Skip to main content

Styra API (2.0.0)

Download OpenAPI specification:Download

Styra DAS is entirely API-driven.

Access to the APIs requires authentication that should be provided as an Authorization HTTP header including a Styra DAS-issued token:

Authorization: Bearer <YOURTOKENHERE>

To request a token you need to have an Styra account, and create a token via the API Tokens menu.

activity

Activity log

Retrieve activity log

At most 256 entries returned per request. If only start_time or end_time is provided by the caller then the request defaults to 1 hour range

Request Body schema: application/json
class_type
string

audit or activity

count
integer <int32>
Default: 256

max count of records to return: max(4096)

end_time
string <date-time>

filter time range end_time

forward
boolean
Default: false

search from start(true) or end(false) of table

request_id
string

filter on matching request_id

start_time
string <date-time>

filter time range start_time

Responses

Request samples

Content type
application/json
{
  • "class_type": "string",
  • "count": 256,
  • "end_time": "2019-08-24T14:15:22Z",
  • "forward": false,
  • "request_id": "string",
  • "start_time": "2019-08-24T14:15:22Z"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

agents

Agent statuses API

Get current agent statuses

path Parameters
kind
required
string

agent kind such as "agents", "datasources", "slps", "exporters"

query Parameters
system
string

return only statuses for one or more system ID

id
string

return only statuses for one or more agent ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Post agent status

path Parameters
kind
required
string

agent kind such as "agents", "datasources", "slps", "exporters"

Request Body schema: application/json
object (status.v1.AgentStatus)

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Delete agent information

path Parameters
kind
required
string

agent kind such as "agents", "datasources", "slps", "exporters"

id
required
string.*

agent id

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Update agent status

path Parameters
kind
required
string

agent kind such as "agents", "datasources", "slps", "exporters"

id
required
string.*

agent id

Request Body schema: application/json
object (status.v1.AgentStatus)

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "request_id": "string"
}

authz

Authz management

Evaluate a list of permissions

Request Body schema: application/json
Array
action
required
string
body
required
object
check_option
required
string
operation
required
string
path
required
string

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

List all role bindings for all resources of all resource types

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

List role bindings

path Parameters
resourcetype
required
string.*

resource type

resource
required
string.*

resource id

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Delete a resource role binding

path Parameters
resourcetype
required
string.*

resource type

resource
required
string.*

resource id

rolebinding
required
string.*

role binding id

query Parameters
recursive
string

if set to 'false', only deletes the role binding configuration and does not delete associated objects

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get a role binding

path Parameters
resourcetype
required
string.*

resource type

resource
required
string.*

resource id

rolebinding
required
string.*

role binding id

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Update a role binding

path Parameters
resourcetype
required
string.*

resource type

resource
required
string.*

resource id

rolebinding
required
string.*

role binding id

Request Body schema: application/json
description
required
string
id
required
string
role_name
required
string
subjects
required
Array of strings

Responses

Request samples

Content type
application/json
{
  • "description": "string",
  • "id": "string",
  • "role_name": "string",
  • "subjects": [
    ]
}

Response samples

Content type
application/json
{
  • "request_id": "string"
}

List Styra-defined roles

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

List role bindings

query Parameters
resource_kind
string

if set returns only rolebindings involving the specified resource kind (if supplied multiple times will return rolebindings that match any of the specified resource kinds)

resource_id
string

if set returns only rolebindings involving the specified resource id (if supplied multiple times will return rolebindings that match any of the specified resource ids)

role_id
string

if set returns only rolebindings involving the specified role id (if supplied multiple times will return rolebindings that match any of the specified role ids)

subject_kind
string

if set returns only rolebindings involving the specified subject kind (if supplied multiple times will return rolebindings that match any of the specified subject kinds)

subject_id
string

if set returns only rolebindings involving the specified subject id (if supplied multiple times will return rolebindings that match any of the specified subject ids)

internal
boolean

if set to 'true', returns only internal rolebindings

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "rolebindings": [
    ]
}

Create or update rolebinding

header Parameters
If-None-Match
string

if set to '*', will not update existing rolebinding

Request Body schema: application/json
id
string

if present, implies updating existing rolebinding in its entirety, otherwise create new

required
object (authz.v2.ResourceFilter)
role_id
required
string

role ID e.g., SystemOwner

required
Array of objects (authz.v2.Subject)

list of subjects

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "resource_filter": {
    },
  • "role_id": "string",
  • "subjects": [
    ]
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "rolebinding": {
    }
}

Delete rolebinding

path Parameters
id
required
string.*

rolebinding ID

header Parameters
If-Match
string

if set to '*', will return success if not found

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get rolebinding

path Parameters
id
required
string.*

rolebinding ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "rolebinding": {
    }
}

Delete rolebinding subjects

path Parameters
id
required
string.*

rolebinding ID

Request Body schema: application/json
required
Array of objects (authz.v2.Subject)
Array
object (authz.v2.ClaimConfig)
id
string

subject ID (not needed for claim subjects)

kind
required
string

subject type e.g., user

Responses

Request samples

Content type
application/json
{
  • "subjects": [
    ]
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "rolebinding": {
    }
}

Update rolebinding subjects

path Parameters
id
required
string.*

rolebinding ID

Request Body schema: application/json
required
Array of objects (authz.v2.Subject)
Array
object (authz.v2.ClaimConfig)
id
string

subject ID (not needed for claim subjects)

kind
required
string

subject type e.g., user

Responses

Request samples

Content type
application/json
{
  • "subjects": [
    ]
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "rolebinding": {
    }
}

Merge rolebinding subjects

path Parameters
id
required
string.*

rolebinding ID

Request Body schema: application/json
required
Array of objects (authz.v2.Subject)
Array
object (authz.v2.ClaimConfig)
id
string

subject ID (not needed for claim subjects)

kind
required
string

subject type e.g., user

Responses

Request samples

Content type
application/json
{
  • "subjects": [
    ]
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "rolebinding": {
    }
}

List roles

query Parameters
resource_kind
string

if set returns only roles applicable to specific resource kind

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "roles": [
    ]
}

blueprints

An api for executing terraform plans.

List available blueprints.

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Execute a blueprint.

path Parameters
name
required
string.*

The blueprint name.

Request Body schema: */*
any (blueprints.v1.BlueprintPostRequest)

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

bundles

Policy Bundles

Get a policy bundle

query Parameters
policy
string

policy name

eval_path
string

path to partial evaluation

header Parameters
If-None-Match
string

etag

Responses

Response samples

Content type
No sample

Get a policy bundle

path Parameters
policy
required
string.*

policy name

query Parameters
eval_path
string

path to partial evaluation

header Parameters
If-None-Match
string

etag

Responses

Response samples

Content type
No sample

data

Data read/write

List data

Data (whether the result of evaluating policy or the data gathered by datasources) is arranged into a tree. List the locations within the tree that data exists.

query Parameters
rego
string

Rego query to be executed for the documents

jsonpath
string

Json Path expression to extract portions of documents

download
boolean
Default: false

Download data as data.json file

limit
string

Returns '413 Payload Too Large' response if the body size is greater than given limit. The units KB, MB and etc can be used. Example: 10 MB; 28 kilobytes; 2000

header Parameters
If-None-Match
string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

Content type
application/json
{
  • "mocks": {
    },
  • "request_id": "string",
  • "result": null
}

Check size of data

query Parameters
rego
string

Rego query to be executed for the documents

jsonpath
string

Json Path expression to extract portions of documents

header Parameters
If-None-Match
string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

Content type
application/json
{
  • "code": "string",
  • "errors": [
    ],
  • "message": "string",
  • "request_id": "string"
}

Show all data

header Parameters
If-None-Match
string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Request Body schema:
input
object
jsonpath
string

Json Path expression to extract portions of documents

object (systems.v1.BuiltinMocks)
query_package
string

The package name to be used with query in case of multiple rego modules

rego
string

Rego query to be executed for the documents

object

List of rego modules to be loaded and executed for the documents

Responses

Request samples

Content type
{
  • "input": { },
  • "jsonpath": "string",
  • "mocks": {
    },
  • "query_package": "string",
  • "rego": "string",
  • "rego_modules": {
    }
}

Response samples

Content type
application/json
{
  • "mocks": {
    },
  • "request_id": "string",
  • "result": null
}

Get data

Show data at the given name. The name must be an extension of one of the locations of data as returned by GET v1/data

path Parameters
name
required
string.*

data name

query Parameters
rego
string

Rego query to be executed for the documents

jsonpath
string

Json Path expression to extract portions of documents

download
boolean
Default: false

Download data as .json file

limit
string

Returns '413 Payload Too Large' response if the body size is greater than given limit. The units KB, MB and etc can be used. Example: 10 MB; 28 kilobytes; 2000

header Parameters
If-None-Match
string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

Content type
application/json
{
  • "mocks": {
    },
  • "request_id": "string",
  • "result": null
}

Check the size of the data

path Parameters
name
required
string.*

data name

query Parameters
rego
string

Rego query to be executed for the documents

jsonpath
string

Json Path expression to extract portions of documents

header Parameters
If-None-Match
string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

Content type
application/json
{
  • "code": "string",
  • "errors": [
    ],
  • "message": "string",
  • "request_id": "string"
}

Patch data

Modify the data of the push datasource registered at <path> by applying a JSON patch to the JSON document. The content type for the patch is application/json-patch+json. The operation returns the modified data.

path Parameters
name
required
string.*

data name

header Parameters
If-Match
string

etag

Request Body schema:
object (meta.v1.RequestObject)

Responses

Request samples

Content type
{ }

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": null
}

Show data

Show data at the given name. The name must be an extension of one of the locations of data as returned by GET v1/data.

path Parameters
name
required
string.*

data name

header Parameters
If-None-Match
string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Request Body schema:
input
object
jsonpath
string

Json Path expression to extract portions of documents

object (systems.v1.BuiltinMocks)
query_package
string

The package name to be used with query in case of multiple rego modules

rego
string

Rego query to be executed for the documents

object

List of rego modules to be loaded and executed for the documents

Responses

Request samples

Content type
{
  • "input": { },
  • "jsonpath": "string",
  • "mocks": {
    },
  • "query_package": "string",
  • "rego": "string",
  • "rego_modules": {
    }
}

Response samples

Content type
application/json
{
  • "mocks": {
    },
  • "request_id": "string",
  • "result": null
}

Publish data

Set the data for the datasource registered at <name> to an arbitrary JSON document. This data can be read by doing GET v1/data/<path>

path Parameters
name
required
string.*

data name

header Parameters
If-Match
string

etag

Request Body schema:
object (meta.v1.RequestObject)

Responses

Request samples

Content type
{ }

Response samples

Content type
application/json
{
  • "request_id": "string"
}

datasources

Data Sources Management

List data sources

query Parameters
system
string

Filter data source by system ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Delete a data source

path Parameters
datasource
required
string.*

Data source ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get a data source

path Parameters
datasource
required
string.*

Data source ID

query Parameters
execute
boolean

Execute data source

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": { }
}

Execute or Preview a data source

path Parameters
datasource
required
string.*

Data source ID

query Parameters
execute
boolean

Execute data source

preview
boolean

Preview data source

Request Body schema: */*
One of
category
required
string

Must be aws/ecr

description
string
enabled
boolean
Default: true
on_premises
boolean
Default: false
rate_limit
number
Default: 3

requests per second

polling_interval
string
Default: "30s"
policy_filter
string

Policy Filter (if set, then policy_query must be set as well)

policy_query
string

Policy Query (if set, then policy_filter must be set as well)

credentials
required
string

Secret ID with AWS credentials

region
required
string

AWS region

RegistryId
string

Registry ID

Responses

Request samples

Content type
*/*
Example
{
  "category": "aws/ecr",
  "credentials": "aws_creds",
  "on_premises": false,
  "region": "us-east-1"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": null
}

Upsert a data source

path Parameters
datasource
required
string.*

Data source ID

header Parameters
If-None-Match
string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Request Body schema: */*
One of
category
required
string

Must be aws/ecr

description
string
enabled
boolean
Default: true
on_premises
boolean
Default: false
rate_limit
number
Default: 3

requests per second

polling_interval
string
Default: "30s"
policy_filter
string

Policy Filter (if set, then policy_query must be set as well)

policy_query
string

Policy Query (if set, then policy_filter must be set as well)

credentials
required
string

Secret ID with AWS credentials

region
required
string

AWS region

RegistryId
string

Registry ID

Responses

Request samples

Content type
*/*
Example
{
  "category": "aws/ecr",
  "credentials": "aws_creds",
  "on_premises": false,
  "region": "us-east-1"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

decisions

analysis

Search decision logs

query Parameters
input_max_size
string

input_max_size will remove specifed subfield from response if it exceeds the size specified

result_max_size
string

result_max_size will remove specifed subfield from response if it exceeds the size specified

cursor
string

continue from cursor position of previous query

start_time
string

minimum decision time

end_time
string

maximum decision time

search
string

search query

system
string

system ID

stack
string

stack ID

limit
integer

maximum number of decisions to return

result_kind
string

comma-separated list of ALL, UNKNOWN, ADVICE, ALLOWED, DENIED, ERROR

order
string

ASC, DESC (default)

default_timezone
string

client time zone offset e.g. -07:00, +3:00, Z. Local time expressions in query are adjusted with this offset

compact
boolean

return only essential decision fields

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Search decision logs

query Parameters
input_max_size
string

input_max_size will remove specifed subfield from response if it exceeds the size specified

result_max_size
string

result_max_size will remove specifed subfield from response if it exceeds the size specified

Request Body schema: application/json
compact
required
boolean

return only essential decision fields

cursor
required
string

continue from cursor position of previous query

default_timezone
required
string

client time zone offset. Local time expressions in query are adjusted with this offset

end_time
required
string <date-time>

maximum decision time

limit
required
integer <int64>

maximum number of decisions to return

order
required
string
Default: "DESC"

ASC, DESC

result_kind
required
string

comma-separated list of ALL, UNKNOWN, ADVICE, ALLOWED, DENIED, ERROR

search
required
string

search query

stack
required
string

stack ID

start_time
required
string <date-time>

minimum decision time

system
required
string

system ID

Responses

Request samples

Content type
application/json
{
  • "compact": true,
  • "cursor": "string",
  • "default_timezone": "string",
  • "end_time": "2019-08-24T14:15:22Z",
  • "limit": 0,
  • "order": "DESC",
  • "result_kind": "string",
  • "search": "string",
  • "stack": "string",
  • "start_time": "2019-08-24T14:15:22Z",
  • "system": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Get a single decision

path Parameters
cursor
required
string

decision cursor value

query Parameters
input_max_size
string

input_max_size will remove specifed subfield from response if it exceeds the size specified

result_max_size
string

result_max_size will remove specifed subfield from response if it exceeds the size specified

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

identity-providers

Identity Providers management

List providers

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Create provider

Request Body schema: application/json
allow_idp_initiated
required
boolean
allowed_domains
required
Array of strings
auth_url
required
string
client_id
required
string
client_secret
required
string
email_attribute
required
string
enabled
required
boolean
id
required
string
issuer_url
required
string
jit
required
boolean
key_certificate
required
string
metadata
required
string
override_discovery_issuer_url
string
proxy_url
required
string
response_mode
required
string
scopes
required
Array of strings
skip_token_issuer_check
boolean
token_url
required
string
type
required
string
user_info_url
required
string

Responses

Request samples

Content type
application/json
{
  • "allow_idp_initiated": true,
  • "allowed_domains": [
    ],
  • "auth_url": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "email_attribute": "string",
  • "enabled": true,
  • "id": "string",
  • "issuer_url": "string",
  • "jit": true,
  • "key_certificate": "string",
  • "metadata": "string",
  • "override_discovery_issuer_url": "string",
  • "proxy_url": "string",
  • "response_mode": "string",
  • "scopes": [
    ],
  • "skip_token_issuer_check": true,
  • "token_url": "string",
  • "type": "string",
  • "user_info_url": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Delete provider

path Parameters
providerId
required
string.+

provider ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get provider

path Parameters
providerId
required
string.+

provider ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Create or update provider

path Parameters
providerId
required
string.+

provider ID

header Parameters
If-None-Match
string

if set to '*' then creates a new provider with type-specific related objects

Request Body schema: application/json
allow_idp_initiated
required
boolean
allowed_domains
required
Array of strings
auth_url
required
string
client_id
required
string
client_secret
required
string
email_attribute
required
string
enabled
required
boolean
id
required
string
issuer_url
required
string
jit
required
boolean
key_certificate
required
string
metadata
required
string
override_discovery_issuer_url
string
proxy_url
required
string
response_mode
required
string
scopes
required
Array of strings
skip_token_issuer_check
boolean
token_url
required
string
type
required
string
user_info_url
required
string

Responses

Request samples

Content type
application/json
{
  • "allow_idp_initiated": true,
  • "allowed_domains": [
    ],
  • "auth_url": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "email_attribute": "string",
  • "enabled": true,
  • "id": "string",
  • "issuer_url": "string",
  • "jit": true,
  • "key_certificate": "string",
  • "metadata": "string",
  • "override_discovery_issuer_url": "string",
  • "proxy_url": "string",
  • "response_mode": "string",
  • "scopes": [
    ],
  • "skip_token_issuer_check": true,
  • "token_url": "string",
  • "type": "string",
  • "user_info_url": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string"
}

invitations

User invitations

List invitations

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Invite user

query Parameters
email
boolean

set to false to avoid sending an email

Request Body schema: application/json
roles
required
Array of strings

list of roles for the invited user

user_id
required
string

user ID to create invitation for

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ],
  • "user_id": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Revoke invitation

path Parameters
id
required
string.+

user ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get invitation

path Parameters
id
required
string.+

user ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Accept invitation

path Parameters
token
required
string.+

token from the invitation URL

Request Body schema: application/json
password
required
string

new user password

tos_checked
required
boolean

terms of service were accepted

user_id
required
string

new user ID

Responses

Request samples

Content type
application/json
{
  • "password": "string",
  • "tos_checked": true,
  • "user_id": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string"
}

logreplay

log-replay is a service that re-evaluates past decision logs in order to estimate what would change if one of the policies would be different. log-replay is used as an analysis tool to analyze the impact of a policy change.

Run log-replay

Request Body schema: application/json
compare_full_results
boolean
Default: false

do not compare decisions by system-type-dependent significant fields

data_patches
Array of objects (json.JsonPatchSpec)

list of JSON Patches to apply to the data namespace

decision_patches
Array of objects (json.JsonPatchSpec)

list of JSON Patches to apply to the decisions before they evaluated

deterministic_policies
boolean
Default: true

signals that decisions having the same inputs, data and revision always evaluate to the same result and therefore can be cached

duration
string

maximum replay duration (e.g. "20s")

max_samples
integer <int32>

maximum number of samples to return

object (systems.v1.BuiltinMocks)
object

modified rego policies (path => rego content)

Array of objects (logreplay.v1.ReplayScope)

list of scopes to narrow the decision search

skip_batches
Array of strings

list of batch IDs to skip

Responses

Request samples

Content type
application/json
{
  • "compare_full_results": false,
  • "data_patches": [
    ],
  • "decision_patches": [
    ],
  • "deterministic_policies": true,
  • "duration": "string",
  • "max_samples": 0,
  • "mocks": {
    },
  • "policies": {
    },
  • "scope": [
    ],
  • "skip_batches": [
    ]
}

Response samples

Content type
application/json
{
  • "analyzed_batches": [
    ],
  • "duration": 0,
  • "samples": [
    ],
  • "started": "2019-08-24T14:15:22Z",
  • "stats": {
    }
}

logreplay-v2

LogReplay Service v2

Run log-replay

Request Body schema: application/json
object

system ID -> bundle filter mapping specifying which bundles to consider for each system. Use empty string or '*' to provide default filter

compare_full_results
boolean
Default: false

do not compare decisions by system-type-dependent significant fields

decision_patches
Array of objects (json.JsonPatchSpec)

list of JSON Patches to apply to the decisions before they evaluated

object

modifications to make to policies or data

duration
string

maximum replay duration (e.g. "20s")

max_samples
integer <int32>

maximum number of samples to return

object (systems.v1.BuiltinMocks)
path_filters
Array of strings

list of path filters. Each entry is either a path prefix that the decision path must begin with or the decision path must be prefix of the entry

skip_batches
Array of strings

list of batch IDs to skip

Responses

Request samples

Content type
application/json
{
  • "bundle_filters": {
    },
  • "compare_full_results": false,
  • "decision_patches": [
    ],
  • "drafts": {
    },
  • "duration": "string",
  • "max_samples": 0,
  • "mocks": {
    },
  • "path_filters": [
    ],
  • "skip_batches": [
    ]
}

Response samples

Content type
application/json
{
  • "mocks": {
    },
  • "request_id": "string",
  • "result": {
    }
}

logs

OPA decision logs API

Post decision logs

Request Body schema: application/json
Array
object (meta.v1.RequestObject)

Responses

Request samples

Content type
application/json
[
  • { }
]

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Post decision logs with partition

path Parameters
partition
required
string.*

partition name. Currently not used

Request Body schema: application/json
Array
object (meta.v1.RequestObject)

Responses

Request samples

Content type
application/json
[
  • { }
]

Response samples

Content type
application/json
{
  • "request_id": "string"
}

mock/opa

The api for mock opas.

List mock opas.

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Create a mock opa.

Request Body schema: application/json
duration
required
string
system_id
required
string

Responses

Request samples

Content type
application/json
{
  • "duration": "string",
  • "system_id": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Get info about the service.

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Delete a mock opa.

path Parameters
id
required
string.*

The mock opa id.

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get a mock opa.

path Parameters
id
required
string.*

The mock opa id.

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

notifications

Notification Integration

Handle callbacks from notification applications.

path Parameters
type
required
string.*

notification type

query Parameters
code
string

authorization code from notification tool

state
string

unique identification code

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "response_url": "string"
}

Start installing the notification tool.

path Parameters
type
required
string.*

notification type

query Parameters
redirect_url
string

the landing page when OAuth is successfully done.

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Uninstall a notification tool.

path Parameters
type
required
string.*

notification type

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get the status of a notification tool.

path Parameters
type
required
string.*

notification type

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Insert an access token for the notification tool.

path Parameters
type
required
string.*

notification type

Request Body schema: application/json
token
required
string

Responses

Request samples

Content type
application/json
{
  • "token": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string"
}

openapi

OpenAPI Specification

Returns a deprecated version

path Parameters
spec
required
stringv.*

OpenAPI Spec version

version
required
string.*

API version

Responses

Swagger v2 Specification

Responses

OpenAPI v3 Specification

Responses

passwords

Passwords strength and forgotten password request email and reset

Request password reset email

Request Body schema: application/json
password
required
string
user_id
required
string

Responses

Request samples

Content type
application/json
{
  • "password": "string",
  • "user_id": "string"
}

Response samples

Content type
application/json
{
  • "url": "string"
}

Reset password

path Parameters
token
required
string.+

Token ID

Request Body schema: application/json
password
required
string
user_id
required
string

Responses

Request samples

Content type
application/json
{
  • "password": "string",
  • "user_id": "string"
}

Response samples

Content type
application/json
{
  • "url": "string"
}

Analyze password strength

Request Body schema: application/json
password
required
string

Responses

Request samples

Content type
application/json
{
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

policies

Policy management

List policies

query Parameters
metadata
string

return rego metadata of specified type or all if no type provided

drafts
boolean

return rego metadata for draft policies (when metadata flag is used)

Responses

Response samples

Content type
application/json
{
  • "metadata": [
    ],
  • "request_id": "string",
  • "result": null
}

Bulk upload policies

Request Body schema: application/gzip

Policy bundle

string <binary>

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

List playground policies

query Parameters
metadata
string

return rego metadata of specified type or all if no type provided

drafts
boolean

return rego metadata for draft policies (when metadata flag is used)

Responses

Response samples

Content type
application/json
{
  • "metadata": [
    ],
  • "request_id": "string",
  • "result": null
}

Bulk upload playground policies

Request Body schema: application/gzip

Policy bundle

string <binary>

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

List system policies

path Parameters
system
required
string

system id

query Parameters
metadata
string

return rego metadata of specified type or all if no type provided

drafts
boolean

return rego metadata for draft policies (when metadata flag is used)

Responses

Response samples

Content type
application/json
{
  • "metadata": [
    ],
  • "request_id": "string",
  • "result": null
}

Bulk upload system policies

path Parameters
system
required
string

system id

Request Body schema: application/gzip

Policy bundle

string <binary>

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Delete a policy

path Parameters
policy
required
string.+

policy name

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get a policy

path Parameters
policy
required
string.+

policy name

query Parameters
dependencies
boolean

include dependencies

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": null
}

Update a policy

path Parameters
policy
required
string.+

policy name

header Parameters
If-None-Match
string

etag

Request Body schema:
required
object

module file name to rego contents dictionary

object (crypto.Signature)

Responses

Request samples

Content type
{
  • "modules": {
    },
  • "signature": {
    }
}

Response samples

Content type
application/json
{
  • "request_id": "string"
}

relay-server

manages relay-clients

Get clients

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Evict client connections

path Parameters
key
required
string[a-zA-Z0-9-_]+

key that the relay client registered with

query Parameters
id
string

id of a specific relay client

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Register Client

path Parameters
key
required
string[a-zA-Z0-9-_]+

key to register the relay client with

query Parameters
id
string

id of the relay client

Responses

secrets

Secrets Management

List secrets

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Delete secret

path Parameters
secretId
required
string.*

secret ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get secret

path Parameters
secretId
required
string.*

secret ID

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Create/update secret

path Parameters
secretId
required
string.*

secret ID

header Parameters
If-None-Match
string

if set to '*' then the request fill fail if the secret already exists

Request Body schema: application/json
description
required
string
name
required
string
secret
required
string

Responses

Request samples

Content type
application/json
{
  • "description": "string",
  • "name": "string",
  • "secret": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string"
}

signup-passwords

Passwords strength and forgotten password requests

Request password reset email

Request Body schema: application/json
password
required
string
user_id
required
string

Responses

Request samples

Content type
application/json
{
  • "password": "string",
  • "user_id": "string"
}

Response samples

Content type
application/json
{
  • "url": "string"
}

Analyze password strength

Request Body schema: application/json
password
required
string

Responses

Request samples

Content type
application/json
{
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

stacks

Stacks management

List stacks

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": [
    ]
}

Create a stack

Request Body schema: application/json
description
required
string
name
required
string
read_only
required
boolean
object (stacks.v1.SourceControlConfig)
type
required
string
type_parameters
object

stack type parameter values (for template.* types)

Responses

Request samples

Content type
application/json
{
  • "description": "string",
  • "name": "string",
  • "read_only": true,
  • "source_control": {
    },
  • "type": "string",
  • "type_parameters": { }
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Verify git access

Verifies that the repository can be accessed with the provided credentials

Request Body schema: application/json
commit
required
string

Commit SHA. Only one of reference or commit can be set at any time

credentials
required
string

Credentials are looked under the key /

id
required
string

id of the entity so that the config can be checked for duplicates

path
required
string

Path to limit the import to

reference
required
string

Remote reference. Only one of reference or commit can be set at any time

object (git.v1.SSHCredentials)
url
required
string

Repository URL

Responses

Request samples

Content type
application/json
{
  • "commit": "string",
  • "credentials": "string",
  • "id": "string",
  • "path": "string",
  • "reference": "string",
  • "ssh_credentials": {
    },
  • "url": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Delete a user-owned branch

path Parameters
id
required
string.*

stack id

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

List files in Styra DAS-created branch.

Gets the list of files for the branch that the Styra DAS creates when modifying rego in the Styra DAS UI and pushing the changes to GitHub in a branch for review.

path Parameters
id
required
string.*

stack id

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Commit files to stack source control

Commit files to source control associated with a stack

path Parameters
id
required
string.*

stack id

Request Body schema: application/json
author
required
string
email
required
string
required
object

Map of filenames to file contents

files_to_delete
required
Array of strings

List of filenames to delete from the repo

message
required
string

Responses

Request samples

Content type
application/json
{
  • "author": "string",
  • "email": "string",
  • "files": {
    },
  • "files_to_delete": [
    ],
  • "message": "string"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

List files in current branch.

Gets the list of files in the currently chosen branch.

path Parameters
id
required
string.*

stack id

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Delete a stack

path Parameters
stack
required
string.*

stack id

Responses

Response samples

Content type
application/json
{
  • "request_id": "string"
}

Get a stack configuration

path Parameters
stack
required
string.*

stack id

query Parameters
datasources
boolean

set to 'false' to omit datasources from the output

Responses

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "result": {
    }
}

Create or update a stack

path Parameters
stack
required
string.*

stack id

Request Body schema: application/json
description
required
string
name
required
string
read_only
required
boolean
object (stacks.v1.SourceControlConfig)
type
required
string
type_parameters
object

stack type parameter values (for template.* types)

Responses

Request samples

Content type
application/json
{
  • "description": "string",
  • "name": "string",
  • "read_only": true,
  • "source_control": {