workflows
Download SpecWorkflows for granting role memberships
limit
int
Number of items to return
- Default
- 50
- Max
- 100
offset
int
Offset where to start fetching the items
- Default
- 0
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
adminworkflowsManageworkflowsView Get workflow objects.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Successful response, returns an array of workflows, returns an empty array if no workflows defined
{
"count": 123,
"items": [
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "PERMANENT",
"grant_types": [
"PERMANENT"
],
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_active_requests": 1,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"requested_grant_type": "PERMANENT",
"requested_grant_start": "2017-01-01T15:05:05Z",
"requested_grant_end": "2017-01-01T15:05:05Z",
"requested_floating_length": 24,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"workflow": "5bf77342-221c-11ee-be56-0242ac120002",
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"can_bypass_revoke_workflow": true,
"steps": [
{
"name": "string",
"match": "ALL",
"approvers": [
{
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
]
}
]
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivecount
int
items
array[object]
object
Description of a complete workflow. Used both in workflow templates and in requests - depending on the usage, different properties are editable. Workflow-template properties are indicated with a [T] and request properties with [R].
id
string
uuid
The UUID of the returned object, unique to a workflow template and a request. [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the request [R]
id
string
uuid
display_name
string
requested_role
object (requested_role)
The ID and display name of the requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role [R]
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the request [R]
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_types
array[string]
List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. [T]
string
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
max_active_requests
int
Maximum number of concurrent open requests a user can have per target role. Set to -1 to allow an unlimited number of open requests. Assumed 1 if not specified.
- Example
- 1
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection. [T]
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration. [T]
- Example
- 15
requested_grant_type
string
Requested grant type, is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
requested_grant_start
string
date-time
Requested date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_grant_end
string
date-time
Requested date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_floating_length
int
Requested time in hours for which the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
target_user
object (target_user)
The ID of the user the request is made for [R]
id
string
uuid
display_name
string
target_roles
array[object]
A list of roles this workflow targets [TR]
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
workflow
string
uuid
The ID of the workflow the request is based on [TR]
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template. [TR]
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created [TR]
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated [TR]
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
required
Name of the workflow [T]
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses [R]
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object [TR]
- Example
- "A comment"
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user [R]
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers [R]
- Default
- false
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role [R]
id
string
uuid
display_name
string
target_role_revocation_time
string
date-time
Date and time of revocation [R]
- Example
- "2017-01-01T15:05:05Z"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role [T]
- Default
- false
steps
array[object]
required
Array of steps [TR]
object
Approval step in the workflow. These are read-only for requests. [TR]
name
string
required
Workflow-step name
match
string
required
All approvers must approve or any approver can approve
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step
object
Approver within a workflow step. Can be a role or a principal [TR]
role
object (role)
required
Approving role's ID and display name
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made [R]
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision
Create a new workflow. ID, author, created, and updated fields are automatically populated by the server.
id
string
uuid
The UUID of the returned object, unique to a workflow template and a request. [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the request [R]
id
string
uuid
display_name
string
requested_role
object (requested_role)
The ID and display name of the requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role [R]
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the request [R]
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_types
array[string]
List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. [T]
string
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
max_active_requests
int
Maximum number of concurrent open requests a user can have per target role. Set to -1 to allow an unlimited number of open requests. Assumed 1 if not specified.
- Example
- 1
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection. [T]
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration. [T]
- Example
- 15
requested_grant_type
string
Requested grant type, is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
requested_grant_start
string
date-time
Requested date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_grant_end
string
date-time
Requested date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_floating_length
int
Requested time in hours for which the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
target_user
object (target_user)
The ID of the user the request is made for [R]
id
string
uuid
display_name
string
target_roles
array[object]
A list of roles this workflow targets [TR]
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
workflow
string
uuid
The ID of the workflow the request is based on [TR]
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template. [TR]
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created [TR]
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated [TR]
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
required
Name of the workflow [T]
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses [R]
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object [TR]
- Example
- "A comment"
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user [R]
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers [R]
- Default
- false
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role [R]
id
string
uuid
display_name
string
target_role_revocation_time
string
date-time
Date and time of revocation [R]
- Example
- "2017-01-01T15:05:05Z"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role [T]
- Default
- false
steps
array[object]
required
Array of steps [TR]
object
Approval step in the workflow. These are read-only for requests. [TR]
name
string
required
Workflow-step name
match
string
required
All approvers must approve or any approver can approve
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step
object
Approver within a workflow step. Can be a role or a principal [TR]
role
object (role)
required
Approving role's ID and display name
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made [R]
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
adminworkflowsManage Create a new workflow. ID, author, created, and updated fields are automatically populated by the server.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Request
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "PERMANENT",
"grant_types": [
"PERMANENT"
],
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_active_requests": 1,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"requested_grant_type": "PERMANENT",
"requested_grant_start": "2017-01-01T15:05:05Z",
"requested_grant_end": "2017-01-01T15:05:05Z",
"requested_floating_length": 24,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"workflow": "5bf77342-221c-11ee-be56-0242ac120002",
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"can_bypass_revoke_workflow": true,
"steps": [
{
"name": "string",
"match": "ALL",
"approvers": [
{
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
]
}Response
Workflow Successfully created
{
"id": "5bf77342-221c-11ee-be56-0242ac120002"
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
ID of the created resource
Location
string
Location of the created resource
workflow_id
string
required
Workflow ID
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
adminworkflowsViewworkflowsManage Get workflow object by ID.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Successful response, returns a workflow if found
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "PERMANENT",
"grant_types": [
"PERMANENT"
],
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_active_requests": 1,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"requested_grant_type": "PERMANENT",
"requested_grant_start": "2017-01-01T15:05:05Z",
"requested_grant_end": "2017-01-01T15:05:05Z",
"requested_floating_length": 24,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"workflow": "5bf77342-221c-11ee-be56-0242ac120002",
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"can_bypass_revoke_workflow": true,
"steps": [
{
"name": "string",
"match": "ALL",
"approvers": [
{
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
]
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
The UUID of the returned object, unique to a workflow template and a request. [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the request [R]
id
string
uuid
display_name
string
requested_role
object (requested_role)
The ID and display name of the requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role [R]
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the request [R]
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_types
array[string]
List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. [T]
string
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
max_active_requests
int
Maximum number of concurrent open requests a user can have per target role. Set to -1 to allow an unlimited number of open requests. Assumed 1 if not specified.
- Example
- 1
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection. [T]
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration. [T]
- Example
- 15
requested_grant_type
string
Requested grant type, is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
requested_grant_start
string
date-time
Requested date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_grant_end
string
date-time
Requested date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_floating_length
int
Requested time in hours for which the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
target_user
object (target_user)
The ID of the user the request is made for [R]
id
string
uuid
display_name
string
target_roles
array[object]
A list of roles this workflow targets [TR]
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
workflow
string
uuid
The ID of the workflow the request is based on [TR]
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template. [TR]
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created [TR]
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated [TR]
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
required
Name of the workflow [T]
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses [R]
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object [TR]
- Example
- "A comment"
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user [R]
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers [R]
- Default
- false
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role [R]
id
string
uuid
display_name
string
target_role_revocation_time
string
date-time
Date and time of revocation [R]
- Example
- "2017-01-01T15:05:05Z"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role [T]
- Default
- false
steps
array[object]
required
Array of steps [TR]
object
Approval step in the workflow. These are read-only for requests. [TR]
name
string
required
Workflow-step name
match
string
required
All approvers must approve or any approver can approve
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step
object
Approver within a workflow step. Can be a role or a principal [TR]
role
object (role)
required
Approving role's ID and display name
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made [R]
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision
id
string
uuid
The UUID of the returned object, unique to a workflow template and a request. [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the request [R]
id
string
uuid
display_name
string
requested_role
object (requested_role)
The ID and display name of the requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role [R]
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the request [R]
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_types
array[string]
List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. [T]
string
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
max_active_requests
int
Maximum number of concurrent open requests a user can have per target role. Set to -1 to allow an unlimited number of open requests. Assumed 1 if not specified.
- Example
- 1
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection. [T]
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration. [T]
- Example
- 15
requested_grant_type
string
Requested grant type, is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
requested_grant_start
string
date-time
Requested date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_grant_end
string
date-time
Requested date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_floating_length
int
Requested time in hours for which the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
target_user
object (target_user)
The ID of the user the request is made for [R]
id
string
uuid
display_name
string
target_roles
array[object]
A list of roles this workflow targets [TR]
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
workflow
string
uuid
The ID of the workflow the request is based on [TR]
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template. [TR]
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created [TR]
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated [TR]
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
required
Name of the workflow [T]
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses [R]
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object [TR]
- Example
- "A comment"
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user [R]
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers [R]
- Default
- false
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role [R]
id
string
uuid
display_name
string
target_role_revocation_time
string
date-time
Date and time of revocation [R]
- Example
- "2017-01-01T15:05:05Z"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role [T]
- Default
- false
steps
array[object]
required
Array of steps [TR]
object
Approval step in the workflow. These are read-only for requests. [TR]
name
string
required
Workflow-step name
match
string
required
All approvers must approve or any approver can approve
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step
object
Approver within a workflow step. Can be a role or a principal [TR]
role
object (role)
required
Approving role's ID and display name
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made [R]
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
workflow_id
string
required
Workflow ID
oauth
Required Scopes:
adminworkflowsManage Update a workflow.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Request
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "PERMANENT",
"grant_types": [
"PERMANENT"
],
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_active_requests": 1,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"requested_grant_type": "PERMANENT",
"requested_grant_start": "2017-01-01T15:05:05Z",
"requested_grant_end": "2017-01-01T15:05:05Z",
"requested_floating_length": 24,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"workflow": "5bf77342-221c-11ee-be56-0242ac120002",
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"can_bypass_revoke_workflow": true,
"steps": [
{
"name": "string",
"match": "ALL",
"approvers": [
{
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
]
}Response
Workflow successfully updated
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveworkflow_id
string
required
Workflow ID
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
adminworkflowsManage Deletes workflow by ID.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Workflow Successfully deleted
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveWas this page helpful?