indicates the Resource Type to be Field Template.
  • RECORD: Indicates the Resource Type to be Record
  • TOKEN: Indicates the Resource Type to be Token
  • VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.
resource.name
string

Resource Name. Name of the Resource.

name
string

Optional role name to filter for..

type
string
Default: "NONE"
Enum: "NONE" "SYSTEM" "CUSTOM"

Optional role type to filter for..

sortOps.sortBy
string

Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).

sortOps.orderBy
string
Default: "ASCENDING"
Enum: "ASCENDING" "DESCENDING"

Either ascending or descending order specification.

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/roles?resource.ID=string&resource.type=NONE&resource.name=string&name=string&type=NONE&sortOps.sortBy=string&sortOps.orderBy=ASCENDING' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "roles": [
    ]
}

Create Role

Creates a Custom Role on a set of Resources

Authorizations:
Request Body schema: application/json
object (v1RoleDefinition)
object (v1Resource)

Responses

Request samples

Content type
application/json
{
  • "roleDefinition": {
    },
  • "resource": {
    }
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Assign Role

Assigns members a role on a resource.

Authorizations:
Request Body schema: application/json
ID
string (The ID of the role to be assigned.)
Array of objects (The members to whom the role will be assigned.)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "members": [
    ]
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Unassign Role

Unassigns members from the role on a resource.

Authorizations:
Request Body schema: application/json
ID
string (The ID of the role to unassign.)
Array of objects (The members for whom the role will be unassigned.)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "members": [
    ]
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Get Role

Gets a Role by ID

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/roles/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "role": {
    }
}

Delete Role

Deletes a Role

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X DELETE \
  https://manage.skyflowapis.com/v1/roles/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "ID": "string"
}

Update Role

Updates a Role

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (ID of the Role to update)
object (v1RoleDefinition)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "roleDefinition": {
    }
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

List Members by Role

Lists members that are assigned a provided role.

Authorizations:
path Parameters
ID
required
string
query Parameters
filterOps.email
string

Email filter.

filterOps.type
string
Default: "NONE"
Enum: "NONE" "USER" "GROUP" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT"

Member Type filter.

  • NONE: NONE is undefined and should not be used.
  • USER: Indicates the Member is of type User.
  • GROUP: Indicates the Member is of type Group.
  • SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount.
  • SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
filterOps.name
string

Name filter.

filterOps.status
string
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"

Status filter.

  • NONE: NONE is undefined and should not be used.
sortOps.sortBy
string

Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).

sortOps.orderBy
string
Default: "ASCENDING"
Enum: "ASCENDING" "DESCENDING"

Either ascending or descending order specification.

offset
string <int64>
Default: "0"

Pagination offset. - indicates the record number to start retrieving data

limit
string <int64>
Default: "25"

Pagination limit. - indicates the number of records to retrieve

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/roles/:ID/members?filterOps.email=string&filterOps.type=NONE&filterOps.name=string&filterOps.status=NONE&sortOps.sortBy=string&sortOps.orderBy=ASCENDING&offset=0&limit=25' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "result": { },
  • "error": {
    }
}

Models

Geo-Residency Matrix

Gets the supported geo-residency matrix.

Authorizations:

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/models/residency \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "result": { },
  • "error": {
    }
}

Supported Scopes

Gets the list of supported scopes.

Authorizations:

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/models/scopes \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "result": { },
  • "error": {
    }
}

Policies

List Policies

List Policies with specified filters.

Authorizations:
query Parameters
resource.ID
required
string

Resource ID. Resource for which the policies are being defined.

resource.type
required
string
Default: "NONE"
Enum: "NONE" "ORGANIZATION" "VAULT" "NOTEBOOK" "ACCOUNT" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT" "WORKFLOW" "WORKFLOW_RUN" "VAULT_TEMPLATE" "WORKSPACE" "FIELD_TEMPLATE" "RECORD" "TOKEN" "VAULT_FUNCTION_CONFIG"

Resource Type. Type of the resource being defined.

  • NONE: is undefined and should not be used.
  • ORGANIZATION: Indicates the Resource Type to be Organization.
  • VAULT: Indicates the Resource Type to be Vault.
  • NOTEBOOK: Indicates the Resource Type to be Notebook.
  • ACCOUNT: Indicates the Resource Type to be Account.
  • SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account.
  • SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount.
  • WORKFLOW: Indicates the Resource Type to be Workflow.
  • WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs.
  • VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template.
  • WORKSPACE: Indicates the Resource Type to be Workspace
  • FIELD_TEMPLATE: Indicates the Resource Type to be Field Template.
  • RECORD: Indicates the Resource Type to be Record
  • TOKEN: Indicates the Resource Type to be Token
  • VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.
resource.name
string

Resource Name. Name of the Resource.

filterOps.name
string

Policy Name..

sortOps.sortBy
string

Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).

sortOps.orderBy
string
Default: "ASCENDING"
Enum: "ASCENDING" "DESCENDING"

Either ascending or descending order specification.

offset
string <int64>
Default: "0"

Pagination offset. - indicates the record number to start retrieving data

limit
string <int64>
Default: "25"

Pagination limit. - indicates the number of records to retrieve

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/policies?resource.ID=string&resource.type=NONE&resource.name=string&filterOps.name=string&sortOps.sortBy=string&sortOps.orderBy=ASCENDING&offset=0&limit=25' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "result": { },
  • "error": {
    }
}

Create a policy

Create a policy from specified parameters.

Authorizations:
Request Body schema: application/json
name
string (A unique name for the Policy.)
displayName
string (A display name for the Policy.)
description
string (A description of the Policy)
object (v1Resource)
Array of objects (Rules that will comprise the Policy.)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "displayName": "string",
  • "description": "string",
  • "resource": {
    },
  • "ruleParams": [
    ]
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Assign Policy

Assigns Policy to Roles.

Authorizations:
Request Body schema: application/json
ID
string (The ID of the Policy to assign.)
roleIDs
Array of strings (IDs of Roles to assign the Policy to.)
Array of objects (Members to assign the Policy to. To assign the Policy to all Members of type USER, pass Member with ID='*' and Type = 'USER'. Currently unsupported)
Array of objects (Members to whom the Policy should not be assigned. Only valid if assigning via '*' wildcard and of same Type as rest of assigned Members. Currently unsupported) <= 32

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "roleIDs": [
    ],
  • "members": [
    ],
  • "exceptions": [
    ]
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Create Rule

Creates a new Rule in a Policy.

Authorizations:
Request Body schema: application/json
policyID
string (The ID of the Policy within which the Rule will be created.)
object (v1RuleParams)

Responses

Request samples

Content type
application/json
{
  • "policyID": "string",
  • "ruleParams": {
    }
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Get a Rule by ID

Retreives a Rule using the provided ID.

Authorizations:
path Parameters
ID
required
string
query Parameters
policyID
string

The ID of the Policy that contains the Rule..

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/policies/rules/:ID?policyID=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "rule": {
    }
}

Delete Rule

Deletes a Rule from a Policy.

Authorizations:
path Parameters
ID
required
string
query Parameters
policyID
string

The ID of the Policy that contains the Rule..

Responses

Request samples

curl -i -X DELETE \
  'https://manage.skyflowapis.com/v1/policies/rules/:ID?policyID=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "ID": "string"
}

Update a Rule by ID

Update a policy using the given ID.

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (The ID of the Rule to update.)
policyID
string (The ID of the Policy that contains the Rule.)
object (v1RuleParams)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "policyID": "string",
  • "ruleParams": {
    }
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Test Policies

Test if the member or role is allowed to perform certain action on the requested resource(s).

Authorizations:
Request Body schema: application/json
action
string (- NONE_ACTION: have 0 be no action or none)
Default: "NONE_ACTION"
Enum: "NONE_ACTION" "ALL" "CREATE" "READ" "UPDATE" "DELETE" "TOKENIZATION" "DETOKENIZATION"
object (v1Member)
roleID
string (RoleID)

The ID of role for which policy check is performed.

object (v1Resource)
Array of objects (Requested Columns)

The list of columns(resource) on which policy check is performed.

Responses

Request samples

Content type
application/json
{
  • "action": "NONE_ACTION",
  • "member": {
    },
  • "roleID": "string",
  • "resource": {
    },
  • "columns": [
    ]
}

Response samples

Content type
application/json
{
  • "modifiers": [
    ],
  • "rowFilter": "string"
}

Unassign Policy

Unassigns Policy from Roles.

Authorizations:
Request Body schema: application/json
ID
string (The ID of the Policy to unassign.)
roleIDs
Array of strings (The ID of the Roles for which the Policy will be unassigned.)
Array of objects (The ID of the Roles for whom the Policy will be unassigned. Currently unsupported)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "roleIDs": [
    ],
  • "members": [
    ]
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Get a policy by ID

Retreives a policy using the provided ID.

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X GET \
  https://manage.skyflowapis.com/v1/policies/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "result": { },
  • "error": {
    }
}

Delete a policy by ID

Delete a policy using the given ID.

Authorizations:
path Parameters
ID
required
string

Responses

Request samples

curl -i -X DELETE \
  https://manage.skyflowapis.com/v1/policies/:ID \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "ID": "string"
}

Update a policy by ID

Update a policy using the given ID.

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (The ID of the Policy to update.)
object (v1Policy)
Array of objects (RuleParams that will update the Policy's existing Rules.)

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "policy": {
    },
  • "ruleParams": [
    ]
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

Update Policy Status

Updates a Policy's status.

Authorizations:
path Parameters
ID
required
string
Request Body schema: application/json
ID
string (ID of the directory object to update)
status
string (v1ObjectStatus)
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"
  • NONE: NONE is undefined and should not be used.

Responses

Request samples

Content type
application/json
{
  • "ID": "string",
  • "status": "NONE"
}

Response samples

Content type
application/json
{
  • "ID": "string"
}

List Policies By Role

List Policies of a Role, with specified filters.

Authorizations:
path Parameters
roleID
required
string
query Parameters
filterOps.name
string

Policy Name..

sortOps.sortBy
string

Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).

sortOps.orderBy
string
Default: "ASCENDING"
Enum: "ASCENDING" "DESCENDING"

Either ascending or descending order specification.

offset
string <int64>
Default: "0"

Pagination offset. - indicates the record number to start retrieving data

limit
string <int64>
Default: "25"

Pagination limit. - indicates the number of records to retrieve

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/roles/:roleID/policies?filterOps.name=string&sortOps.sortBy=string&sortOps.orderBy=ASCENDING&offset=0&limit=25' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "result": { },
  • "error": {
    }
}

ServiceAccounts

List service account

Lists the service account.

Authorizations:
query Parameters
offset
string <int64>
Default: "0"

Pagination Offset. - indicates the record number to start retrieving data.

limit
string <int64>
Default: "25"

Pagination Limit. - indicates the number of records to retrieve.

resource.ID
required
string

Resource ID. Resource for which the policies are being defined.

resource.type
required
string
Default: "NONE"
Enum: "NONE" "ORGANIZATION" "VAULT" "NOTEBOOK" "ACCOUNT" "SERVICE_ACCOUNT" "SQL_SERVICE_ACCOUNT" "WORKFLOW" "WORKFLOW_RUN" "VAULT_TEMPLATE" "WORKSPACE" "FIELD_TEMPLATE" "RECORD" "TOKEN" "VAULT_FUNCTION_CONFIG"

Resource Type. Type of the resource being defined.

  • NONE: is undefined and should not be used.
  • ORGANIZATION: Indicates the Resource Type to be Organization.
  • VAULT: Indicates the Resource Type to be Vault.
  • NOTEBOOK: Indicates the Resource Type to be Notebook.
  • ACCOUNT: Indicates the Resource Type to be Account.
  • SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account.
  • SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount.
  • WORKFLOW: Indicates the Resource Type to be Workflow.
  • WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs.
  • VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template.
  • WORKSPACE: Indicates the Resource Type to be Workspace
  • FIELD_TEMPLATE: Indicates the Resource Type to be Field Template.
  • RECORD: Indicates the Resource Type to be Record
  • TOKEN: Indicates the Resource Type to be Token
  • VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.
resource.name
string

Resource Name. Name of the Resource.

name
string

ServiceAccount Name. - using which the records need to be fetched.

status
string
Default: "NONE"
Enum: "NONE" "CREATED" "PENDING" "ACTIVE" "INACTIVE" "ARCHIVED" "DELETED"

Optional status filter.

  • NONE: NONE is undefined and should not be used.
depth
string <int64>
Default: "5"

Traversal Depth. Depth controls the traversal depth - setting to 1 returns only service accounts at requested resource level

Responses

Request samples

curl -i -X GET \
  'https://manage.skyflowapis.com/v1/serviceAccounts?offset=0&limit=25&resource.ID=string&resource.type=NONE&resource.name=string&name=string&status=NONE&depth=5' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

Content type
application/json
{
  • "ID": "g2400b4c4c9c11ea8baaacde48001122",
  • "name": "serviceAccount@accountID-skyflow.com",
  • "displayName": "SA for Vault Admin",
  • "description": "Service account for vault admin"
}

Create service account

Creates a service account.

Authorizations:
Request Body schema: application/json
object (v1Resource)
object (v1ServiceAccount)

Responses