Skip to content

You are viewing documentation for Immuta version 2023.3.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Subscription API Reference Guide

This page describes the subscription endpoint, which allows you to view and manage access requests.

Note

Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.

Subscription workflow

  1. Get pending access requests.
  2. Approve access requests.
  3. Deny access requests.

Get pending access requests

Method Path Purpose
GET /subscription/getPendingRequestsForUser Get pending access requests the calling user can approve.
GET /subscription/requestInfo/{modelType}/{modelId} Get pending request information for specified model and requesting user (or specified entity).

Get pending access requests you can approve

Endpoint

Method Path Purpose
GET /subscription/getPendingRequestsForUser Get pending access requests the calling user can approve.

Query Parameters

Attribute Description Required
groupByEntity boolean If true, group request results by user/group. No
profileId integer Match against profile ID. No
groupId integer Match against group ID. No
name string A partial name to match against user or group names. No
email string A partial email address to match against user or group email addresses. No
modelName string A partial name to match against model names. No
modelTypes array[string] Model types to include. No
size integer The max number of matches to return. Default 15. No
sortField string The field to sort results on. Defaults to name. No
sortOrder string The order that the results will be sorted in. Default asc. No
offset integer Offset to start returning values. No

Response Parameters

Attribute Description
hits array Metadata details regarding the access requests.
count integer The number of access requests.

Request example

The following request gets pending access requests the calling user can approve.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://your-immuta-url.com/subscription/getPendingRequestsForUser?size=15&sortOrder=asc

Response example

{
  "hits": [
    {
      "id": 652,
      "createdAt": "2021-10-14T14:25:16.509Z",
      "metadata": {},
      "model": {
        "type": "datasource",
        "id": 544,
        "name": "Gp Toolkit  Gp Is Append Only"
      },
      "entity": {
        "type": "profile",
        "id": 2,
        "name": "First Last",
        "email": "first.last@immuta.com"
      },
      "approvals": [
        {
          "requiredPermission": "OWNER",
          "state": "pending",
          "approverId": null,
          "ownerModelId": null,
          "approver": null,
          "ownerModelName": null
        }
      ]
    }
  ],
  "count": 1
}

Get pending access requests for a specified model

Endpoint

Method Path Purpose
GET /subscription/requestInfo/{modelType}/{modelId} Get pending request information for specified model and requesting user (or specified entity).

Query Parameters

Attribute Description Required
modelType string The model that a pending request is out for. Options are datasource or project. Yes
modelId integer The data source or project ID. Yes
profileId integer A user ID if you want to get pending requests for another user. No
groupId integer A group ID if you want to get pending requests for a whole group. No

Response Parameters

Attribute Description
records array Details about each of the pending access requests, including subscriptionId, requiredPermission, state, approverId, ownerModelId, approver, and ownerModelName.

Request example

The following request gets pending access requests for the data source with the ID 6 for the current user.

curl -X 'GET' \
  'https://demo.immuta.com/subscription/requestInfo/datasource/6' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer 2533855fddf14b688df4483a30e7d57f'

Response example

{
  "records": [
    {
      "subscriptionId": 36,
      "requiredPermission": "OWNER",
      "state": "pending",
      "approverId": null,
      "ownerModelId": null,
      "approver": null,
      "ownerModelName": null
    }
  ]
}

Approve access requests

Method Path Purpose
POST /subscription/approve Approve specified access requests.
POST /subscription/approve/bulk Bulk approve access requests.

Approve specified access requests

Endpoint

Method Path Purpose
POST /subscription/approve Approve specified access requests.

Query Parameters

None.

Payload Parameters

Attribute Description Required
id integer The subscription ID of the request to approve. Yes
expiration date The date to expire this user's access. No

Response Parameters

Attribute Description
id integer If the request fails, the response includes the ID of the access request.
model array[object] If the request fails, the response includes details about the data source or project.
entity array[object] If the request fails, the response includes details about the user making the subscription request.

Request example

The following request approves the subscription request.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://your-immuta-url.com/subscription/approve

Payload example

{
  "requests": [
    {
      "id": 652,
      "expiration": "2021-10-14"
    }
  ]
}

Response example

{
  "failures": []
}

Approve bulk access requests

Endpoint

Method Path Purpose
POST /subscription/approve/bulk Bulk approve access requests.

Query Parameters

None.

Payload Parameters

Attribute Description Required
requestIds integer A list of the access request IDs to be approved. If requestIds is provided, jobs will only be created for the IDs listed. Otherwise, the id and type values will be used to find and create jobs for all approval requests. Yes
id integer The ID for the type. If requestIds is provided, jobs will only be created for the IDs listed. Otherwise, the id and type values will be used to find and create jobs for all approval requests. Yes
type string The type of ID: profile. If requestIds is provided, jobs will only be created for the IDs listed. Otherwise, the id and type values will be used to find and create jobs for all approval requests. Yes

Response Parameters

Attribute Description
success boolean If true, all of the access requests have been successfully approved.

Request example

The following request approves all of the subscription requests.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://your-immuta-url.com/subscription/approve/bulk

Payload example

{
  "id": 4,
  "type": "profile"
}

Response example

{
  "success": true
}

Deny access requests

Method Path Purpose
POST /subscription/deny Deny specified access requests.
POST /subscription/deny/bulk Bulk deny access requests.

Deny specified access requests

Endpoint

Method Path Purpose
POST /subscription/deny Deny specified access requests.

Query Parameters

None.

Payload Parameters

Attribute Description Required
id integer The subscription ID of the request to deny. Yes
denialReasoning string The reason the user is denied access to the data source or project. Yes

Response Parameters

Attribute Description
id integer If the request fails, the response includes the ID of the access request.
model array[object] If the request fails, the response includes details about the data source or project.
entity array[object] If the request fails, the response includes details about the user making the subscription request.

Request example

The following request denies the subscription request.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://your-immuta-url.com/subscription/deny

Payload example

{
  "requests": [
    {
      "id": 652,
      "denialReasoning": "testdenial"
    }
  ]
}

Response example

{
  "failures": []
}

Deny bulk access requests

Endpoint

Method Path Purpose
POST /subscription/deny/bulk Bulk deny access requests.

Query Parameters

None.

Payload Parameters

Attribute Description Required
requestIds integer A list of the access request IDs to be approved. If requestIds is provided, jobs will only be created for the IDs listed. Otherwise, the id and type values will be used to find and create jobs for all denial requests. Yes
id integer The ID for the type you select. If requestIds is provided, jobs will only be created for the IDs listed. Otherwise, the id and type values will be used to find and create jobs for all denial requests. Yes
type string The type of ID: profile. If requestIds is provided, jobs will only be created for the IDs listed. Otherwise, the id and type values will be used to find and create jobs for all denial requests. Yes
denialReasoning string The reason that you are denying the access requests. Yes

Response Parameters

Attribute Description
success boolean If true, all of the access requests have been successfully denied.

Request example

The following request with the payload below denies the subscription requests with the IDs 40 and 41.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://your-immuta-url.com/subscription/deny/bulk

Payload example

{
  "requestIds": [
    40,
    41
  ],
  "denialReasoning": "The users do not have the right attributes."
}

Response example

{
  "success": true
}