To manage data in a vault, you need to create and authenticate a service account for the vault. See API Authentication for a tutorial. Once you’ve done that, you should have a Bearer Token for your service account. To authenticate your requests, simply include it as a header parameter as follows:
authorization : Bearer {BEARER_TOKEN}.
Access token, prefixed by Bearer: Bearer <token>. Retrieved using Generate Tokens End-Point
Security Scheme Type | apiKey |
Header Parameter Name | Authorization |
GET
/v1/accounts
Lists accounts that the context user has access to.
QUERY PARAMETERS
userEmail
string
Optional User email filter. If specified, only Accounts to which the user with this eail address belongs will be returned..
name
string
Optional name filter.
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Optional status filter. - NONE: NONE is undefined and should not be used.
offset
string
Pagination Offset. - indicates the record number to start retrieving data.
limit
string
Pagination Limit. - indicates the number of records to retrieve.
accountID
string
Optional parent Account ID. If specified, only Accounts under the parent will be returned..
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/accounts?userEmail=SOME_STRING_VALUE&name=SOME_STRING_VALUE&status=SOME_STRING_VALUE&offset=SOME_STRING_VALUE&limit=SOME_STRING_VALUE&accountID=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/accounts
Create an account. This also internally creates a Master API Key which can be used to access all the resources and sub-resources of this account.
BODY PARAMETER
Account
object
object {
name
string
Name of the account with alphanumeric characters to uniquely identify an account.
displayName
string
Display name for the account which can be used for UI display.
description
string
Description for the account
ID
string
This will be generated by server and cannot be user generated.
namespace
string
This will be generated by server and cannot be user generated.
contactAddress
object
object {
streetAddress
string
city
string
state
string
country
string
zip
integer
}
BasicAudit
object
object {
CreatedBy
string
User who created the resource meta data.
LastModifiedBy
string
User who last modified the resource meta data.
CreatedOn
string
Time of creation of the resource meta data.
LastModifiedOn
string
Time of last modification of the resource meta data.
}
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
url
string
URL for the workspaces under this account
tenantType
string
}
curl --request POST \
--url https://manage.skyflowapis.com/v1/accounts \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"Account":{"name":"Skyflow","displayName":"Skyflow Account.","description":"Main Account for Managing Skyflow Account","ID":"g2400b4c4c9c11ea8baaacde48001122"}}'
{
GET
/v1/accounts/{ID}
Retreives the account using the provided ID.
PATH PARAMETERS
ID
string
*
curl --request GET \
--url https://manage.skyflowapis.com/v1/accounts/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
DELETE
/v1/accounts/{ID}
Deletes the account and its child entities with the given ID.
PATH PARAMETERS
ID
string
*
curl --request DELETE \
--url https://manage.skyflowapis.com/v1/accounts/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
PATCH
/v1/accounts/{ID}
Updates the account with the given ID.
PATH PARAMETERS
ID
string
*
BODY PARAMETER
Account
object
object {
name
string
Name of the account with alphanumeric characters to uniquely identify an account.
displayName
string
Display name for the account which can be used for UI display.
description
string
Description for the account
ID
string
This will be generated by server and cannot be user generated.
namespace
string
This will be generated by server and cannot be user generated.
contactAddress
object
object {
streetAddress
string
city
string
state
string
country
string
zip
integer
}
BasicAudit
object
object {
CreatedBy
string
User who created the resource meta data.
LastModifiedBy
string
User who last modified the resource meta data.
CreatedOn
string
Time of creation of the resource meta data.
LastModifiedOn
string
Time of last modification of the resource meta data.
}
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
url
string
URL for the workspaces under this account
tenantType
string
}
ID
string
curl --request PATCH \
--url https://manage.skyflowapis.com/v1/accounts/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"Account":{"name":"Skyflow","displayName":"Skyflow Account.","description":"Main Account for Managing Skyflow Account","ID":"g2400b4c4c9c11ea8baaacde48001122"},"ID":"string"}'
{
GET
/v1/accounts/{ID}/members
Lists members belonging to the provided account.
PATH PARAMETERS
ID
string
*
QUERY PARAMETERS
filterOps.email
string
Email filter.
filterOps.type
string
NONE
NONE
USER
GROUP
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
Member Type filter. - NONE: NONE is undefined and should not be used. - USER: Indicates the Member is of type User. - GROUP: Indicates the Member is of type Group. - SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount. - SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
filterOps.name
string
Name filter.
filterOps.status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Status filter. - NONE: NONE is undefined and should not be used.
sortOps.sortBy
string
Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).
sortOps.orderBy
string
ASCENDING
ASCENDING
DESCENDING
Either ascending or descending order specification.
offset
string
Pagination offset. - indicates the record number to start retrieving data
limit
string
Pagination limit. - indicates the number of records to retrieve
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/accounts/{ID}/members?filterOps.email=SOME_STRING_VALUE&filterOps.type=SOME_STRING_VALUE&filterOps.name=SOME_STRING_VALUE&filterOps.status=SOME_STRING_VALUE&sortOps.sortBy=SOME_STRING_VALUE&sortOps.orderBy=SOME_STRING_VALUE&offset=SOME_STRING_VALUE&limit=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
PATCH
/v1/accounts/{ID}/status
Updates an account's status.
PATH PARAMETERS
ID
string
*
BODY PARAMETER
ID
string
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
curl --request PATCH \
--url https://manage.skyflowapis.com/v1/accounts/{ID}/status \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","status":"NONE"}'
{
GET
/v1/audit/events
Based on the request query parameters, the api returns a list of audit events which meets the criteria
QUERY PARAMETERS
filterOps.context.changeID
string
Unique ID for Audit Event.
filterOps.context.requestID
string
Internal autogenerated Request ID unique for each request.
filterOps.context.traceID
string
Trace ID of the request made by client.
filterOps.context.sessionID
string
Session ID as part of which the user is executing queries.
filterOps.context.actor
string
Actor for the request. Based on actortype, Format for the actor could be - userID or emailID or serviceAccountID
filterOps.context.actorType
string
NONE
NONE
USER
GROUP
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
ActorType for the request. It could be USER or SERVICE_ACCOUNT - NONE: NONE is undefined and should not be used. - USER: Indicates the Member is of type User. - GROUP: Indicates the Member is of type Group. - SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount. - SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
filterOps.context.accessType
string
ACCESS_NONE
ACCESS_NONE
API
SQL
The access type of the request. The access type could be (API, SQL etc.)
filterOps.context.ipAddress
string
IP Address of the client from which the request is being made.
filterOps.parentAccountID
string
The parent accountID of the resource.
filterOps.accountID
string
The accountID of the resource.
filterOps.workspaceID
string
The workspaceID of the resource.
filterOps.vaultID
string
The vaultID of the resource.
filterOps.resourceIDs
string
Resources associated with the request (Comma Separated). This is to provide better search capabilities. (Comma Separated). Could be group resource and user resource ids and types. Key will be of the form 'vault/id', 'user/id', etc. Any single Resource matches, the result will be returned
filterOps.actionType
string
NONE
NONE
ASSIGN
CREATE
DELETE
EXECUTE
LIST
READ
UNASSIGN
UPDATE
VALIDATE
LOGIN
The audit action type (INSERT, UPDATE, etc).
filterOps.resourceType
string
NONE_API
NONE_API
ACCOUNT
AUDIT
BASE_DATA_TYPE
FIELD_TEMPLATE
FILE
GROUP
KEY
POLICY
PROTO_PARSE
RECORD
ROLE
RULE
SECRET
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
TOKEN
USER
VAULT
VAULT_TEMPLATE
WORKFLOW
WORKFLOW_RUN
WORKSPACE
TABLE
POLICY_TEMPLATE
MEMBER
VAULTFUNCTIONCONFIG
The resource method name. The Resource method names as in api docs
filterOps.tags
string
Tags associated with Event if any (Comma Separated). This is to provide better search capabilities (Comma Separated). Where Keys could be login, get, dml, etc. Any single Tag matches, the result will be returned
filterOps.responseCode
integer
The https response code for the operation.
filterOps.startTime
string
The start timestamp for the query.
filterOps.endTime
string
The end timestamp for the query.
filterOps.apiName
string
api name (grpc service name).
filterOps.responseMessage
string
response or error message, like SUCCESS etc....
filterOps.httpMethod
string
http method like GET, POST etc....
filterOps.httpURI
string
http URI like /v1/vaults/{vaultID}/{tablename}/{ID}.
sortOps.sortBy
string
Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).
sortOps.orderBy
string
ASCENDING
ASCENDING
DESCENDING
Either ascending or descending order specification.
afterOps.timestamp
string
The timestamp provided in previous response's nextOps attribute. Cannot be clubbed with sortOps or offset. For first time call, leave blank..
afterOps.changeID
string
The changeID provided in previous response's nextOps attribute. Cannot be clubbed with sortOps or offset. For first time call, leave blank..
limit
integer
Pagination Limit. - indicates the number of records to retrieve.
offset
integer
Pagination Offset. - indicates the record number to start retrieving data.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/audit/events?filterOps.context.changeID=SOME_STRING_VALUE&filterOps.context.requestID=SOME_STRING_VALUE&filterOps.context.traceID=SOME_STRING_VALUE&filterOps.context.sessionID=SOME_STRING_VALUE&filterOps.context.actor=SOME_STRING_VALUE&filterOps.context.actorType=SOME_STRING_VALUE&filterOps.context.accessType=SOME_STRING_VALUE&filterOps.context.ipAddress=SOME_STRING_VALUE&filterOps.parentAccountID=SOME_STRING_VALUE&filterOps.accountID=SOME_STRING_VALUE&filterOps.workspaceID=SOME_STRING_VALUE&filterOps.vaultID=SOME_STRING_VALUE&filterOps.resourceIDs=SOME_STRING_VALUE&filterOps.actionType=SOME_STRING_VALUE&filterOps.resourceType=SOME_STRING_VALUE&filterOps.tags=SOME_STRING_VALUE&filterOps.responseCode=SOME_INTEGER_VALUE&filterOps.startTime=SOME_STRING_VALUE&filterOps.endTime=SOME_STRING_VALUE&filterOps.apiName=SOME_STRING_VALUE&filterOps.responseMessage=SOME_STRING_VALUE&filterOps.httpMethod=SOME_STRING_VALUE&filterOps.httpURI=SOME_STRING_VALUE&sortOps.sortBy=SOME_STRING_VALUE&sortOps.orderBy=SOME_STRING_VALUE&afterOps.timestamp=SOME_STRING_VALUE&afterOps.changeID=SOME_STRING_VALUE&limit=SOME_INTEGER_VALUE&offset=SOME_INTEGER_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
GET
/v1/auth/sa/oauth/keys
Get the auth public keys.
curl --request GET \
--url https://manage.skyflowapis.com/v1/auth/sa/oauth/keys \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/auth/sa/oauth/token
Generates the auth bearer token for a user signed JWT token.
BODY PARAMETER
grant_type
string
grant_type: urn:ietf:params:oauth:grant-type:jwt-bearer
assertion
string
assertion: User signed JWT token
curl --request POST \
--url https://manage.skyflowapis.com/v1/auth/sa/oauth/token \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"grant_type":"string","assertion":"string"}'
{
POST
/v1/auth/token
Verifies the username/password combination and generates the access/bearer token for the API users to consume.
BODY PARAMETER
username
string
The email address of the Skyflow user.
password
string
Password of this user.
curl --request POST \
--url https://manage.skyflowapis.com/v1/auth/token \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"username":"bob@acme.com","password":"MyP@$$w0rd"}'
{
GET
/v1/base-data-types
curl --request GET \
--url https://manage.skyflowapis.com/v1/base-data-types \
--header 'Authorization: REPLACE_KEY_VALUE'
{
GET
/v1/field-templates
Lists the Field Templates belonging to the provided account ID. If no account ID is passed, the context account ID will be used.
QUERY PARAMETERS
accountID
string
Account ID. Account ID requesting List Field Templates
offset
integer
Pagination Offset. - indicates the record number to start retrieving data.
limit
integer
Pagination Limit. - indicates the number of records to retrieve.
filterOps.name
string
Name filter.
filterOps.status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Status filter. - NONE: NONE is undefined and should not be used.
sortOps.sortBy
string
Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).
sortOps.orderBy
string
ASCENDING
ASCENDING
DESCENDING
Either ascending or descending order specification.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/field-templates?accountID=SOME_STRING_VALUE&offset=SOME_INTEGER_VALUE&limit=SOME_INTEGER_VALUE&filterOps.name=SOME_STRING_VALUE&filterOps.status=SOME_STRING_VALUE&sortOps.sortBy=SOME_STRING_VALUE&sortOps.orderBy=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/field-templates
FOR INTERNAL USE ONLY
BODY PARAMETER
accountID
string
name
string
description
string
field
object
object {
name
string
Name of the Field
datatype
string
DT_INVALID
DT_INVALID
DT_FLOAT32
DT_FLOAT64
DT_INT8
DT_INT16
DT_INT32
DT_INT64
DT_UINT8
DT_UINT16
DT_UINT32
DT_UINT64
DT_BOOL
DT_STRING
DT_BYTES
DT_DATETIME
DT_DATE
DT_TIME
DT_EMBEDDED
DT_REFERENCED
- DT_DATETIME: RFC1123Z = "Mon, 02 Jan 2006 15:04:05 -0700" - DT_DATE: 2006-01-02 Plain date YYYY-MM-DD - DT_TIME: Kitchen = "3:04PM" - DT_EMBEDDED: This is used only by PDB for understanding if a Complex Field has been embedded. - DT_REFERENCED: This is used only by PDB for understanding if a Complex Field has been referenced.
isArray
boolean
Denotes if the Field is an Array
tags
array
Tags defined for this Field
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
index
integer
The position of the Field in the embedded schema
}
compositeField
object
object {
ID
string
ID of the Schema
name
string
Name of the Schema
parentSchemaProperties
object
object {
parentID
string
ID of the Schema Property
isArray
boolean
Denotes if the Schema is an array
tableType
string
parentFieldTags
array
Tags that were defined at the parent level
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
name
string
Name for the Parent Schema
}
fields
array
Fields present under this Schema
Array [ object {
name
string
Name of the Field
datatype
string
DT_INVALID
DT_INVALID
DT_FLOAT32
DT_FLOAT64
DT_INT8
DT_INT16
DT_INT32
DT_INT64
DT_UINT8
DT_UINT16
DT_UINT32
DT_UINT64
DT_BOOL
DT_STRING
DT_BYTES
DT_DATETIME
DT_DATE
DT_TIME
DT_EMBEDDED
DT_REFERENCED
- DT_DATETIME: RFC1123Z = "Mon, 02 Jan 2006 15:04:05 -0700" - DT_DATE: 2006-01-02 Plain date YYYY-MM-DD - DT_TIME: Kitchen = "3:04PM" - DT_EMBEDDED: This is used only by PDB for understanding if a Complex Field has been embedded. - DT_REFERENCED: This is used only by PDB for understanding if a Complex Field has been referenced.
isArray
boolean
Denotes if the Field is an Array
tags
array
Tags defined for this Field
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
index
integer
The position of the Field in the embedded schema
} ]
childrenSchemas
array
Complex Fields/Schemas present under this Schema
Array [
]
schemaTags
array
Tags defined at the Schema level
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
}
curl --request POST \
--url https://manage.skyflowapis.com/v1/field-templates \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"accountID":"string","name":"string","description":"string","field":{"name":"string","datatype":"DT_INVALID","isArray":true,"tags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"},"index":0},"compositeField":{"ID":"string","name":"string","parentSchemaProperties":{"parentID":"string","isArray":true,"tableType":"TT_BASE","parentFieldTags":[{"name":"string","values":["string"]}],"name":"string"},"fields":[{"name":"string","datatype":"DT_INVALID","isArray":true,"tags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"},"index":0}],"childrenSchemas":[{}],"schemaTags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"}}}'
{
GET
/v1/field-templates/{ID}
Retreives a Field Template using the provided ID.
PATH PARAMETERS
ID
string
*
ID of the Field Template
curl --request GET \
--url https://manage.skyflowapis.com/v1/field-templates/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
DELETE
/v1/field-templates/{ID}
FOR INTERNAL USE ONLY
PATH PARAMETERS
ID
string
*
curl --request DELETE \
--url https://manage.skyflowapis.com/v1/field-templates/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
PATCH
/v1/field-templates/{ID}
FOR INTERNAL USE ONLY
PATH PARAMETERS
ID
string
*
BODY PARAMETER
ID
string
name
string
description
string
field
object
object {
name
string
Name of the Field
datatype
string
DT_INVALID
DT_INVALID
DT_FLOAT32
DT_FLOAT64
DT_INT8
DT_INT16
DT_INT32
DT_INT64
DT_UINT8
DT_UINT16
DT_UINT32
DT_UINT64
DT_BOOL
DT_STRING
DT_BYTES
DT_DATETIME
DT_DATE
DT_TIME
DT_EMBEDDED
DT_REFERENCED
- DT_DATETIME: RFC1123Z = "Mon, 02 Jan 2006 15:04:05 -0700" - DT_DATE: 2006-01-02 Plain date YYYY-MM-DD - DT_TIME: Kitchen = "3:04PM" - DT_EMBEDDED: This is used only by PDB for understanding if a Complex Field has been embedded. - DT_REFERENCED: This is used only by PDB for understanding if a Complex Field has been referenced.
isArray
boolean
Denotes if the Field is an Array
tags
array
Tags defined for this Field
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
index
integer
The position of the Field in the embedded schema
}
compositeField
object
object {
ID
string
ID of the Schema
name
string
Name of the Schema
parentSchemaProperties
object
object {
parentID
string
ID of the Schema Property
isArray
boolean
Denotes if the Schema is an array
tableType
string
parentFieldTags
array
Tags that were defined at the parent level
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
name
string
Name for the Parent Schema
}
fields
array
Fields present under this Schema
Array [ object {
name
string
Name of the Field
datatype
string
DT_INVALID
DT_INVALID
DT_FLOAT32
DT_FLOAT64
DT_INT8
DT_INT16
DT_INT32
DT_INT64
DT_UINT8
DT_UINT16
DT_UINT32
DT_UINT64
DT_BOOL
DT_STRING
DT_BYTES
DT_DATETIME
DT_DATE
DT_TIME
DT_EMBEDDED
DT_REFERENCED
- DT_DATETIME: RFC1123Z = "Mon, 02 Jan 2006 15:04:05 -0700" - DT_DATE: 2006-01-02 Plain date YYYY-MM-DD - DT_TIME: Kitchen = "3:04PM" - DT_EMBEDDED: This is used only by PDB for understanding if a Complex Field has been embedded. - DT_REFERENCED: This is used only by PDB for understanding if a Complex Field has been referenced.
isArray
boolean
Denotes if the Field is an Array
tags
array
Tags defined for this Field
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
index
integer
The position of the Field in the embedded schema
} ]
childrenSchemas
array
Complex Fields/Schemas present under this Schema
Array [
]
schemaTags
array
Tags defined at the Schema level
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
}
curl --request PATCH \
--url https://manage.skyflowapis.com/v1/field-templates/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","name":"string","description":"string","field":{"name":"string","datatype":"DT_INVALID","isArray":true,"tags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"},"index":0},"compositeField":{"ID":"string","name":"string","parentSchemaProperties":{"parentID":"string","isArray":true,"tableType":"TT_BASE","parentFieldTags":[{"name":"string","values":["string"]}],"name":"string"},"fields":[{"name":"string","datatype":"DT_INVALID","isArray":true,"tags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"},"index":0}],"childrenSchemas":[{}],"schemaTags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"}}}'
{
PATCH
/v1/field-templates/{ID}/status
FOR INTERNAL USE ONLY
PATH PARAMETERS
ID
string
*
BODY PARAMETER
ID
string
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
curl --request PATCH \
--url https://manage.skyflowapis.com/v1/field-templates/{ID}/status \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","status":"NONE"}'
{
POST
/v1/fieldTemplates/validate
BODY PARAMETER
field
object
object {
name
string
Name of the Field
datatype
string
DT_INVALID
DT_INVALID
DT_FLOAT32
DT_FLOAT64
DT_INT8
DT_INT16
DT_INT32
DT_INT64
DT_UINT8
DT_UINT16
DT_UINT32
DT_UINT64
DT_BOOL
DT_STRING
DT_BYTES
DT_DATETIME
DT_DATE
DT_TIME
DT_EMBEDDED
DT_REFERENCED
- DT_DATETIME: RFC1123Z = "Mon, 02 Jan 2006 15:04:05 -0700" - DT_DATE: 2006-01-02 Plain date YYYY-MM-DD - DT_TIME: Kitchen = "3:04PM" - DT_EMBEDDED: This is used only by PDB for understanding if a Complex Field has been embedded. - DT_REFERENCED: This is used only by PDB for understanding if a Complex Field has been referenced.
isArray
boolean
Denotes if the Field is an Array
tags
array
Tags defined for this Field
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
index
integer
The position of the Field in the embedded schema
}
compositeField
object
object {
ID
string
ID of the Schema
name
string
Name of the Schema
parentSchemaProperties
object
object {
parentID
string
ID of the Schema Property
isArray
boolean
Denotes if the Schema is an array
tableType
string
parentFieldTags
array
Tags that were defined at the parent level
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
name
string
Name for the Parent Schema
}
fields
array
Fields present under this Schema
Array [ object {
name
string
Name of the Field
datatype
string
DT_INVALID
DT_INVALID
DT_FLOAT32
DT_FLOAT64
DT_INT8
DT_INT16
DT_INT32
DT_INT64
DT_UINT8
DT_UINT16
DT_UINT32
DT_UINT64
DT_BOOL
DT_STRING
DT_BYTES
DT_DATETIME
DT_DATE
DT_TIME
DT_EMBEDDED
DT_REFERENCED
- DT_DATETIME: RFC1123Z = "Mon, 02 Jan 2006 15:04:05 -0700" - DT_DATE: 2006-01-02 Plain date YYYY-MM-DD - DT_TIME: Kitchen = "3:04PM" - DT_EMBEDDED: This is used only by PDB for understanding if a Complex Field has been embedded. - DT_REFERENCED: This is used only by PDB for understanding if a Complex Field has been referenced.
isArray
boolean
Denotes if the Field is an Array
tags
array
Tags defined for this Field
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
index
integer
The position of the Field in the embedded schema
} ]
childrenSchemas
array
Complex Fields/Schemas present under this Schema
Array [
]
schemaTags
array
Tags defined at the Schema level
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
properties
object
object {
name
string
Name of Property
description
string
Description of the Property
references
string
Any Cyclic Reference of this Object to other Objects in the Path
}
}
curl --request POST \
--url https://manage.skyflowapis.com/v1/fieldTemplates/validate \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"field":{"name":"string","datatype":"DT_INVALID","isArray":true,"tags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"},"index":0},"compositeField":{"ID":"string","name":"string","parentSchemaProperties":{"parentID":"string","isArray":true,"tableType":"TT_BASE","parentFieldTags":[{"name":"string","values":["string"]}],"name":"string"},"fields":[{"name":"string","datatype":"DT_INVALID","isArray":true,"tags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"},"index":0}],"childrenSchemas":[{}],"schemaTags":[{"name":"string","values":["string"]}],"properties":{"name":"string","description":"string","references":"string"}}}'
{
GET
/v1/groups
Streams Groups which matches the conditions set in query parameters and using Information from Additional Resource Headers or fallsback to Access Token
QUERY PARAMETERS
offset
string
Pagination Offset. - indicates the record number from which to start retrieving data.
limit
string
Pagination Limit. - indicates the number of records to be retrieved.
accountID
string
ID of the account to which the group belongs..
string
Group email. - using which the records are to be fetched.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/groups?offset=SOME_STRING_VALUE&limit=SOME_STRING_VALUE&accountID=SOME_STRING_VALUE&email=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/groups
Creates a group.
BODY PARAMETER
group
object
object {
name
string
Name of the group.
displayName
string
Display name of the group.
description
string
Description of the group.
ID
string
This will be generated by the server and cannot be user generated.
namespace
string
This will be generated by the server and cannot be user generated.
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
string
Email address of the group.
}
accountID
string
userIDs
array
Array [ string
]
curl --request POST \
--url https://manage.skyflowapis.com/v1/groups \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"accountID":"g2400b4c4c9c11ea8baaacde48001122","group":{"name":"hr","displayName":"HumanResources","description":"Group of HR employees","status":"ACTIVE"}}'
{
GET
/v1/groups/{ID}
Retreives a group with the provided ID.
PATH PARAMETERS
ID
string
*
curl --request GET \
--url https://manage.skyflowapis.com/v1/groups/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
DELETE
/v1/groups/{ID}
Deletes a group with the provided ID.
PATH PARAMETERS
ID
string
*
curl --request DELETE \
--url https://manage.skyflowapis.com/v1/groups/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
PATCH
/v1/groups/{ID}
Updates a group with the provided ID.
PATH PARAMETERS
ID
string
*
BODY PARAMETER
ID
string
group
object
object {
name
string
Name of the group.
displayName
string
Display name of the group.
description
string
Description of the group.
ID
string
This will be generated by the server and cannot be user generated.
namespace
string
This will be generated by the server and cannot be user generated.
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
string
Email address of the group.
}
curl --request PATCH \
--url https://manage.skyflowapis.com/v1/groups/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","group":{"name":"hr","displayName":"HumanResources","description":"Group of HR employees","status":"ACTIVE"}}'
{
GET
/v1/groups/{ID}/users
Gets all users of a group with the provided ID.
PATH PARAMETERS
ID
string
*
QUERY PARAMETERS
offset
string
Pagination Offset. - indicates the record number from which to start retrieving data.
limit
string
Pagination Limit. - indicates the number of records to be retrieved.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/groups/{ID}/users?offset=SOME_STRING_VALUE&limit=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/groups/{ID}/users/add
Adds users with provided IDs to a group with provided ID.
PATH PARAMETERS
ID
string
*
BODY PARAMETER
ID
string
UserIDs
array
Array [ string
]
curl --request POST \
--url https://manage.skyflowapis.com/v1/groups/{ID}/users/add \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","UserIDs":["string"]}'
{
POST
/v1/groups/{ID}/users/remove
Removes Users by Provided IDs from a Group by Provided ID.
PATH PARAMETERS
ID
string
*
BODY PARAMETER
ID
string
UserIDs
array
Array [ string
]
curl --request POST \
--url https://manage.skyflowapis.com/v1/groups/{ID}/users/remove \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","UserIDs":["string"]}'
{
GET
/v1/masterKeys/getImportParams
Gets import parameters to import master key into KMS
QUERY PARAMETERS
workspaceID
string
workspaceID is the ID of the workspace to which the Master Key is to be imported to.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/masterKeys/getImportParams?workspaceID=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/masterKeys/import
Imports master key ciphertext into KMS for use in encrypting vault data keys
BODY PARAMETER
ciphertext
string
ciphertext is the 256-bit AES Symmetric Key encrypted by the RSA Wrapping Key. base64 encoded.
importParams
object
object {
publicKey
string
publicKey is an RSA Public Key with which to encrypt the 256-bit AES Symmetric Master Key. Also known as Wrapping Key. base64 encoded.
importToken
string
importToken is a token valid for 24h which must be provided to the ImportMasterKey API to complete the import process. base64 encoded.
}
workspaceID
string
workspaceID is the ID of the workspace to which the Master Key is to be imported to.
curl --request POST \
--url https://manage.skyflowapis.com/v1/masterKeys/import \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ciphertext":"string","importParams":{"publicKey":"string","importToken":"string"},"workspaceID":"string"}'
{
GET
/v1/masterKeys/vaults/{vaultID}/getMasterKeyMetadata
Gets metadata associated with the Master key of a Vault
PATH PARAMETERS
vaultID
string
*
vaultID is the ID of the vault whose the master key metadata is to be fetched.
QUERY PARAMETERS
workspaceID
string
workspaceID is the ID of the workspace where the vault is hosted.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/masterKeys/vaults/{vaultID}/getMasterKeyMetadata?workspaceID=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/masterKeys/vaults/{vaultID}/rotate
The Master Key used during vault creation to encrypt data keys
PATH PARAMETERS
vaultID
string
*
vaultID is the ID of the vault whose master key is to be rotated.
BODY PARAMETER
vaultID
string
vaultID is the ID of the vault whose master key is to be rotated.
workspaceID
string
workspaceID is the ID of the workspace in which the Master Key Rotation is taking place.
masterKey
object
object {
ID
string
type
string
INVALID
INVALID
INTERNAL
EXTERNAL
- INTERNAL: INTERNAL is the Master Key Type used to identify keys hosted and managed in a Skyflow Cloud. This is the correct type to use for BYO-MKs. - EXTERNAL: EXTERNAL is the Master Key Type used to identify keys hosted and managed in a Customer Cloud. This is the correct type to use for BYO-KMS MKs.
}
pendingWindowInDays
integer
pendingWindowInDays is the waiting period specified in number of days. After the waiting period ends, the Master Key is rotated. This value is optional. It defaults to 0, which triggers an immediate rotation.
curl --request POST \
--url https://manage.skyflowapis.com/v1/masterKeys/vaults/{vaultID}/rotate \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"vaultID":"string","workspaceID":"string","masterKey":{"ID":"string","type":"INVALID"},"pendingWindowInDays":0}'
{
GET
/v1/vaults
List the Vaults that match with the conditions set in the query parameters.
QUERY PARAMETERS
filterOps.name
string
Name filter.
filterOps.status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Status filter. - NONE: NONE is undefined and should not be used.
sortOps.sortBy
string
Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).
sortOps.orderBy
string
ASCENDING
ASCENDING
DESCENDING
Either ascending or descending order specification.
offset
string
Pagination Offset. - indicates the record number to start retrieving data.
limit
string
Pagination Limit. - indicates the number of records to retrieve.
workspaceID
string
Workspace ID. ID of the Workspace to search the Vault
fetchMetadataOnly
boolean
Fetch Metadata Only. Flag specifying if the returned values should only contain a Vault's metadata.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/vaults?filterOps.name=SOME_STRING_VALUE&filterOps.status=SOME_STRING_VALUE&sortOps.sortBy=SOME_STRING_VALUE&sortOps.orderBy=SOME_STRING_VALUE&offset=SOME_STRING_VALUE&limit=SOME_STRING_VALUE&workspaceID=SOME_STRING_VALUE&fetchMetadataOnly=SOME_BOOLEAN_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/vaults
Creates a Vault with the given details
BODY PARAMETER
name
string
Name of the Vault being Created
description
string
Description of the Vault
templateID
string
The Template used to create the Vault. One of templateID/vaultSchema should be defined.
vaultSchema
object
object {
schemas
array
Parsed Schema generated out of the proto
Array [
]
tags
array
Vault level Tags that are present
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
}
useMasterKey
object
object {
ID
string
type
string
INVALID
INVALID
INTERNAL
EXTERNAL
- INTERNAL: INTERNAL is the Master Key Type used to identify keys hosted and managed in a Skyflow Cloud. This is the correct type to use for BYO-MKs. - EXTERNAL: EXTERNAL is the Master Key Type used to identify keys hosted and managed in a Customer Cloud. This is the correct type to use for BYO-KMS MKs.
}
workspaceID
string
ID of the workspace within which the Vault is created.
curl --request POST \
--url https://manage.skyflowapis.com/v1/vaults \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"name":"simpleVaultExample","description":"A vault with 1 table","vaultSchema":{"schemas":[{"name":"table_1","fields":[{"name":"skyflow_id","datatype":"DT_STRING"},{"name":"age","datatype":"DT_INT32"},{"name":"ssn","datatype":"DT_STRING","tags":[{"name":"skyflow.options.replace_pattern","values":["XXX${1}XX${2}${3}"]},{"name":"skyflow.options.format_preserving_regex","values":["^[0-9]{3}-[0-9]{2}-([0-9]{4})$"]},{"name":"skyflow.options.default_dlp_policy","values":["REDACT"]},{"name":"skyflow.options.operation","values":["EXACT_MATCH"]},{"name":"skyflow.options.find_pattern","values":["^[0-9]{3}([- ])?[0-9]{2}([- ])?([0-9]{4})$"]},{"name":"skyflow.options.default_token_policy","values":["FORMAT_PRESERVING_TOKEN"]},{"name":"skyflow.validation.regular_exp","values":["^$|^([0-9]{3}-?[0-9]{2}-?[0-9]{4})$"]}]},{"name":"marital_status","datatype":"DT_STRING","tags":[{"name":"skyflow.validation.predefinedvalues","values":["UNSPECIFIED_MARITAL_STATUS","ANNULLED","DIVORCED","SEPARATED","MARRIED","UNMARRIED","WIDOWED"]},{"name":"skyflow.options.default_token_policy","values":["RANDOM_TOKEN"]},{"name":"skyflow.options.default_dlp_policy","values":["REDACT"]},{"name":"skyflow.options.operation","values":["EXACT_MATCH"]}]}],"childrenSchemas":[{"name":"name","description":"","fields":[{"name":"first_name","datatype":"DT_STRING","tags":[{"name":"skyflow.options.default_token_policy","values":["RANDOM_TOKEN"]},{"name":"skyflow.options.operation","values":["EXACT_MATCH"]}]},{"name":"last_name","datatype":"DT_STRING","tags":[]}]}]}]},"workspaceID":"z10198d5553411def9f2360c609gt3yx"}'
{
GET
/v1/vaults/{ID}
Gets a Vault by ID
PATH PARAMETERS
ID
string
*
ID of the Vault
QUERY PARAMETERS
fetchMetadataOnly
boolean
Fetch Metadata Only. Flag specifying if the returned value should only contain a Vault's metadata.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/vaults/{ID}?fetchMetadataOnly=SOME_BOOLEAN_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
DELETE
/v1/vaults/{ID}
Deletes a Vault by ID
PATH PARAMETERS
ID
string
*
ID of the Vault
curl --request DELETE \
--url https://manage.skyflowapis.com/v1/vaults/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
PATCH
/v1/vaults/{ID}
Updates an existing Vault. After you create a custom vault or a vault from a predefined template, you can also update the vaults. We currently support the following updates. 1. Addition of new tables and fields 2. Deletion of fields when they are empty. a. Note that deletion of child fields inside a composite field is not supported. 3. The following tags can be updated when the field is not empty a. skyflow.options.default_dlp_policy b. skyflow.options.default_token_policy c. skyflow.options.display_name d. skyflow.options.description
PATH PARAMETERS
ID
string
*
ID of the Vault to be updated
BODY PARAMETER
ID
string
ID of the Vault to be updated
name
string
Name of the Vault
description
string
Description for the Vault
templateID
string
The Template used to update the Vault. One of templateID/vaultSchema should be defined.
vaultSchema
object
object {
schemas
array
Parsed Schema generated out of the proto
Array [
]
tags
array
Vault level Tags that are present
Array [ object {
name
string
Name of the Tag
values
array
The list of values for this tag
Array [ string
]
} ]
}
isDryRun
boolean
curl --request PATCH \
--url https://manage.skyflowapis.com/v1/vaults/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"vaultSchema":{"schemas":[{"name":"table 1","fields":[{"name":"skyflow_id","datatype":"DT_STRING"},{"name":"age","datatype":"DT_INT32"},{"name":"ssn","datatype":"DT_STRING","tags":[{"name":"skyflow.options.replace_pattern","values":["XXX${1}XX${2}${3}"]},{"name":"skyflow.options.format_preserving_regex","values":["^[0-9]{3}-[0-9]{2}-([0-9]{4})$"]},{"name":"skyflow.options.default_dlp_policy","values":["REDACTED"]},{"name":"skyflow.options.operation","values":["EXACT_MATCH"]},{"name":"skyflow.options.find_pattern","values":["^[0-9]{3}([- ])?[0-9]{2}([- ])?([0-9]{4})$"]},{"name":"skyflow.options.default_token_policy","values":["FORMAT_PRESERVING_TOKEN"]},{"name":"skyflow.validation.regular_exp","values":["^$|^([0-9]{3}-?[0-9]{2}-?[0-9]{4})$"]}]},{"name":"marital_status","datatype":"DT_STRING","tags":[{"name":"skyflow.validation.predefinedvalues","values":["UNSPECIFIED_MARITAL_STATUS","ANNULLED","DIVORCED","SEPARATED","MARRIED","UNMARRIED","WIDOWED"]},{"name":"skyflow.options.default_token_policy","values":["RANDOM_TOKEN"]},{"name":"skyflow.options.default_dlp_policy","values":["REDACT"]},{"name":"skyflow.options.operation","values":["EXACT_MATCH"]}]},{"name":"annual_income","datatype":"DT_FLOAT32"}],"childrenSchemas":[{"name":"name","description":"","fields":[{"name":"first_name","datatype":"DT_STRING","tags":[{"name":"skyflow.options.default_token_policy","values":["RANDOM_TOKEN"]},{"name":"skyflow.options.operation","values":["EXACT_MATCH"]}]},{"name":"last_name","datatype":"DT_STRING","tags":[]}]}]}]}}'
{
GET
/v1/members/{member.ID}/permissions
Lists permissions that have been assigned to a member.
PATH PARAMETERS
member.ID
string
*
QUERY PARAMETERS
member.type
string
*
NONE
NONE
USER
GROUP
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
Member Type. Type of the member. - NONE: NONE is undefined and should not be used. - USER: Indicates the Member is of type User. - GROUP: Indicates the Member is of type Group. - SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount. - SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
member.name
string
Member name. Name of the member.
member.email
string
Member email. Email address of the member.
member.status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Member status. Status of the member. - NONE: NONE is undefined and should not be used.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/members/{member.ID}/permissions?member.type=SOME_STRING_VALUE&member.name=SOME_STRING_VALUE&member.email=SOME_STRING_VALUE&member.status=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
GET
/v1/members/{member.ID}/roles
Lists role to resource pairs that have been assigned to a member.
PATH PARAMETERS
member.ID
string
*
QUERY PARAMETERS
member.type
string
*
NONE
NONE
USER
GROUP
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
Member Type. Type of the member. - NONE: NONE is undefined and should not be used. - USER: Indicates the Member is of type User. - GROUP: Indicates the Member is of type Group. - SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount. - SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
member.name
string
Member name. Name of the member.
member.email
string
Member email. Email address of the member.
member.status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Member status. Status of the member. - NONE: NONE is undefined and should not be used.
offset
string
Pagination offset. - indicates the record number to start retrieving data
limit
string
Pagination limit. - indicates the number of records to retrieve
filterOps.name
string
Name filter.. Name of the Role to search for.
filterOps.resource.ID
string
*
Resource ID. Resource for which the policies are being defined.
filterOps.resource.type
string
*
NONE
NONE
ORGANIZATION
VAULT
NOTEBOOK
ACCOUNT
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
WORKFLOW
WORKFLOW_RUN
VAULT_TEMPLATE
WORKSPACE
FIELD_TEMPLATE
RECORD
TOKEN
VAULT_FUNCTION_CONFIG
Resource Type. Type of the resource being defined. - NONE: is undefined and should not be used. - ORGANIZATION: Indicates the Resource Type to be Organization. - VAULT: Indicates the Resource Type to be Vault. - NOTEBOOK: Indicates the Resource Type to be Notebook. - ACCOUNT: Indicates the Resource Type to be Account. - SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account. - SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount. - WORKFLOW: Indicates the Resource Type to be Workflow. - WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs. - VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template. - WORKSPACE: Indicates the Resource Type to be Workspace - FIELD_TEMPLATE: Indicates the Resource Type to be Field Template. - RECORD: Indicates the Resource Type to be Record - TOKEN: Indicates the Resource Type to be Token - VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.
filterOps.resource.name
string
Resource Name. Name of the Resource.
filterOps.resource.namespace
string
Resource Namespace. Namespace to uniquely identify the Resource. This will be generated by server and cannot be user generated.
filterOps.resource.description
string
Resource Description. Description of the Resource.
filterOps.resource.status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Resource Status. Status of the Resource. - NONE: NONE is undefined and should not be used.
filterOps.roleType
string
NONE
NONE
SYSTEM
CUSTOM
Role Type filter.. Role Type to filter on.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/members/{member.ID}/roles?member.type=SOME_STRING_VALUE&member.name=SOME_STRING_VALUE&member.email=SOME_STRING_VALUE&member.status=SOME_STRING_VALUE&offset=SOME_STRING_VALUE&limit=SOME_STRING_VALUE&filterOps.name=SOME_STRING_VALUE&filterOps.resource.ID=SOME_STRING_VALUE&filterOps.resource.type=SOME_STRING_VALUE&filterOps.resource.name=SOME_STRING_VALUE&filterOps.resource.namespace=SOME_STRING_VALUE&filterOps.resource.description=SOME_STRING_VALUE&filterOps.resource.status=SOME_STRING_VALUE&filterOps.roleType=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
GET
/v1/policies/{policyID}/roles
Lists Roles that have been assigned to a Policy
PATH PARAMETERS
policyID
string
*
QUERY PARAMETERS
filterOps.name
string
Role Name..
sortOps.sortBy
string
Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).
sortOps.orderBy
string
ASCENDING
ASCENDING
DESCENDING
Either ascending or descending order specification.
offset
string
Pagination offset. - indicates the record number to start retrieving data
limit
string
Pagination limit. - indicates the number of records to retrieve
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/policies/{policyID}/roles?filterOps.name=SOME_STRING_VALUE&sortOps.sortBy=SOME_STRING_VALUE&sortOps.orderBy=SOME_STRING_VALUE&offset=SOME_STRING_VALUE&limit=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
GET
/v1/roleDefinitions
List the supported pre-defined role definitions.
QUERY PARAMETERS
resourceType
string
NONE
NONE
ORGANIZATION
VAULT
NOTEBOOK
ACCOUNT
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
WORKFLOW
WORKFLOW_RUN
VAULT_TEMPLATE
WORKSPACE
FIELD_TEMPLATE
RECORD
TOKEN
VAULT_FUNCTION_CONFIG
Optional resource type to filter for.. - NONE: is undefined and should not be used. - ORGANIZATION: Indicates the Resource Type to be Organization. - VAULT: Indicates the Resource Type to be Vault. - NOTEBOOK: Indicates the Resource Type to be Notebook. - ACCOUNT: Indicates the Resource Type to be Account. - SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account. - SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount. - WORKFLOW: Indicates the Resource Type to be Workflow. - WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs. - VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template. - WORKSPACE: Indicates the Resource Type to be Workspace - FIELD_TEMPLATE: Indicates the Resource Type to be Field Template. - RECORD: Indicates the Resource Type to be Record - TOKEN: Indicates the Resource Type to be Token - VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/roleDefinitions?resourceType=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
GET
/v1/roles
List Roles on a Resource
QUERY PARAMETERS
resource.ID
string
*
Resource ID. Resource for which the policies are being defined.
resource.type
string
*
NONE
NONE
ORGANIZATION
VAULT
NOTEBOOK
ACCOUNT
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
WORKFLOW
WORKFLOW_RUN
VAULT_TEMPLATE
WORKSPACE
FIELD_TEMPLATE
RECORD
TOKEN
VAULT_FUNCTION_CONFIG
Resource Type. Type of the resource being defined. - NONE: is undefined and should not be used. - ORGANIZATION: Indicates the Resource Type to be Organization. - VAULT: Indicates the Resource Type to be Vault. - NOTEBOOK: Indicates the Resource Type to be Notebook. - ACCOUNT: Indicates the Resource Type to be Account. - SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account. - SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount. - WORKFLOW: Indicates the Resource Type to be Workflow. - WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs. - VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template. - WORKSPACE: Indicates the Resource Type to be Workspace - FIELD_TEMPLATE: Indicates the Resource Type to be Field Template. - RECORD: Indicates the Resource Type to be Record - TOKEN: Indicates the Resource Type to be Token - VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.
resource.name
string
Resource Name. Name of the Resource.
resource.namespace
string
Resource Namespace. Namespace to uniquely identify the Resource. This will be generated by server and cannot be user generated.
resource.description
string
Resource Description. Description of the Resource.
resource.status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Resource Status. Status of the Resource. - NONE: NONE is undefined and should not be used.
name
string
Optional role name to filter for..
type
string
NONE
NONE
SYSTEM
CUSTOM
Optional role type to filter for..
sortOps.sortBy
string
Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).
sortOps.orderBy
string
ASCENDING
ASCENDING
DESCENDING
Either ascending or descending order specification.
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/roles?resource.ID=SOME_STRING_VALUE&resource.type=SOME_STRING_VALUE&resource.name=SOME_STRING_VALUE&resource.namespace=SOME_STRING_VALUE&resource.description=SOME_STRING_VALUE&resource.status=SOME_STRING_VALUE&name=SOME_STRING_VALUE&type=SOME_STRING_VALUE&sortOps.sortBy=SOME_STRING_VALUE&sortOps.orderBy=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'
{
POST
/v1/roles
Creates a Custom Role on a set of Resources
BODY PARAMETER
roleDefinition
object
object {
name
string
Unique name of the role.
displayName
string
Display name of the role.
description
string
Description of the role.
permissions
array
Array [ string
]
levels
array
Levels in the resource hierarchy at which this role is applied.
Array [ string
]
type
string
hasWorkspaceLimits
boolean
Boolean indicating if Role has had workspace limits applied to it
}
resource
object
object {
ID
string
Resource for which the policies are being defined.
type
string
NONE
NONE
ORGANIZATION
VAULT
NOTEBOOK
ACCOUNT
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
WORKFLOW
WORKFLOW_RUN
VAULT_TEMPLATE
WORKSPACE
FIELD_TEMPLATE
RECORD
TOKEN
VAULT_FUNCTION_CONFIG
- NONE: is undefined and should not be used. - ORGANIZATION: Indicates the Resource Type to be Organization. - VAULT: Indicates the Resource Type to be Vault. - NOTEBOOK: Indicates the Resource Type to be Notebook. - ACCOUNT: Indicates the Resource Type to be Account. - SERVICE_ACCOUNT: Indicates the Resource Type to be Service Account. - SQL_SERVICE_ACCOUNT: Indicates the Resource Type to be SqlAccessAccount. - WORKFLOW: Indicates the Resource Type to be Workflow. - WORKFLOW_RUN: Indicates the Resource Type to be Workflow Runs. - VAULT_TEMPLATE: Indicates the Resource Type to be Vault Template. - WORKSPACE: Indicates the Resource Type to be Workspace - FIELD_TEMPLATE: Indicates the Resource Type to be Field Template. - RECORD: Indicates the Resource Type to be Record - TOKEN: Indicates the Resource Type to be Token - VAULT_FUNCTION_CONFIG: Indicates the Resource Type to be Vault Function Config.
name
string
Name of the Resource.
namespace
string
Namespace to uniquely identify the Resource. This will be generated by server and cannot be user generated.
description
string
Description of the Resource.
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
}
curl --request POST \
--url https://manage.skyflowapis.com/v1/roles \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"roleDefinition":{"name":"string","displayName":"string","description":"string","permissions":["string"],"levels":["string"],"type":"NONE"},"resource":{"ID":"g2400b4c4c9c11ea8baaacde48001122","type":"VAULT"}}'
{
POST
/v1/roles/assign
Assigns members a role on a resource.
BODY PARAMETER
ID
string
members
array
Array [ object {
ID
string
type
string
NONE
NONE
USER
GROUP
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
- NONE: NONE is undefined and should not be used. - USER: Indicates the Member is of type User. - GROUP: Indicates the Member is of type Group. - SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount. - SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
name
string
Name of the member.
string
Email address of the member.
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
} ]
curl --request POST \
--url https://manage.skyflowapis.com/v1/roles/assign \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","members":[{"ID":"mb057d4c570011ea89d9acde48001122","type":"USER"}]}'
{
POST
/v1/roles/unassign
Unassigns members from the role on a resource.
BODY PARAMETER
ID
string
members
array
Array [ object {
ID
string
type
string
NONE
NONE
USER
GROUP
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
- NONE: NONE is undefined and should not be used. - USER: Indicates the Member is of type User. - GROUP: Indicates the Member is of type Group. - SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount. - SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
name
string
Name of the member.
string
Email address of the member.
status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
- NONE: NONE is undefined and should not be used.
} ]
curl --request POST \
--url https://manage.skyflowapis.com/v1/roles/unassign \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","members":[{"ID":"mb057d4c570011ea89d9acde48001122","type":"USER"}]}'
{
GET
/v1/roles/{ID}
Gets a Role by ID
PATH PARAMETERS
ID
string
*
curl --request GET \
--url https://manage.skyflowapis.com/v1/roles/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
DELETE
/v1/roles/{ID}
Deletes a Role
PATH PARAMETERS
ID
string
*
curl --request DELETE \
--url https://manage.skyflowapis.com/v1/roles/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE'
{
PATCH
/v1/roles/{ID}
Updates a Role
PATH PARAMETERS
ID
string
*
BODY PARAMETER
ID
string
roleDefinition
object
object {
name
string
Unique name of the role.
displayName
string
Display name of the role.
description
string
Description of the role.
permissions
array
Array [ string
]
levels
array
Levels in the resource hierarchy at which this role is applied.
Array [ string
]
type
string
hasWorkspaceLimits
boolean
Boolean indicating if Role has had workspace limits applied to it
}
curl --request PATCH \
--url https://manage.skyflowapis.com/v1/roles/{ID} \
--header 'Authorization: REPLACE_KEY_VALUE' \
--header 'content-type: application/json' \
--data '{"ID":"string","roleDefinition":{"name":"string","displayName":"string","description":"string","permissions":["string"],"levels":["string"],"type":"NONE"}}'
{
GET
/v1/roles/{ID}/members
Lists members that are assigned a provided role.
PATH PARAMETERS
ID
string
*
QUERY PARAMETERS
filterOps.email
string
Email filter.
filterOps.type
string
NONE
NONE
USER
GROUP
SERVICE_ACCOUNT
SQL_SERVICE_ACCOUNT
Member Type filter. - NONE: NONE is undefined and should not be used. - USER: Indicates the Member is of type User. - GROUP: Indicates the Member is of type Group. - SERVICE_ACCOUNT: Indicates the Member is of type ServiceAccount. - SQL_SERVICE_ACCOUNT: Indicates the Member is of SqlServiceAccount.
filterOps.name
string
Name filter.
filterOps.status
string
NONE
NONE
CREATED
PENDING
ACTIVE
INACTIVE
ARCHIVED
DELETED
Status filter. - NONE: NONE is undefined and should not be used.
sortOps.sortBy
string
Fully qualified Object field by which to sort results. Field names should be passed in camel case (e.g. camelCase).
sortOps.orderBy
string
ASCENDING
ASCENDING
DESCENDING
Either ascending or descending order specification.
offset
string
Pagination offset. - indicates the record number to start retrieving data
limit
string
Pagination limit. - indicates the number of records to retrieve
curl --request GET \
--url 'https://manage.skyflowapis.com/v1/roles/{ID}/members?filterOps.email=SOME_STRING_VALUE&filterOps.type=SOME_STRING_VALUE&filterOps.name=SOME_STRING_VALUE&filterOps.status=SOME_STRING_VALUE&sortOps.sortBy=SOME_STRING_VALUE&sortOps.orderBy=SOME_STRING_VALUE&offset=SOME_STRING_VALUE&limit=SOME_STRING_VALUE' \
--header 'Authorization: REPLACE_KEY_VALUE'