Styra API (2.0.0)

Download OpenAPI specification:Download

E-mail: support@styra.com License: Apache 2.0 Terms of Service

Styra DAS is entirely API-driven.

Access to the APIs requires authentication that should be provided as an Authorization HTTP header including a Styra DAS-issued token:

Authorization: Bearer <YOURTOKENHERE>

To request a token you need to have an Styra account, and create a token via the API Tokens menu.

Styra DAS Documentation

activity

Activity log

Retrieve activity log

At most 256 entries returned per request. If only start_time or end_time is provided by the caller then the request defaults to 1 hour range

Request Body schema: application/json

class_type	string audit or activity
count	integer <int32> Default: 256 max count of records to return: max(4096)
end_time	string <date-time> filter time range end_time
forward	boolean Default: false search from start(true) or end(false) of table
request_id	string filter on matching request_id
start_time	string <date-time> filter time range start_time

Responses

Request samples

Payload

Content type

application/json

{"class_type": "string",
"count": 256,
"end_time": "2019-08-24T14:15:22Z",
"forward": false,
"request_id": "string",
"start_time": "2019-08-24T14:15:22Z"
}

Response samples

200
400

Content type

application/json

{"request_id": "string",
"result": {"data": [{"decision": {"input": {"body": { },
"method": "string",
"path": "string",
"user": "string",
"user_claims": { }
},
"output": {"allow": true,
"status": {"reason": "string"
}
}
},
"duration": 0,
"request": {"class": "string",
"errors": {"evaluation": "string"
},
"host": "string",
"id": "string",
"method": "string",
"path": "string",
"request_body": "string",
"requested_by": "string",
"requested_through": "string",
"timestamp": "2019-08-24T14:15:22Z"
},
"response": {"errors": {"processing": "string"
},
"status_code": 0,
"timestamp": "2019-08-24T14:15:22Z"
}
}
]
}
}

activity-v2

Activity log

Retrieve activity records

query Parameters

cursor	string continue from cursor position of previous query
start_time	string minimum request time
end_time	string maximum request time
query	string search query
limit	integer maximum number of activity records to return
class	string filter response to given activity class
outcome	string filter by outcome type. One of (all, allowed, denied, error)
order	string ASC, DESC (default)
default_timezone	string client time zone offset e.g. -07:00, +3:00, Z. Local time expressions in query are adjusted with this offset
compact	boolean return only essential decision fields

Responses

Response samples

200
400

Content type

application/json

{"cursor": "string",
"request_id": "string",
"results": [{"decision": {"input": {"body": { },
"method": "string",
"path": "string",
"user": "string",
"user_claims": { }
},
"output": {"allow": true,
"status": {"reason": "string"
}
}
},
"duration": 0,
"request": {"class": "string",
"errors": {"evaluation": "string"
},
"host": "string",
"id": "string",
"method": "string",
"path": "string",
"request_body": "string",
"requested_by": "string",
"requested_through": "string",
"timestamp": "2019-08-24T14:15:22Z"
},
"response": {"errors": {"processing": "string"
},
"status_code": 0,
"timestamp": "2019-08-24T14:15:22Z"
}
}
]
}

Retrieve activity record for given request UD

path Parameters

id

required

string.*

request ID

Responses

Response samples

200
400

Content type

application/json

{"request_id": "string",
"results": {"decision": {"input": {"body": { },
"method": "string",
"path": "string",
"user": "string",
"user_claims": { }
},
"output": {"allow": true,
"status": {"reason": "string"
}
}
},
"duration": 0,
"request": {"class": "string",
"errors": {"evaluation": "string"
},
"host": "string",
"id": "string",
"method": "string",
"path": "string",
"request_body": "string",
"requested_by": "string",
"requested_through": "string",
"timestamp": "2019-08-24T14:15:22Z"
},
"response": {"errors": {"processing": "string"
},
"status_code": 0,
"timestamp": "2019-08-24T14:15:22Z"
}
}
}

agents

Agent statuses API

Get current agent statuses

path Parameters

kind

required

string

agent kind such as "agents", "datasources", "slps", "exporters"

query Parameters

system	string return only statuses for one or more system ID
id	string return only statuses for one or more agent ID
excludes	string filters keys from agent statuses (separate keys by comma, nest keys using dot notation (e.g. parentKey.nestedKey,parentKey2). lists unsupported

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"property1": { },
"property2": { }
}
}

Post agent status

path Parameters

kind

required

string

agent kind such as "agents", "datasources", "slps", "exporters"

Request Body schema: application/json

object (status.v1.AgentStatus)

Responses

Request samples

Payload

Content type

application/json

{ }

Response samples

200

Content type

application/json

{"request_id": "string"
}

Delete agent information

path Parameters

kind required	string agent kind such as "agents", "datasources", "slps", "exporters"
id required	string.* agent id

Responses

Response samples

200

Content type

application/json

{"request_id": "string"
}

Update agent status

path Parameters

kind required	string agent kind such as "agents", "datasources", "slps", "exporters"
id required	string.* agent id

Request Body schema: application/json

object (status.v1.AgentStatus)

Responses

Request samples

Payload

Content type

application/json

{ }

Response samples

200

Content type

application/json

{"request_id": "string"
}

authz

Authz management

Evaluate a list of permissions

Request Body schema: application/json

Array

action required	string
body required	object
check_option required	string
operation required	string
path required	string

Responses

Request samples

Payload

Content type

application/json

[{"action": "string",
"body": { },
"check_option": "string",
"operation": "string",
"path": "string"
}
]

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"allowed": true,
"body": { },
"check_option": "string",
"eval_error": true,
"operation": "string",
"path": "string"
}
]
}

List all role bindings for all resources of all resource types

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"property1": {"property1": [{"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"role_name": "string",
"subjects": ["string"
]
}
],
"property2": [{"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"role_name": "string",
"subjects": ["string"
]
}
]
},
"property2": {"property1": [{"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"role_name": "string",
"subjects": ["string"
]
}
],
"property2": [{"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"role_name": "string",
"subjects": ["string"
]
}
]
}
}
}

List role bindings

path Parameters

resourcetype required	string.* resource type
resource required	string.* resource id

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"role_name": "string",
"subjects": ["string"
]
}
]
}

Delete a resource role binding

path Parameters

resourcetype required	string.* resource type
resource required	string.* resource id
rolebinding required	string.* role binding id

query Parameters

recursive

string

if set to 'false', only deletes the role binding configuration and does not delete associated objects

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

Get a role binding

path Parameters

resourcetype required	string.* resource type
resource required	string.* resource id
rolebinding required	string.* role binding id

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": {"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"role_name": "string",
"subjects": ["string"
]
}
}

Update a role binding

path Parameters

resourcetype required	string.* resource type
resource required	string.* resource id
rolebinding required	string.* role binding id

Request Body schema: application/json

description required	string
id required	string
role_name required	string
subjects required	Array of strings

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"id": "string",
"role_name": "string",
"subjects": ["string"
]
}

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

List Styra-defined roles

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"name": "string"
}
]
}

List role bindings

query Parameters

resource_kind	string if set returns only rolebindings involving the specified resource kind (if supplied multiple times will return rolebindings that match any of the specified resource kinds)
resource_id	string if set returns only rolebindings involving the specified resource id (if supplied multiple times will return rolebindings that match any of the specified resource ids)
role_id	string if set returns only rolebindings involving the specified role id (if supplied multiple times will return rolebindings that match any of the specified role ids)
subject_kind	string if set returns only rolebindings involving the specified subject kind (if supplied multiple times will return rolebindings that match any of the specified subject kinds)
subject_id	string if set returns only rolebindings involving the specified subject id (if supplied multiple times will return rolebindings that match any of the specified subject ids)
internal	boolean if set to 'true', returns only internal rolebindings

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"rolebindings": [{"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"resource_filter": {"id": "string",
"kind": "string"
},
"role_id": "string",
"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}
]
}

Create or update rolebinding

header Parameters

If-None-Match

string

if set to '*', will not update existing rolebinding

Request Body schema: application/json

id	string if present, implies updating existing rolebinding in its entirety, otherwise create new
required	object (authz.v2.ResourceFilter)
role_id required	string role ID e.g., SystemOwner
required	Array of objects (authz.v2.Subject) list of subjects

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"resource_filter": {"id": "string",
"kind": "string"
},
"role_id": "string",
"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}

Response samples

200
400
404
409

Content type

application/json

{"request_id": "string",
"rolebinding": {"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"resource_filter": {"id": "string",
"kind": "string"
},
"role_id": "string",
"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}
}

Delete rolebinding

path Parameters

id

required

string.*

rolebinding ID

header Parameters

If-Match

string

if set to '*', will return success if not found

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

Get rolebinding

path Parameters

id

required

string.*

rolebinding ID

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"rolebinding": {"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"resource_filter": {"id": "string",
"kind": "string"
},
"role_id": "string",
"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}
}

Delete rolebinding subjects

path Parameters

id

required

string.*

rolebinding ID

Request Body schema: application/json

required

Array of objects (authz.v2.Subject)

Array

	object (authz.v2.ClaimConfig)
id	string subject ID (not needed for claim subjects)
kind required	string subject type e.g., user

Responses

Request samples

Payload

Content type

application/json

{"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}

Response samples

200
400
404

Content type

application/json

{"request_id": "string",
"rolebinding": {"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"resource_filter": {"id": "string",
"kind": "string"
},
"role_id": "string",
"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}
}

Update rolebinding subjects

path Parameters

id

required

string.*

rolebinding ID

Request Body schema: application/json

required

Array of objects (authz.v2.Subject)

Array

	object (authz.v2.ClaimConfig)
id	string subject ID (not needed for claim subjects)
kind required	string subject type e.g., user

Responses

Request samples

Payload

Content type

application/json

{"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}

Response samples

200
400
404

Content type

application/json

{"request_id": "string",
"rolebinding": {"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"resource_filter": {"id": "string",
"kind": "string"
},
"role_id": "string",
"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}
}

Merge rolebinding subjects

path Parameters

id

required

string.*

rolebinding ID

Request Body schema: application/json

required

Array of objects (authz.v2.Subject)

Array

	object (authz.v2.ClaimConfig)
id	string subject ID (not needed for claim subjects)
kind required	string subject type e.g., user

Responses

Request samples

Payload

Content type

application/json

{"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}

Response samples

200
400
404

Content type

application/json

{"request_id": "string",
"rolebinding": {"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"resource_filter": {"id": "string",
"kind": "string"
},
"role_id": "string",
"subjects": [{"claim_config": {"identity_provider": "string",
"key": "string",
"value": "string"
},
"id": "string",
"kind": "string"
}
]
}
}

List roles

query Parameters

resource_kind

string

if set returns only roles applicable to specific resource kind

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"roles": [{"description": "string",
"id": "string",
"inherit_roles": [{"action": "string",
"resource_kind": "string",
"role": "string"
}
],
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"resource_kind": "string"
}
]
}

blueprints

An api for executing terraform plans.

List available blueprints.

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": ["string"
]
}

Execute a blueprint.

path Parameters

name

required

string.*

The blueprint name.

Request Body schema: /

any (blueprints.v1.BlueprintPostRequest)

Responses

Response samples

200
400

Content type

application/json

{"request_id": "string",
"result": {"blueprint": "string",
"resources": [{"id": "string",
"type": "string"
}
]
}
}

bundles

Policy Bundles

Get a policy bundle

query Parameters

policy	string policy name
eval_path	string path to partial evaluation
kind	string Default: "Plain" Enum: "Plain" "BJson" Kind of a bundle

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

200

Content type

application/gzip

No sample

Get a policy bundle

path Parameters

policy

required

string.*

policy name

query Parameters

eval_path	string path to partial evaluation
kind	string Default: "Plain" Enum: "Plain" "BJson" Kind of a bundle

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

200
404

Content type

application/gzip

No sample

data

Data read/write

List data

Data (whether the result of evaluating policy or the data gathered by datasources) is arranged into a tree. List the locations within the tree that data exists.

query Parameters

rego	string Rego query to be executed for the documents
jsonpath	string Json Path expression to extract portions of documents
sandbox	boolean Only used explicitly provided policies and data. Do not load anything from DAS
strict	boolean Enable strict Rego compilation mode
data	string Initial data object in JSON format
download	boolean Default: false Download data as data.json file
limit	string Returns '413 Payload Too Large' response if the body size is greater than given limit. The units KB, MB and etc can be used. Example: 10 MB; 28 kilobytes; 2000

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

200
404
413

Content type

application/json

{"mocks": {"http.send": {"mocked": [{"method": "string",
"url": "string"
}
],
"unmocked": [{"method": "string",
"url": "string"
}
]
}
},
"request_id": "string",
"result": null
}

Check size of data

query Parameters

rego	string Rego query to be executed for the documents
jsonpath	string Json Path expression to extract portions of documents

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

404

Content type

application/json

{"code": "string",
"errors": ["string"
],
"message": "string",
"request_id": "string"
}

Show all data

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Request Body schema:
application/json

data	object Initial data object
input	object
jsonpath	string Json Path expression to extract portions of documents
	object (systems.v1.BuiltinMocks)
	object Cache containing results of non-deterministic built-in functions
query_package	string The package name to be used with query in case of multiple rego modules
rego	string Rego query to be executed for the documents
	object List of rego modules to be loaded and executed for the documents
sandbox	boolean Only used explicitly provided policies and data. Do not load anything from DAS
strict	boolean Enable strict Rego compilation mode

Responses

Request samples

Payload

Content type

application/json

{"data": { },
"input": { },
"jsonpath": "string",
"mocks": {"http.send": {"data": [{"method": "string",
"result": { },
"url": "string"
}
]
},
"opa.runtime": {"result": { }
}
},
"nd_builtin_cache": {"property1": { },
"property2": { }
},
"query_package": "string",
"rego": "string",
"rego_modules": {"property1": "string",
"property2": "string"
},
"sandbox": true,
"strict": true
}

Response samples

200
404

Content type

application/json

{"mocks": {"http.send": {"mocked": [{"method": "string",
"url": "string"
}
],
"unmocked": [{"method": "string",
"url": "string"
}
]
}
},
"request_id": "string",
"result": null
}

Get data

Show data at the given name. The name must be an extension of one of the locations of data as returned by GET v1/data

path Parameters

name

required

string.*

Data name

query Parameters

rego	string Rego query to be executed for the documents
jsonpath	string JSONPath expression to extract portions of documents
sandbox	boolean Only used explicitly provided policies and data. Do not load anything from DAS
strict	boolean Enable strict Rego compilation mode
data	string Initial data object in JSON format
download	boolean Default: false Download data as .json file
limit	string Returns '413 Payload Too Large' response if the body size is greater than given limit. The units KB, MB and etc can be used. Example: 10 MB; 28 kilobytes; 2000

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

200
404
413

Content type

application/json

{"mocks": {"http.send": {"mocked": [{"method": "string",
"url": "string"
}
],
"unmocked": [{"method": "string",
"url": "string"
}
]
}
},
"request_id": "string",
"result": null
}

Check the size of the data

path Parameters

name

required

string.*

data name

query Parameters

rego	string Rego query to be executed for the documents
jsonpath	string Json Path expression to extract portions of documents

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Responses

Response samples

404

Content type

application/json

{"code": "string",
"errors": ["string"
],
"message": "string",
"request_id": "string"
}

Patch data

Modify the data of the push datasource registered at <path> by applying a JSON patch to the JSON document. The content type for the patch is application/json-patch+json. The operation returns the modified data.

path Parameters

name

required

string.*

data name

header Parameters

If-Match

string

etag

Request Body schema:
application/json-patch+json

object (meta.v1.RequestObject)

Responses

Request samples

Payload

Content type

application/json-patch+json

{ }

Response samples

200
404
413

Content type

application/json

{"request_id": "string",
"result": null
}

Show data

Show data at the given name. The name must be an extension of one of the locations of data as returned by GET v1/data.

path Parameters

name

required

string.*

data name

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Request Body schema:
application/json

data	object Initial data object
input	object
jsonpath	string Json Path expression to extract portions of documents
	object (systems.v1.BuiltinMocks)
	object Cache containing results of non-deterministic built-in functions
query_package	string The package name to be used with query in case of multiple rego modules
rego	string Rego query to be executed for the documents
	object List of rego modules to be loaded and executed for the documents
sandbox	boolean Only used explicitly provided policies and data. Do not load anything from DAS
strict	boolean Enable strict Rego compilation mode

Responses

Request samples

Payload

Content type

application/json

{"data": { },
"input": { },
"jsonpath": "string",
"mocks": {"http.send": {"data": [{"method": "string",
"result": { },
"url": "string"
}
]
},
"opa.runtime": {"result": { }
}
},
"nd_builtin_cache": {"property1": { },
"property2": { }
},
"query_package": "string",
"rego": "string",
"rego_modules": {"property1": "string",
"property2": "string"
},
"sandbox": true,
"strict": true
}

Response samples

200
404

Content type

application/json

{"mocks": {"http.send": {"mocked": [{"method": "string",
"url": "string"
}
],
"unmocked": [{"method": "string",
"url": "string"
}
]
}
},
"request_id": "string",
"result": null
}

Publish data

Set the data for the datasource registered at <name> to an arbitrary JSON document. This data can be read by doing GET v1/data/<path>

path Parameters

name

required

string.*

data name

header Parameters

If-Match

string

etag

Request Body schema:
application/json

object (meta.v1.RequestObject)

Responses

Request samples

Payload

Content type

application/json

{ }

Response samples

200
404
413

Content type

application/json

{"request_id": "string"
}

datasources

Data Sources Management

List data sources

query Parameters

system

string

Filter data source by system ID

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{ }
]
}

Delete a data source

path Parameters

datasource

required

string.*

Data source ID

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

Get a data source

path Parameters

datasource

required

string.*

Data source ID

query Parameters

execute

boolean

Execute data source

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": { }
}

Execute or Preview a data source

path Parameters

datasource

required

string.*

Data source ID

query Parameters

execute	boolean Execute data source
preview	boolean Preview data source
download	boolean Default: false This is part of preview workflow. Download preview data as data.json file.
limit	string This is part of preview workflow. Returns '413 Payload Too Large' response if the body size is greater than given limit. The units KB, MB and etc can be used. Example: 10 MB; 28 kilobytes; 2000

Request Body schema: /

One of

category required	string Must be `aws/ecr` A Data Source that retrieves the data about AWS IAM deployments.
description	string
enabled	boolean Default: true
on_premises	boolean Default: false
rate_limit	number Default: 3 requests per second
polling_interval	string Default: "30s"
policy_filter	string Policy Filter (if set, then policy_query must be set as well)
policy_query	string Policy Query (if set, then policy_filter must be set as well)
credentials required	string Secret ID with AWS credentials
region required	string AWS region
RegistryId	string Registry ID

Responses

Request samples

Payload

Content type

*/*

Example

aws/ecr

{
  "category": "aws/ecr",
  "credentials": "aws_creds",
  "on_premises": false,
  "region": "us-east-1"
}

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": null
}

Upsert a data source

path Parameters

datasource

required

string.*

Data source ID

header Parameters

If-None-Match

string

The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation.

Request Body schema: /

One of

category required	string Must be `aws/ecr` A Data Source that retrieves the data about AWS IAM deployments.
description	string
enabled	boolean Default: true
on_premises	boolean Default: false
rate_limit	number Default: 3 requests per second
polling_interval	string Default: "30s"
policy_filter	string Policy Filter (if set, then policy_query must be set as well)
policy_query	string Policy Query (if set, then policy_filter must be set as well)
credentials required	string Secret ID with AWS credentials
region required	string AWS region
RegistryId	string Registry ID

Responses

Request samples

Payload

Content type

*/*

Example

aws/ecr

{
  "category": "aws/ecr",
  "credentials": "aws_creds",
  "on_premises": false,
  "region": "us-east-1"
}

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"category": "aws/ecr",
"credentials": "aws_creds",
"on_premises": false,
"region": "us-east-1",
"executed": "2019-08-24T14:15:22Z",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"resources": [{ }
],
"status": { }
}
}

decisions

analysis

Search decision logs

query Parameters

input_max_size	string input_max_size will remove specifed subfield from response if it exceeds the size specified
result_max_size	string result_max_size will remove specifed subfield from response if it exceeds the size specified
cursor	string continue from cursor position of previous query
start_time	string <date-time> minimum decision time
end_time	string <date-time> maximum decision time
search	string search query
system	string system ID
stack	string stack ID
limit	integer Default: 100 maximum number of decisions to return
result_kind	string Default: "ALL" comma-separated list of ALL, UNKNOWN, ADVICE, ALLOWED, DENIED, ERROR
order	string Default: "DESC" ASC, DESC
default_timezone	string client time zone offset e.g. -07:00, +3:00, Z. Local time expressions in query are adjusted with this offset
compact	boolean return only essential decision fields

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"cursor": "string",
"items": [{"Decision": "string",
"processed": "2019-08-24T14:15:22Z"
}
]
}
}

Search decision logs

query Parameters

input_max_size	string input_max_size will remove specifed subfield from response if it exceeds the size specified
result_max_size	string result_max_size will remove specifed subfield from response if it exceeds the size specified

Request Body schema: application/json

compact	boolean Default: false return only essential decision fields
cursor	string continue from cursor position of previous query
default_timezone	string client time zone offset. Local time expressions in query are adjusted with this offset
end_time	string <date-time> maximum decision time
limit	integer <int64> Default: 100 maximum number of decisions to return
order	string Default: "DESC" ASC, DESC
result_kind	string Default: "ALL" comma-separated list of ALL, UNKNOWN, ADVICE, ALLOWED, DENIED, ERROR
search	string search query
stack	string stack ID
start_time	string <date-time> minimum decision time
system	string system ID

Responses

Request samples

Payload

Content type

application/json

{"compact": false,
"cursor": "string",
"default_timezone": "string",
"end_time": "2019-08-24T14:15:22Z",
"limit": 100,
"order": "DESC",
"result_kind": "ALL",
"search": "string",
"stack": "string",
"start_time": "2019-08-24T14:15:22Z",
"system": "string"
}

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"cursor": "string",
"items": [{"Decision": "string",
"processed": "2019-08-24T14:15:22Z"
}
]
}
}

Get a single decision

path Parameters

cursor

required

string

decision cursor value

query Parameters

input_max_size	string input_max_size will remove specifed subfield from response if it exceeds the size specified
result_max_size	string result_max_size will remove specifed subfield from response if it exceeds the size specified

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"Decision": "string",
"processed": "2019-08-24T14:15:22Z"
}
}

identity-providers

Identity Providers management

List providers

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"allow_idp_initiated": true,
"allowed_domains": ["string"
],
"auth_url": "string",
"client_id": "string",
"client_secret": "string",
"email_attribute": "string",
"enabled": true,
"id": "string",
"issuer_url": "string",
"jit": true,
"key_certificate": "string",
"metadata": "string",
"override_discovery_issuer_url": "string",
"proxy_url": "string",
"response_mode": "string",
"scopes": ["string"
],
"skip_token_issuer_check": true,
"token_url": "string",
"type": "string",
"unique_claim": "string",
"user_info_url": "string"
}
]
}

Create provider

Request Body schema: application/json

allow_idp_initiated required	boolean
allowed_domains required	Array of strings allow users from domains
auth_url required	string
client_id required	string
client_secret required	string
email_attribute required	string
enabled required	boolean whether it can be used as a provider or not
id required	string
issuer_url required	string
jit required	boolean True, if users are provisioned on-demand
key_certificate required	string
metadata required	string
override_discovery_issuer_url	string
proxy_url required	string
response_mode required	string
scopes required	Array of strings
skip_token_issuer_check	boolean
token_url required	string
type required	string OIDC (default) or SAML
unique_claim required	string claim to be used as the unique id for users
user_info_url required	string

Responses

Request samples

Payload

Content type

application/json

{"allow_idp_initiated": true,
"allowed_domains": ["string"
],
"auth_url": "string",
"client_id": "string",
"client_secret": "string",
"email_attribute": "string",
"enabled": true,
"id": "string",
"issuer_url": "string",
"jit": true,
"key_certificate": "string",
"metadata": "string",
"override_discovery_issuer_url": "string",
"proxy_url": "string",
"response_mode": "string",
"scopes": ["string"
],
"skip_token_issuer_check": true,
"token_url": "string",
"type": "string",
"unique_claim": "string",
"user_info_url": "string"
}

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

Delete provider

path Parameters

providerId

required

string.+

provider ID

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

Get provider

path Parameters

providerId

required

string.+

provider ID

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": {"allow_idp_initiated": true,
"allowed_domains": ["string"
],
"auth_url": "string",
"client_id": "string",
"client_secret": "string",
"email_attribute": "string",
"enabled": true,
"id": "string",
"issuer_url": "string",
"jit": true,
"key_certificate": "string",
"metadata": "string",
"override_discovery_issuer_url": "string",
"proxy_url": "string",
"response_mode": "string",
"scopes": ["string"
],
"skip_token_issuer_check": true,
"token_url": "string",
"type": "string",
"unique_claim": "string",
"user_info_url": "string"
}
}

Create or update provider

path Parameters

providerId

required

string.+

provider ID

header Parameters

If-None-Match

string

if set to '*' then creates a new provider with type-specific related objects

Request Body schema: application/json

allow_idp_initiated required	boolean
allowed_domains required	Array of strings allow users from domains
auth_url required	string
client_id required	string
client_secret required	string
email_attribute required	string
enabled required	boolean whether it can be used as a provider or not
id required	string
issuer_url required	string
jit required	boolean True, if users are provisioned on-demand
key_certificate required	string
metadata required	string
override_discovery_issuer_url	string
proxy_url required	string
response_mode required	string
scopes required	Array of strings
skip_token_issuer_check	boolean
token_url required	string
type required	string OIDC (default) or SAML
unique_claim required	string claim to be used as the unique id for users
user_info_url required	string

Responses

Request samples

Payload

Content type

application/json

{"allow_idp_initiated": true,
"allowed_domains": ["string"
],
"auth_url": "string",
"client_id": "string",
"client_secret": "string",
"email_attribute": "string",
"enabled": true,
"id": "string",
"issuer_url": "string",
"jit": true,
"key_certificate": "string",
"metadata": "string",
"override_discovery_issuer_url": "string",
"proxy_url": "string",
"response_mode": "string",
"scopes": ["string"
],
"skip_token_issuer_check": true,
"token_url": "string",
"type": "string",
"unique_claim": "string",
"user_info_url": "string"
}

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

invitations

User invitations

List invitations

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"expiration": "2019-08-24T14:15:22Z",
"id": "string"
}
]
}

Invite user

query Parameters

email

boolean

set to false to avoid sending an email

Request Body schema: application/json

roles required	Array of strings list of roles for the invited user
user_id required	string user ID to create invitation for

Responses

Request samples

Payload

Content type

application/json

{"roles": ["string"
],
"user_id": "string"
}

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"url": "string"
}
}

Revoke invitation

path Parameters

id

required

string.+

user ID

Responses

Response samples

200

Content type

application/json

{"request_id": "string"
}

Get invitation

path Parameters

id

required

string.+

user ID

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": {"expiration": "2019-08-24T14:15:22Z",
"id": "string"
}
}

Accept invitation

path Parameters

token

required

string.+

token from the invitation URL

Request Body schema: application/json

password required	string new user password
user_id required	string new user ID

Responses

Request samples

Payload

Content type

application/json

{"password": "string",
"user_id": "string"
}

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

libraries

API to create and manage libraries

List all libraries

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"read_only": true,
"source_control": {"library_origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"use_workspace_settings": true
}
}
]
}

Verify git access

Verifies that the repository can be accessed with the provided credentials

Request Body schema: application/json

commit required	string Commit SHA. Only one of reference or commit can be set at any time
credentials required	string Credentials are looked under the key /
id required	string id of the entity so that the config can be checked for duplicates
path required	string Path to limit the import to
reference required	string Remote reference. Only one of reference or commit can be set at any time
	object (git.v1.SSHCredentials)
url required	string Repository URL

Responses

Request samples

Payload

Content type

application/json

{"commit": "string",
"credentials": "string",
"id": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
}

Response samples

200
400

Content type

application/json

{"request_id": "string",
"result": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"sha": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
}
}

Delete a library

path Parameters

id

required

string.*

id

Responses

Get a library

path Parameters

id

required

string.*

id

Responses

Response samples

200

Content type

application/json

{"result": {"datasources": [{"category": "string",
"id": "string",
"optional": true,
"status": {"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
}
],
"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"policies": [{"created": "string",
"enforcement": {"enforced": true,
"type": "string"
},
"id": "string",
"modules": [{"name": "string",
"placeholder": false,
"read_only": true,
"rules": {"allow": 0,
"deny": 0,
"enforce": 0,
"ignore": 0,
"monitor": 0,
"notify": 0,
"other": 0,
"test": 0,
"total": 0
}
}
],
"rules": {"allow": 0,
"deny": 0,
"enforce": 0,
"ignore": 0,
"monitor": 0,
"notify": 0,
"other": 0,
"test": 0,
"total": 0
},
"type": "string"
}
],
"read_only": true,
"source_control": {"library_origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"use_workspace_settings": true
}
}
}

Upsert a new library

path Parameters

id

required

string.*

id

Request Body schema: application/json

description required	string
read_only required	boolean
	object (libraries.v1.SourceControlConfig)

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"read_only": true,
"source_control": {"library_origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"use_workspace_settings": true
}
}

Response samples

200

Content type

application/json

{"result": {"datasources": [{"category": "string",
"id": "string",
"optional": true,
"status": {"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
}
],
"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"policies": [{"created": "string",
"enforcement": {"enforced": true,
"type": "string"
},
"id": "string",
"modules": [{"name": "string",
"placeholder": false,
"read_only": true,
"rules": {"allow": 0,
"deny": 0,
"enforce": 0,
"ignore": 0,
"monitor": 0,
"notify": 0,
"other": 0,
"test": 0,
"total": 0
}
}
],
"rules": {"allow": 0,
"deny": 0,
"enforce": 0,
"ignore": 0,
"monitor": 0,
"notify": 0,
"other": 0,
"test": 0,
"total": 0
},
"type": "string"
}
],
"read_only": true,
"source_control": {"library_origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"use_workspace_settings": true
}
}
}

Delete a user-owned branch

path Parameters

id

required

string.*

library id

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

List files in Styra DAS-created branch.

Gets the list of files for the branch that the Styra DAS creates when modifying rego in the Styra DAS UI and pushing the changes to GitHub in a branch for review.

path Parameters

id

required

string.*

library id

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": {"deleted_files": ["string"
],
"files": {"property1": "string",
"property2": "string"
}
}
}

Commit files to library source control

Commit files to source control associated with a library

path Parameters

id

required

string.*

library id

Request Body schema: application/json

author required	string
email required	string
required	object Map of filenames to file contents
files_to_delete required	Array of strings List of filenames to delete from the repo
message required	string

Responses

Request samples

Payload

Content type

application/json

{"author": "string",
"email": "string",
"files": {"property1": "string",
"property2": "string"
},
"files_to_delete": ["string"
],
"message": "string"
}

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": {"author": "string",
"branch": "string",
"email": "string",
"files": {"property1": "string",
"property2": "string"
},
"files_to_delete": ["string"
],
"message": "string"
}
}

List files in current branch.

Gets the list of files in the currently chosen branch.

path Parameters

id

required

string.*

library id

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": {"deleted_files": ["string"
],
"files": {"property1": "string",
"property2": "string"
}
}
}

logreplay

log-replay is a service that re-evaluates past decision logs in order to estimate what would change if one of the policies would be different. log-replay is used as an analysis tool to analyze the impact of a policy change.

Run log-replay

Request Body schema: application/json

compare_full_results	boolean Default: false do not compare decisions by system-type-dependent significant fields
data_patches	Array of objects (json.JsonPatchSpec) list of JSON Patches to apply to the data namespace
decision_patches	Array of objects (json.JsonPatchSpec) list of JSON Patches to apply to the decisions before they evaluated
deterministic_policies	boolean Default: true signals that decisions having the same inputs, data and revision always evaluate to the same result and therefore can be cached
duration	string maximum replay duration (e.g. "20s")
max_samples	integer <int32> maximum number of samples to return
	object (systems.v1.BuiltinMocks)
	object modified rego policies (path => rego content)
	Array of objects (logreplay.v1.ReplayScope) list of scopes to narrow the decision search
skip_batches	Array of strings list of batch IDs to skip

Responses

Request samples

Payload

Content type

application/json

{"compare_full_results": false,
"data_patches": [{ }
],
"decision_patches": [{ }
],
"deterministic_policies": true,
"duration": "string",
"max_samples": 0,
"mocks": {"http.send": {"data": [{"method": "string",
"result": { },
"url": "string"
}
]
},
"opa.runtime": {"result": { }
}
},
"policies": {"property1": "string",
"property2": "string"
},
"scope": [{"max_age": "string",
"max_revisions": 1,
"min_age": "string",
"path": "string"
}
],
"skip_batches": ["string"
]
}

Response samples

200

Content type

application/json

{"analyzed_batches": ["string"
],
"duration": 0,
"samples": [{"bundles": {"property1": {"revision": "string"
},
"property2": {"revision": "string"
}
},
"decision_id": "string",
"erased": ["string"
],
"error": "string",
"input": null,
"labels": {"property1": "string",
"property2": "string"
},
"metrics": { },
"nd_builtin_cache": { },
"new_result": null,
"path": "string",
"query": "string",
"requested_by": "string",
"result": null,
"revision": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"started": "2019-08-24T14:15:22Z",
"stats": {"analysis_errors": 0,
"batches_analyzed": 0,
"batches_download_errors": 0,
"batches_downloaded": 0,
"batches_from_cache": 0,
"batches_observed": 0,
"batches_scheduled": 0,
"batches_skipped": 0,
"entries_evaluated": 0,
"entries_failed": 0,
"entries_observed": 0,
"entries_scheduled": 0,
"results_changed": 0
}
}

logreplay-v2

LogReplay Service v2

Run log-replay

Request Body schema: application/json

	object system ID -> bundle filter mapping specifying which bundles to consider for each system. Use empty string or '*' to provide default filter
compare_full_results	boolean Default: false do not compare decisions by system-type-dependent significant fields
decision_patches	Array of objects (json.JsonPatchSpec) list of JSON Patches to apply to the decisions before they evaluated
	object modifications to make to policies or data
duration	string maximum replay duration (e.g. "20s")
max_samples	integer <int32> maximum number of samples to return
	object (systems.v1.BuiltinMocks)
path_filters	Array of strings list of path filters. Each entry is either a path prefix that the decision path must begin with or the decision path must be prefix of the entry
skip_batches	Array of strings list of batch IDs to skip

Responses

Request samples

Payload

Content type

application/json

{"bundle_filters": {"property1": {"active_from": 0,
"active_to": 0,
"bundle_id": "string",
"created_from": "2019-08-24T14:15:22Z",
"created_to": "2019-08-24T14:15:22Z",
"last_deployed_from": "2019-08-24T14:15:22Z",
"last_deployed_to": "2019-08-24T14:15:22Z",
"reverse_versioning": true,
"version_from": 0,
"version_to": 0
},
"property2": {"active_from": 0,
"active_to": 0,
"bundle_id": "string",
"created_from": "2019-08-24T14:15:22Z",
"created_to": "2019-08-24T14:15:22Z",
"last_deployed_from": "2019-08-24T14:15:22Z",
"last_deployed_to": "2019-08-24T14:15:22Z",
"reverse_versioning": true,
"version_from": 0,
"version_to": 0
}
},
"compare_full_results": false,
"decision_patches": [{ }
],
"drafts": {"property1": {"contents": null,
"datasources": true,
"patches": [{ }
],
"policy": {"context": "string",
"overlays": ["string"
]
}
},
"property2": {"contents": null,
"datasources": true,
"patches": [{ }
],
"policy": {"context": "string",
"overlays": ["string"
]
}
}
},
"duration": "string",
"max_samples": 0,
"mocks": {"http.send": {"data": [{"method": "string",
"result": { },
"url": "string"
}
]
},
"opa.runtime": {"result": { }
}
},
"path_filters": ["string"
],
"skip_batches": ["string"
]
}

Response samples

200

Content type

application/json

{"mocks": {"http.send": {"mocked": [{"method": "string",
"url": "string"
}
],
"unmocked": [{"method": "string",
"url": "string"
}
]
}
},
"request_id": "string",
"result": {"analyzed_batches": ["string"
],
"duration": 0,
"samples": [{"bundles": {"property1": {"revision": "string"
},
"property2": {"revision": "string"
}
},
"decision_id": "string",
"erased": ["string"
],
"error": "string",
"input": null,
"labels": {"property1": "string",
"property2": "string"
},
"metrics": { },
"nd_builtin_cache": { },
"new_result": null,
"path": "string",
"query": "string",
"requested_by": "string",
"result": null,
"revision": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"started": "2019-08-24T14:15:22Z",
"stats": {"analysis_errors": 0,
"batches_analyzed": 0,
"batches_download_errors": 0,
"batches_downloaded": 0,
"batches_from_cache": 0,
"batches_observed": 0,
"batches_scheduled": 0,
"batches_skipped": 0,
"entries_evaluated": 0,
"entries_failed": 0,
"entries_observed": 0,
"entries_scheduled": 0,
"results_changed": 0
}
}
}

logs

OPA decision logs API

Post decision logs

Request Body schema: application/json

Array

object (meta.v1.RequestObject)

Responses

Request samples

Payload

Content type

application/json

[{ }
]

Response samples

200

Content type

application/json

{"request_id": "string"
}

Post decision logs with partition

path Parameters

partition

required

string.*

partition name. Currently not used

Request Body schema: application/json

Array

object (meta.v1.RequestObject)

Responses

Request samples

Payload

Content type

application/json

[{ }
]

Response samples

200

Content type

application/json

{"request_id": "string"
}

mock/opa

The api for mock opas.

List mock opas.

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"expires": "2019-08-24T14:15:22Z",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"system_id": "string"
}
]
}

Create a mock opa.

Request Body schema: application/json

duration required	string
system_id required	string

Responses

Request samples

Payload

Content type

application/json

{"duration": "string",
"system_id": "string"
}

Response samples

200
400

Content type

application/json

{"request_id": "string",
"result": {"expires": "2019-08-24T14:15:22Z",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"system_id": "string"
}
}

Get info about the service.

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"supported_system_types": ["string"
]
}
}

Delete a mock opa.

path Parameters

id

required

string.*

The mock opa id.

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

Get a mock opa.

path Parameters

id

required

string.*

The mock opa id.

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": {"expires": "2019-08-24T14:15:22Z",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"system_id": "string"
}
}

notifications

Notification Integration

Handle callbacks from notification applications.

path Parameters

type

required

string.*

notification type

query Parameters

code	string authorization code from notification tool
state	string unique identification code

Responses

Response samples

307

Content type

application/json

{"request_id": "string",
"response_url": "string"
}

Start installing the notification tool.

path Parameters

type

required

string.*

notification type

query Parameters

redirect_url

string

the landing page when OAuth is successfully done.

Responses

Response samples

200

Content type

application/json

{"request_id": "string"
}

Uninstall a notification tool.

path Parameters

type

required

string.*

notification type

Responses

Response samples

200

Content type

application/json

{"request_id": "string"
}

Get the status of a notification tool.

path Parameters

type

required

string.*

notification type

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"installed": true,
"type": "string"
}
}

Insert an access token for the notification tool.

path Parameters

type

required

string.*

notification type

Request Body schema: application/json

token

required

string

Responses

Request samples

Payload

Content type

application/json

{"token": "string"
}

Response samples

200

Content type

application/json

{"request_id": "string"
}

openapi

OpenAPI Specification

Returns a deprecated version

path Parameters

spec required	stringv.* OpenAPI Spec version
version required	string.* API version

Responses

Swagger v2 Specification

Responses

OpenAPI v3 Specification

Responses

passwords

Passwords strength and forgotten password request email and reset

Request password reset email

Request Body schema: application/json

password required	string
user_id required	string

Responses

Request samples

Payload

Content type

application/json

{"password": "string",
"user_id": "string"
}

Response samples

200

Content type

application/json

{"url": "string"
}

Reset password

path Parameters

token

required

string.+

Token ID

Request Body schema: application/json

password required	string
user_id required	string

Responses

Request samples

Payload

Content type

application/json

{"password": "string",
"user_id": "string"
}

Response samples

200

Content type

application/json

{"url": "string"
}

Analyze password strength

Request Body schema: application/json

password

required

string

Responses

Request samples

Payload

Content type

application/json

{"password": "string"
}

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"cracktime": 0,
"cracktime_display": "string",
"feedback": {"suggestions": ["string"
],
"warning": "string"
},
"max": 0,
"min": 0,
"pass": 0,
"score": 0
}
}

policies

Policy management

List policies

query Parameters

metadata	string return rego metadata of specified type or all if no type provided
modules	boolean return rego metadata for each module separately
drafts	boolean return rego metadata for draft policies (when metadata flag is used)

Responses

Response samples

200

Content type

application/json

{"metadata": [{"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
}
],
"request_id": "string",
"result": null
}

Bulk upload policies

Request Body schema: application/gzip

Policy bundle

string <binary>

Responses

Response samples

200

Content type

application/json

{"request_id": "string"
}

List playground policies

query Parameters

metadata	string return rego metadata of specified type or all if no type provided
drafts	boolean return rego metadata for draft policies (when metadata flag is used)

Responses

Response samples

200

Content type

application/json

{"metadata": [{"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
}
],
"request_id": "string",
"result": null
}

Bulk upload playground policies

Request Body schema: application/gzip

Policy bundle

string <binary>

Responses

Response samples

200

Content type

application/json

{"request_id": "string"
}

List system policies

path Parameters

system

required

string

system id

query Parameters

metadata	string return rego metadata of specified type or all if no type provided
drafts	boolean return rego metadata for draft policies (when metadata flag is used)

Responses

Response samples

200

Content type

application/json

{"metadata": [{"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
}
],
"request_id": "string",
"result": null
}

Bulk upload system policies

path Parameters

system

required

string

system id

Request Body schema: application/gzip

Policy bundle

string <binary>

Responses

Response samples

200

Content type

application/json

{"request_id": "string"
}

Delete a policy

path Parameters

policy

required

string.+

policy name

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string"
}

Get a policy

path Parameters

policy

required

string.+

policy name

query Parameters

dependencies

boolean

include dependencies

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": null
}

Update a policy

path Parameters

policy

required

string.+

policy name

header Parameters

If-None-Match

string

etag

Request Body schema:
application/json

required	object module file name to rego (and also data.json/data.yaml if enabled for the tenant) contents dictionary
	object (crypto.Signature)

Responses

Request samples

Payload

Content type

application/json

{"modules": {"property1": "string",
"property2": "string"
},
"signature": {"excluded": {"digest": "string",
"nodes": {"property1": { },
"property2": { }
}
},
"signatures": [{"property1": "string",
"property2": "string"
}
]
}
}

Response samples

200

Content type

application/json

{"request_id": "string"
}

rego

Rego

Format Rego code

Request Body schema: application/json

required

object

property name*

additional property

string

Responses

Request samples

Payload

Content type

application/json

{"input": {"property1": "string",
"property2": "string"
}
}

Response samples

200

Content type

application/json

{"errors": {"property1": [{ }
],
"property2": [{ }
]
},
"metadata": [{"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
}
],
"output": {"property1": "string",
"property2": "string"
},
"request_id": "string"
}

relay-server

manages relay-clients

Get clients

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"client_id": "string",
"client_key": "string",
"remote_address": "string",
"version": "string"
}
]
}

Evict client connections

path Parameters

key

required

string[a-zA-Z0-9-_]+

key that the relay client registered with

query Parameters

id	string id of a specific relay client

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"client_id": "string",
"client_key": "string",
"remote_address": "string",
"version": "string"
}
]
}

Register Client

path Parameters

key

required

string[a-zA-Z0-9-_]+

key to register the relay client with

query Parameters

id	string id of the relay client

Responses

secrets

Secrets Management

List secrets

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"name": "string"
}
]
}

Delete secret

path Parameters

secretId

required

string.*

secret ID

Responses

Response samples

200

Content type

application/json

{"request_id": "string"
}

Get secret

path Parameters

secretId

required

string.*

secret ID

Responses

Response samples

200
404

Content type

application/json

{"request_id": "string",
"result": {"description": "string",
"id": "string",
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"name": "string"
}
}

Create/update secret

path Parameters

secretId

required

string.*

secret ID

header Parameters

If-None-Match

string

if set to '*' then the request fill fail if the secret already exists

Request Body schema: application/json

description required	string
name required	string
secret required	string

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"name": "string",
"secret": "string"
}

Response samples

200
409

Content type

application/json

{"request_id": "string"
}

signup-passwords

Passwords strength and forgotten password requests

Request password reset email

Request Body schema: application/json

password required	string
user_id required	string

Responses

Request samples

Payload

Content type

application/json

{"password": "string",
"user_id": "string"
}

Response samples

200

Content type

application/json

{"url": "string"
}

Analyze password strength

Request Body schema: application/json

password

required

string

Responses

Request samples

Payload

Content type

application/json

{"password": "string"
}

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"cracktime": 0,
"cracktime_display": "string",
"feedback": {"suggestions": ["string"
],
"warning": "string"
},
"max": 0,
"min": 0,
"pass": 0,
"score": 0
}
}

stacks

Stacks management

List stacks

Responses

Response samples

200

Content type

application/json

{"request_id": "string",
"result": [{"authz": {"role_bindings": [{"id": "string",
"role_name": "string"
}
]
},
"datasources": [{"category": "string",
"id": "string",
"optional": true,
"status": {"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
}
],
"description": "string",
"errors": {"property1": {"errors": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"waiting": true
},
"property2": {"errors": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"waiting": true
}
},
"id": "string",
"info": {"property1": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"property2": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
]
},
"matching_systems": ["string"
],
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"migration_history": [{"from": "string",
"initiated_by": "string",
"initiating_user": "string",
"migrated_at": "2019-08-24T14:15:22Z",
"recovered": true,
"to": "string"
}
],
"minimum_opa_version": "string",
"name": "string",
"policies": [{"created": "string",
"enforcement": {"enforced": true,
"type": "string"
},
"id": "string",
"modules": [{"name": "string",
"placeholder": false,
"read_only": true,
"rules": {"allow": 0,
"deny": 0,
"enforce": 0,
"ignore": 0,
"monitor": 0,
"notify": 0,
"other": 0,
"test": 0,
"total": 0
}
}
],
"rules": {"allow": 0,
"deny": 0,
"enforce": 0,
"ignore": 0,
"monitor": 0,
"notify": 0,
"other": 0,
"test": 0,
"total": 0
},
"type": "string"
}
],
"read_only": true,
"source_control": {"origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"stack_origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"use_workspace_settings": true
},
"status": "string",
"type": "string",
"type_parameters": { },
"warnings": {"property1": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"property2": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
]
}

Create a stack

Request Body schema: application/json

description required	string
name required	string
read_only required	boolean
	object (stacks.v1.SourceControlConfig)
type required	string
type_parameters	object stack type parameter values (for template.* types)

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"name": "string",
"read_only": true,
"source_control": {"origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"stack_origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"use_workspace_settings": true
},
"type": "string",
"type_parameters": { }
}

Response samples

200

Content type

application/json

{"request_id": "string",
"result": {"authz": {"role_bindings": [{"id": "string",
"role_name": "string"
}
]
},
"datasources": [{"category": "string",
"id": "string",
"optional": true,
"status": {"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
}
],
"description": "string",
"errors": {"property1": {"errors": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"waiting": true
},
"property2": {"errors": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"waiting": true
}
},
"id": "string",
"info": {"property1": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"property2": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
]
},
"matching_systems": ["string"
],
"metadata": {"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"created_through": "string",
"last_modified_at": "2019-08-24T14:15:22Z",
"last_modified_by": "string",
"last_modified_through": "string"
},
"migration_history": [{"from": "string",
"initiated_by": "string",
"initiating_user": "string",
"migrated_at": "2019-08-24T14:15:22Z",
"recovered": true,
"to": "string"
}
],
"minimum_opa_version": "string",
"name": "string",
"policies": [{"created": "string",
"enforcement": {"enforced": true,
"type": "string"
},
"id": "string",
"modules": [{"name": "string",
"placeholder": false,
"read_only": true,
"rules": {"allow": 0,
"deny": 0,
"enforce": 0,
"ignore": 0,
"monitor": 0,
"notify": 0,
"other": 0,
"test": 0,
"total": 0
}
}
],
"rules": {"allow": 0,
"deny": 0,
"enforce": 0,
"ignore": 0,
"monitor": 0,
"notify": 0,
"other": 0,
"test": 0,
"total": 0
},
"type": "string"
}
],
"read_only": true,
"source_control": {"origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"stack_origin": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
},
"use_workspace_settings": true
},
"status": "string",
"type": "string",
"type_parameters": { },
"warnings": {"property1": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
],
"property2": [{"code": "string",
"message": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
}

Verify git access

Verifies that the repository can be accessed with the provided credentials

Request Body schema: application/json

commit required	string Commit SHA. Only one of reference or commit can be set at any time
credentials required	string Credentials are looked under the key /
id required	string id of the entity so that the config can be checked for duplicates
path required	string Path to limit the import to
reference required	string Remote reference. Only one of reference or commit can be set at any time
	object (git.v1.SSHCredentials)
url required	string Repository URL

Responses

Request samples

Payload

Content type

application/json

{"commit": "string",
"credentials": "string",
"id": "string",
"path": "string",
"reference": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
}

Response samples

200
400

Content type

application/json

{"request_id": "string",
"result": {"commit": "string",
"credentials": "string",
"path": "string",
"reference": "string",
"sha": "string",
"ssh_credentials": {"passphrase": "string",
"private_key": "string"
},
"url": "string"
}
}