Manage Projects

This page details how to use the projects API to query projects and the data sources associated with them in Immuta.

Projects workflow

Create a project

POST /project

Create the project.

Payload parameters

Attribute
Description
Required

id

integer Project ID.

Yes

projectKey

string Name of the project.

Yes

name

string Name of the project.

Yes

status

string (Accepted statuses are open or closed.)

Yes

description

string Project description.

No

documentation

string Project documentation.

No

tags

array Project tags.

No

purposes

array Project purposes.

No

stagedPurposes

array Project purposes staged for approval.

No

deleted

boolean If true, the project will be deleted.

No

snowflake

array This enables a Snowflake workspace for the project and details the schema, hostname, and warehouse.

No

allowMaskedJoins

boolean If true, masked joins will be allowed.

No

subscriptionPolicy

array[object] A policy object for the Subscription Policy on the project. Details include type, exceptions, conditions, allowDiscovery, and automaticSubscription. If this is not set, it will be the default manual.

No

subscriptionType

string The type of subscription policy on the project. The type can be automatic (which allows anyone to subscribe), approval (which requires the subscriber to be manually approved), policy (which only allows users with specific groups or attributes to subscribe), or manual (which requires users to be manually added).

No

equalization

array Details the policy conditions of the equalization, including the configured (or recommended) user groups and attributes.

No

workspace

array Information on native workspaces in the project.

No

type

string The type of Immuta project, either user created project (user) or system generated project (schema).

No

createdAt

timestamp Date of the project creation.

No

updatedAt

timestamp Date of the most recent update.

No

Response parameters

Attribute
Description

id

integer Project ID.

projectKey

string Name of the project.

name

string Name of the project.

status

string (Statuses are open or closed.)

description

string Project description.

documentation

string Project documentation.

tags

array Project tags.

purposes

array Project purposes.

stagedPurposes

array Project purposes staged for approval.

deleted

boolean If true, the project has been deleted.

snowflake

array If a Snowflake workspace has been enabled for the project, this attribute will detail the schema, hostname, and warehouse.

allowMaskedJoins

boolean If true, masked joins are allowed.

subscriptionPolicy

array[object] A policy object for the Subscription Policy on the project. Details include type, exceptions, conditions, allowDiscovery, and automaticSubscription.

subscriptionType

string The type of subscription policy on the project. The type can be automatic (which allows anyone to subscribe), approval (which requires the subscriber to be manually approved), policy (which only allows users with specific groups or attributes to subscribe), or manual (which requires users to be manually added).

equalization

array Details the policy conditions of the equalization, including the configured (or recommended) user groups and attributes.

workspace

array Information on native workspaces in the project.

type

string The type of Immuta project, either user created project (user) or system generated project (schema).

createdAt

timestamp Date of the project creation.

updatedAt

timestamp Date of the most recent update.

workspaceWarnings

string This message describes issues with the created workspace.

Example request

This example request with the payload below will create a new project.

curl \
  --request POST \
  --header "Content-Type: application/json" \
  --header "Authorization: Bearer dea464c07bd07300095caa8" \
  --data @example-payload.json \
  https://demo.immuta.com/project

Example request payload

This example payload will create a new project named API Project.

{
  "id": 4,
  "projectKey": "api project",
  "name": "API Project",
  "status": "open",
  "description": "project created with api",
  "deleted": false,
  "allowMaskedJoins": false,
  "createdAt": "2021-09-10",
  "updatedAt": "2021-09-10"
}

Example response

{
  "id": 4,
  "projectKey": "api project",
  "name": "API Project",
  "status": "open",
  "description": "project created with api",
  "documentation": "# API Project",
  "deleted": false,
  "allowMaskedJoins": false,
  "subscriptionType": "manual",
  "subscriptionPolicy": null,
  "equalization": null,
  "workspace": null,
  "snowflake": null,
  "type": null,
  "schema": null,
  "createdBy": 2,
  "updatedBy": 2,
  "createdAt": "2021-09-10T00:00:00.000Z",
  "updatedAt": "2021-09-10T00:00:00.000Z",
  "schemaEvolutionId": null,
  "purposes": [],
  "stagedPurposes": []
}

Search projects

Method
Path
Purpose

GET

/project/{projectId}

Search all projects

GET /project

Search for projects.

Query parameters

Attribute
Description
Required

offset

integer Used in combination with size to fetch pages. The default is 0.

No

size

integer The number of results to return per page.

No

sortField

string Used to sort results by field.

No

sortOrder

string Sorts results by order, which must be asc or desc. The default is asc.

No

subscription

array[string] Filters projects by subscription types, which must be automatic, approval, or policy.

No

status

array[string] Filters projects based on their status: open or closed.

No

searchText

string Searches text. By default this will filter projects by name, description, documentation, category, and organization.

No

tag

array[string] Filters projects by tags associated with the projects.

No

nameOnly

boolean If true, searchText will only filter by project name, allowing you to retrieve specific projects. The default is false.

No

isEqualized

boolean If true, only equalized projects will be included.

No

snowflake

boolean If true, only projects with a Snowflake workspace will be included.

No

dataSourceId

integer Filters projects by whether they have the data source associated with the data source ID.

No

mode

integer Specifies the query mode, which must be 0 (FULL), 1 (COUNT), 4 (TAG), 5 (MIN_MAX), or 6 (STATUS).

No

Response parameters

Attribute
Description

count

integer Number of projects found.

hits

array Details about each project listed.

id

integer The project ID.

projectKey

string Name of the project.

name

string Name of the project.

status

string Statuses are open or closed.

description

string Project description.

documentation

string Project documentation.

tags

array Project tags.

purposes

array Project purposes.

stagedPurposes

array Project purposes staged for approval.

deleted

boolean If true, the project has been deleted.

snowflake

array If a Snowflake workspace has been enabled for the project, this attribute will detail the schema, hostname, and warehouse.

allowMaskedJoins

boolean If true, masked joins are allowed.

subscriptionPolicy

array[object] A policy object for the Subscription Policy on the project. Details include type, exceptions, conditions, allowDiscovery, and automaticSubscription.

subscriptionType

string The type of subscription policy on the project. The type can be automatic (which allows anyone to subscribe), approval (which requires the subscriber to be manually approved), policy (which only allows users with specific groups or attributes to subscribe), or manual (which requires users to be manually added).

equalization

array Details the policy conditions of the equalization, including the configured (or recommended) user groups and attributes.

workspace

array Information on native workspaces in the project.

type

string The type of Immuta project, either user created project (user) or system generated project (schema).

createdAt

timestamp Date of the project creation.

updatedAt

timestamp Date of the most recent update.

acknowledgeRequired

boolean When true, the requesting user has not yet agreed to the project acknowledgement.

subscriptionId

integer The project member's subscription ID.

subscribedAsUser

boolean If true, the user running the request is currently subscribed.

subscriptionStatus

string Subscription status of the user running the request.

filterId

integer Corresponds with the ID of the project.

facets

array Facets (categories) relevant to the search.

Request example

This example request gets a list of all of the projects.

curl \
  --request GET \
  --header "Content-Type: application/json" \
  --header "Authorization: Bearer dea464c07bd07300095caa8" \
  https://demo.immuta.com/project

Response example

{
  "hits": [
    {
      "id": 8,
      "name": "Improving Employee Onboarding and Retention",
      "status": "open",
      "description": null,
      "deleted": false,
      "updatedAt": "2021-07-14T23:14:46.210Z",
      "subscriptionPolicy": null,
      "createdAt": "2021-07-14T23:13:53.752Z",
      "filterId": 8,
      "subscriptionType": "manual",
      "isEqualized": false,
      "acknowledgeRequired": false,
      "subscriptionStatus": "not_subscribed",
      "purposeCount": 1,
      "hasDeletedPurposes": false,
      "workspace": null,
      "type": null,
      "allowMaskedJoins": false
    },
    {
      "id": 4,
      "name": "Medical Records",
      "status": "open",
      "description": "This project contains all data sources under the schema, medical_records, from immuta@example.database.sample.net:1433/example.",
      "deleted": false,
      "updatedAt": "2021-06-22T23:24:58.766Z",
      "subscriptionPolicy": null,
      "createdAt": "2021-06-22T23:24:58.766Z",
      "filterId": 4,
      "subscriptionType": "manual",
      "isEqualized": false,
      "acknowledgeRequired": false,
      "subscriptionStatus": "owner",
      "purposeCount": 0,
      "hasDeletedPurposes": false,
      "workspace": null,
      "type": "Schema",
      "allowMaskedJoins": false
    },
    {
      "id": 6,
      "name": "sample123",
      "status": "open",
      "description": null,
      "deleted": false,
      "updatedAt": "2021-07-12T21:32:37.020Z",
      "subscriptionPolicy": null,
      "createdAt": "2021-07-12T21:32:37.012Z",
      "filterId": 6,
      "subscriptionType": "manual",
      "isEqualized": false,
      "acknowledgeRequired": false,
      "subscriptionStatus": "not_subscribed",
      "purposeCount": 1,
      "hasDeletedPurposes": false,
      "workspace": null,
      "type": null,
      "allowMaskedJoins": false
    },
    {
      "id": 2,
      "name": "test",
      "status": "open",
      "description": null,
      "deleted": false,
      "updatedAt": "2021-07-19T20:48:00.758Z",
      "subscriptionPolicy": null,
      "createdAt": "2021-05-19T22:50:44.190Z",
      "filterId": 2,
      "subscriptionType": "manual",
      "isEqualized": false,
      "acknowledgeRequired": false,
      "subscriptionStatus": "owner",
      "purposeCount": 2,
      "hasDeletedPurposes": false,
      "workspace": null,
      "type": null,
      "allowMaskedJoins": false
    },
    {
      "id": 3,
      "name": "Tpc",
      "status": "open",
      "description": "This project contains all data sources under the schema, tpc, from immuta@example.database.sample.net:1433/example.",
      "deleted": false,
      "updatedAt": "2021-05-20T16:29:09.679Z",
      "subscriptionPolicy": null,
      "createdAt": "2021-05-20T16:29:09.679Z",
      "filterId": 3,
      "subscriptionType": "manual",
      "isEqualized": false,
      "acknowledgeRequired": false,
      "subscriptionStatus": "owner",
      "purposeCount": 0,
      "hasDeletedPurposes": false,
      "workspace": null,
      "type": "Schema",
      "allowMaskedJoins": false
    }
  ],
  "facets": {},
  "count": 5
}

Search for projects by ID

GET /project/{projectId}

Get the project with the given ID.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

checkForSqlAccount

boolean Default is true.

No

Response parameters

Attribute
Description

id

integer Project ID.

projectKey

string Name of the project.

name

string Name of the project.

status

string Statuses are open or closed.

description

string Project description.

documentation

string Project documentation.

tags

array Project tags.

purposes

array Project purposes.

stagedPurposes

array Project purposes staged for approval.

deleted

boolean If true, the project has been deleted.

snowflake

array If a Snowflake workspace has been enabled for the project, this attribute will detail the schema, hostname, and warehouse.

allowMaskedJoins

boolean If true, masked joins are allowed.

subscriptionPolicy

array[object] A policy object for the Subscription Policy on the project. Details include type, exceptions, conditions, allowDiscovery, and automaticSubscription.

subscriptionType

string The type of subscription policy on the project. The type can be automatic (which allows anyone to subscribe), approval (which requires the subscriber to be manually approved), policy (which only allows users with specific groups or attributes to subscribe), or manual (which requires users to be manually added).

equalization

array Details the policy conditions of the equalization, including the configured (or recommended) user groups and attributes.

workspace

array Information on native workspaces in the project.

type

string The type of Immuta project, either user created project (user) or system generated project (schema).

createdAt

timestamp Date of the project creation.

updatedAt

timestamp Date of the most recent update.

acknowledgeRequired

boolean When true, the requesting user has not yet agreed to the project acknowledgement.

subscriptionId

integer The project member's subscription ID.

subscribedAsUser

boolean If true, the user running the request is currently subscribed.

subscriptionStatus

string Subscription status of the user running the request.

Example request

This example gets the project object for the project with the ID 2.

curl \
  --request GET \
  --header "Content-Type: application/json" \
  --header "Authorization: Bearer dea464c07bd07300095caa8" \
  https://demo.immuta.com/project/2

Example response

{
  "id": 2,
  "projectKey": "test",
  "name": "test",
  "status": "open",
  "description": null,
  "documentation": "# test\n\n12345",
  "deleted": true,
  "allowMaskedJoins": true,
  "subscriptionType": "manual",
  "subscriptionPolicy": null,
  "equalization": null,
  "workspace": null,
  "snowflake": null,
  "type": null,
  "schema": null,
  "createdBy": 2,
  "updatedBy": 2,
  "createdAt": "2021-05-19T22:50:44.190Z",
  "updatedAt": "2021-07-29T18:30:04.066Z",
  "schemaEvolutionId": null,
  "subscribedAsUser": true,
  "subscriptionId": 5,
  "acknowledgeRequired": false,
  "subscriptionStatus": "owner",
  "requestedState": "owner",
  "approved": true,
  "subscriptionExpiration": null,
  "filterId": 2,
  "purposeCount": null,
  "purposes": [
    {
      "id": 8,
      "name": "Analyzing Onboarding and Job Satisfaction",
      "acknowledgement": null,
      "description": "Data can only be accessed for analyzing the effectiveness of current onboarding practices and trends in employee job satisfaction  reasons for data access must be approved by a compliance committee.",
      "addedByProfile": 2,
      "displayAcknowledgement": true,
      "deleted": false,
      "systemGenerated": false,
      "policyMetadata": null,
      "createdAt": "2021-07-07T19:56:06.360Z",
      "updatedAt": "2021-07-07T19:56:06.360Z",
      "createdBy": 2
    },
    {
      "id": 4,
      "name": "Use Case Outside De-identification",
      "acknowledgement": "I agree to use the data associated with this project for the stated purpose of the project, and for that purpose only, as listed in the project's homepage, and to refrain from sharing that data outside of the project or Immuta. In the event that I discover risks that I believe could lead to unauthorized access, I agree to immediately notify the project owner or governance team and take immediate action t  address and mitigate such risks.",
      "description": null,
      "addedByProfile": 1,
      "displayAcknowledgement": true,
      "deleted": false,
      "systemGenerated": true,
      "policyMetadata": null,
      "createdAt": "2021-05-19T20:32:03.437Z",
      "updatedAt": "2021-07-28T14:17:22.690Z",
      "createdBy": 2
    }
  ],
  "stagedPurposes": [],
  "tags": []
}

Manage projects

Method
Path
Purpose

PUT

/project/{projectId}

GET

/project/{projectId}/checkEqualizationState

Update project by ID

PUT /project/{projectId}

Update the project with the given ID.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

deleteDataSources

boolean If true, the data sources in the project will be deleted.

No

Payload parameters

Attribute
Description
Required

type

string The type of Immuta project, either user created project (user) or system generated project (schema).

No

name

string The project's new name.

No

description

string The project's new description.

No

documentation

string The project's new documentation.

No

status

string Accepted statuses are open or closed.

No

subscriptionType

string The type of subscription policy on the project. The type can be automatic (which allows anyone to subscribe), approval (which requires the subscriber to be manually approved), policy (which only allows users with specific groups or attributes to subscribe), or manual (which requires users to be manually added).

No

tags

array The project's new tags.

No

purposes

array The project's new purposes.

No

stagedPurposes

array The project's new purposes staged for approval.

No

deleted

boolean If true, the project will be deleted.

No

snowflake

array This enables a Snowflake workspace for the project and details the schema, hostname, and warehouse.

No

allowMaskedJoins

boolean If true, masked joins will be allowed.

No

subscriptionPolicy

array[object] A policy object for the Subscription Policy on the project. Details include type, exceptions, conditions, allowDiscovery, and automaticSubscription. If this is not set, it will be the default manual.

No

equalization

array Details the policy conditions of the equalization, including the configured (or recommended) user groups and attributes.

No

workspace

array Information on native workspaces in the project.

No

Response parameters

Attribute
Description

id

integer Project ID.

projectKey

string Name of the project.

name

string Name of the project.

status

string Statuses are open or closed.

description

string Project description.

documentation

string Project documentation.

tags

array Project tags.

purposes

array Project purposes.

stagedPurposes

array Project purposes staged for approval.

deleted

boolean If true, the project will be deleted.

snowflake

array If a Snowflake workspace has been enabled for the project, this attribute will detail the schema, hostname, and warehouse.

allowMaskedJoins

boolean If true, masked joins will be allowed.

subscriptionPolicy

array[object] A policy object for the Subscription Policy on the project. Details include type, exceptions, conditions, allowDiscovery, and automaticSubscription.

subscriptionType

string The type of subscription policy on the project. The type can be automatic (which allows anyone to subscribe), approval (which requires the subscriber to be manually approved), policy (which only allows users with specific groups or attributes to subscribe), or manual (which requires users to be manually added).

equalization

array Details the policy conditions of the equalization, including the configured (or recommended) user groups and attributes.

workspace

array Information on native workspaces in the project.

type

string The type of Immuta project, either user created project (user) or system generated project (schema).

createdAt

timestamp Date of the project creation.

updatedAt

timestamp Date of the most recent update.

workspaceWarnings

string This message describes issues with the created workspace.

Example request

This example request with the payload below will update the project with the project ID 2.

curl \
    --request PUT \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/project/2

Example request payload

This example payload will update the project to be named Documentation Project.

{
  "name": "Documentation Project",
  "deleted": false
}

Example response

{
  "workspace": null,
  "createdBy": 2,
  "updatedBy": 2,
  "schemaEvolutionId": 1,
  "projectKey": "Medical Records",
  "name": "Documentation Project",
  "status": "open",
  "description": "This project contains all data sources under the schema, medical_records, from immuta@example.database.sample.net:1433/example.",
  "documentation": "This is an automatically generated project that collects data sources under the schema, medical_records, from immuta@example.database.sample.net:1433/example. When data sources in this schema are added to the system, they will automatically be added to this project.",
  "deleted": false,
  "allowMaskedJoins": false,
  "subscriptionType": "manual",
  "subscriptionPolicy": null,
  "equalization": null,
  "snowflake": null,
  "type": "Schema",
  "schema": "medical_records",
  "id": 2,
  "createdAt": "2021-08-24T15:44:29.477Z",
  "updatedAt": "2021-09-10T21:49:00.678Z",
  "purposeCount": 0,
  "tags": [],
  "projectPurposes": [],
  "stagedPurposes": [],
  "purposes": [],
  "workspaceWarnings": []
}

View project activity by project ID

GET /project/{projectId}/activity

Get all of the recent activity for a given project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

offset

integer Used in combination with size to fetch pages.

No

size

integer Used to select the number of activities.

No

Response parameters

Attribute
Description

count

integer The total number of actions.

activities

array The id, modelType, modelId, notificationType, actionsBy, targetUser, targetGroup, additionalText, array, createdAt, updatedAt, and read for each action listed.

id

integer The activity ID.

modelType

string The Immuta feature the activity is attached to.

modelId

string The ID of the Immuta feature the activity is attached to.

notificationType

string The type of activity or notification, such as modelCreated, modelUserAdded, or projectUpdated.

actionBy

array The user data for the user who took the action.

targetUser

array The user data for the user who the action was directed towards.

targetGroup

array The group data for the group who the action was directed towards.

metadata

array Details about the action. For example, if the notificationType was modelCreated, the metadata attribute would include the project name.

createdAt

timestamp Date the action was taken.

updatedAt

timestamp Date of the most recent activity on the action.

read

boolean If true, the activity has been viewed.

unread

integer The number of unviewed activities on that project.

Example request

This example gets one activity for the project with the project ID 2.

curl \
    --request GET \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/2/activity?size=1

Example response

{
  "count": 40,
  "activities": [
    {
      "modelType": "project",
      "modelId": "2",
      "createdAt": "2021-07-29T20:56:11.856Z",
      "notificationType": "projectUpdated",
      "metadata": {
        "fields": [
          "deleted",
          "purposes"
        ],
        "projectName": "test",
        "approvedPurposeCount": 0,
        "deniedPurposesCount": 0,
        "requestedPurposeCount": 0,
        "newPurposesAddedCount": 2
      },
      "read": false,
      "id": 191,
      "updatedAt": "2021-07-29T20:56:11.856Z",
      "actionBy": {
        "id": 2,
        "name": "John Doe",
        "email": "john.doe@immuta.com"
      },
      "targetUser": {
        "id": 2,
        "name": "John Doe",
        "email": "john.doe@immuta.com"
      }
    }
  ],
  "unread": 40,
  "next": "191_2021-07-29T20:56:11.856Z"
}

View the state of an equalized project

GET /project/{projectId}/checkEqualizationState

Get current state of an equalized project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

Response parameters

Attribute
Description

equalizationState

string The state of the project's equalization. Options include: off, recommended, active, upgrade, or nonCompliantMembers.

Example request

This example gets the state of project equalization of the project with the project ID 2.

curl \
    --request GET \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/2/checkEqualizationState

Example response

{
  "equalizationState": "recommended"
}

Manage project members

Method
Path
Purpose

GET

/project/{projectId}/members

POST

/project/{projectId}/checkEqualizedAuths

POST

/project/{projectId}/members

PUT

/project/{projectId}/members/{subscriptionId}

View project members

GET /project/{projectId}/members

Get all of the members for a given project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

offset

integer Used in combination with size to fetch pages.

No

size

integer The number of results to return per page.

No

sortField

string Sorts results by field. The default is name.

No

sortOrder

string Sorts results by order, which must be asc or desc. The default is asc.

No

searchText

string Searches text of member names.

No

approved

boolean Filters results based on whether or not members' subscription status has been approved.

No

checkDataSources

boolean When true, will check if users' meet the compliance requirements set on data sources within the project.

No

expandGroups

boolean

No

Response parameters

Attribute
Description

count

integer The number of members in the project.

members

array The profile, name, iamId, userId, email, type, approved, state, systemGenerated, lastExternalRefresh, subscriptionId, createdAt, updatedAt, approvals, currentUserCanApprove, and compliance for each member result.

profile

integer The user's profile ID.

name

string The user's name.

iamId

string The ID of the IAM, which is configured on the App Settings page.

userId

string The user's Immuta username.

email

string The user's email.

type

string The type of Immuta project, either user created project (user) or system generated project (schema).

approved

boolean When true, the members' subscription status has been approved.

state

string The user's relationship to the project. Options include owner, not_subscribed, pending, subscribed, and expert.

systemGenerated

boolean When true, the user is a system generated account.

lastExternalRefresh

timestamp The date of the last time this user's information was updated from an external IAM.

subscriptionId

integer The project member's subscription ID.

createdAt

timestamp The date that this user was created in Immuta.

updatedAt

timestamp The date of the most recent update of the user.

approvals

array Details on how this new member will fit into the project's approval process.

compliance

array Details about the compliance requirements of the project, including missingDataSources and invalidSubscriptions.

Example request

This request gets all of the members of the project with the project ID 2.

curl \
    --request GET \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/2/members

Example response

{
  "count": 1,
  "members": [
    {
      "profile": 2,
      "name": "John Doe",
      "iamid": "bim",
      "userid": "john.doe@immuta.com",
      "email": "john.doe@immuta.com",
      "type": "user",
      "approved": true,
      "state": "owner",
      "systemGenerated": false,
      "lastExternalRefresh": "2021-07-30T17:49:55.050Z",
      "subscriptionId": 5,
      "createdAt": "2021-05-19T22:50:44.206Z",
      "updatedAt": "2021-07-19T20:47:53.069Z",
      "approvals": [],
      "currentUserCanApprove": false
    }
  ]
}

Check the members' equalized entitlements

POST /project/{projectId}/checkEqualizedAuths

Check that all members meet the provided equalized entitlements.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

Payload parameters

Attribute
Description
Required

conditionsObj

array Details containing operator, conditions, type, group, and field values.

Yes

operator

string

Yes

conditions

array Details containing type, group, and field.

Yes

type

string The type of Immuta project, either user created project (user) or system generated project (schema).

No

group

array Includes the group id, name, and iam.

No

Response parameters

Attribute
Description

validSet

boolean When true, users meet the specified entitlements.

usersMissingAuths

array Metadata about the user (name and subscription id) and the name of the group they're missing.

Request example

This request with the payload below will check if the requesting user is in the "View Masked Values" group.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/project/1/checkEqualizedAuths

Payload example

{
  "conditionsObj": {
    "operator": "and",
    "conditions": [
      {
        "type": "groups",
        "group": {
          "id": 1,
          "name": "View Masked Values"
        }
      }
    ]
  }
}

Response example

{
  "validSet": true,
  "usersMissingAuths": {}
}

Add a member to a project

POST /project/{projectId}/members

Add a member to the project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

Payload parameters

Attribute
Description
Required

profileId

integer The new user's ID.

Yes

groupId

integer The group ID that the new user is a part of. This will add a whole group.

No

state

string The new user's connection to the project. Options include owner, not_subscribed, pending, subscribed, and expert.

No

expiration

timestamp The date when the member should no longer have access to the project.

No

approvals

array Details on how this new member will fit into the project's approval process.

No

Example request

This example request with the payload below will add a new member to the project with the project ID 1.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https:demo.immuta.com/project/1/members

Example request payload

{
  "profileId": 3,
  "state": "subscribed",
}

Example response

{
  "subscriptionId": 18,
  "state": "subscribed",
  "approved": true
}

Update a project member

PUT /project/{projectId}/members/{subscriptionId}

Update a member of the project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

subscriptionId

integer The project member's subscription ID.

Yes

Payload parameters

Attribute
Description
Required

state

array[string] The user's role in the project. Options include owner, not_subscribed, pending, subscribed, and expert.

Yes

expiration

timestamp The date when the member should no longer have access to the project.

No

Response parameters

Attribute
Description

state

array[string] The user's role in the project. Options include owner, not_subscribed, pending, subscribed, and expert.

expiration

timestamp The date when the member should no longer have access to the project.

Request example

This example request with the payload below will update the user with the subscription ID 2 to be a subscriber of the project with the project ID 3.

curl \
    --request PUT \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/project/3/members/2

Payload example

{
  "state": "subscribed"
}

Response example

{
  "state": "subscribed",
  "expiration": null
}

Manage project data sources

Method
Path
Purpose

GET

/project/{projectId}/dataSources

DELETE

/project/{projectId}/dataSources

POST

/project/{projectId}/dataSources

PUT

/project/{projectId}/dataSources/{dataSourceId}

View project data sources by project ID

GET project/{projectId}/dataSources

Get all of the data sources for a given project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

offset

integer Used in combination with size to fetch pages.

No

searchText

string Searches text of the data source names.

No

size

integer The number of results to return per page.

No

sortField

string Used to sort results by field. Options include addedBy, addedOn, and dataSourceName. The default is dataSourceName.

No

sortOrder

string Sorts results by order, which must be asc or desc. The default is asc.

No

unsubscribed

boolean If true, filters by unsubscribed status (includes data sources with a pending subscription). If false, filters by subscribed status.

No

subscription

string Searches based on the subscription status of the user. Options include not_subscribed, owner, pending, or subscribed.

No

Response parameters

Attribute
Description

count

integer The total number of data sources in the project.

dataSources

array[object] An array of data source objects that includes addedBy, dataSourceName, policyHandlerType, addedOn, dataSourceId, addedByProfile, deleted, subscriptionType, subscriptionStatus, subscriptionPolicy, connectionString, blobHandlerType, and derivedThisProject values for each data source.

addedBy

string The user who added the data source to the project.

dataSourceName

string The name of the data source.

policyHandlerType

string

addedOn

timestamp The date the data source was added to the project.

dataSourceId

integer The data source ID.

addedByProfile

integer The profile ID of the user who added the data source to the project.

deleted

boolean If true, the data source has been deleted.

subscriptionType

string The type of subscription policy on the project. The type can be automatic (which allows anyone to subscribe), approval (which requires the subscriber to be manually approved), policy (which only allows users with specific groups or attributes to subscribe), or manual (which requires users to be manually added).

subscriptionStatus

string

subscriptionPolicy

array[object] A policy object for the Subscription Policy on the data source. Details include type, exceptions, conditions, allowDiscovery, and automaticSubscription.

connectionString

string The data source connection string.

blobHandlerType

string The data platform.

derivedInThisProject

boolean If true, this data source was created as a derived data source in this project.

Example request

This example gets the data source details for all of the data sources of the project with the project ID 2.

curl \
    --request GET \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/2/dataSources

Example response

{
  "count": 3,
  "dataSources": [
    {
      "addedBy": "John Doe",
      "dataSourceName": "Fake Medical Claims 2017",
      "policyHandlerType": "Builder",
      "addedOn": "2021-06-25T19:11:03.230Z",
      "dataSourceId": 8,
      "addedByProfile": 2,
      "deleted": false,
      "subscriptionType": "policy",
      "subscriptionStatus": "owner",
      "subscriptionPolicy": {
        "type": "subscription",
        "exceptions": {
          "operator": "or",
          "conditions": [
            {
              "type": "groups",
              "group": {
                "name": "HR Department"
              }
            },
            {
              "type": "authorizations",
              "authorization": {
                "auth": "Manager",
                "value": "Receiving Surveys"
              }
            }
          ]
        },
        "shareResponsibility": false,
        "automaticSubscription": true
      },
      "connectionString": "immuta@example.database.sample.net:1433/example",
      "blobHandlerType": "Snowflake",
      "derivedInThisProject": false
    },
    {
      "addedBy": "John Doe",
      "dataSourceName": "Tpc Randomized",
      "policyHandlerType": "Builder",
      "addedOn": "2021-06-25T22:26:38.170Z",
      "dataSourceId": 6,
      "addedByProfile": 2,
      "deleted": false,
      "subscriptionType": "policy",
      "subscriptionStatus": "owner",
      "subscriptionPolicy": {
        "type": "subscription",
        "exceptions": {
          "operator": "and",
          "conditions": [
            {
              "type": "groups",
              "group": {
                "name": "HR"
              }
            }
          ]
        },
        "shareResponsibility": false,
        "automaticSubscription": true
      },
      "connectionString": "immuta@example.database.sample.net:1433/example",
      "blobHandlerType": "Azure Synapse Analytics",
      "derivedInThisProject": false
    },
    {
      "addedBy": "John Doe",
      "dataSourceName": "Tpc Web Sales",
      "policyHandlerType": "None",
      "addedOn": "2021-06-25T19:11:03.226Z",
      "dataSourceId": 7,
      "addedByProfile": 2,
      "deleted": false,
      "subscriptionType": "manual",
      "subscriptionStatus": "owner",
      "subscriptionPolicy": null,
      "connectionString": "immuta@example.database.sample.net:1433/example",
      "blobHandlerType": "Azure Synapse Analytics",
      "derivedInThisProject": false
    }
  ]
}

Remove data sources from a project

DELETE /project/{projectId}/dataSources

Remove supplied data sources from the project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

ids

integer The IDs of the data sources to remove from the project.

Yes

Response parameters

Attribute
Description

success

array The id, blobHandlerType, and name values of the data sources that have been successfully removed.

inError

array The id, blobHandlerType, and name values of the data sources that have not been successfully removed.

id

integer The data source ID.

blobHandlerType

string The type of blob handler of the data source.

name

string The data source name.

Example request

This example request deletes the data source with the ID 8 from the project with the project ID 2.

curl \
    --request DELETE \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/2/dataSources?ids=8

Example response

{
  "success": [
    {
      "id": 8,
      "name": "Fake Medical Claims 2017",
      "blobHandlerType": "Snowflake"
    }
  ],
  "inError": []
}

Add data sources to a project

POST /project/{projectId}/dataSources

Adds data sources to a project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

Payload parameters

Attribute
Description
Required

dataSourceIds

integer The data source IDs for the data sources to add to the project.

Yes

Response parameters

Attribute
Description

success

array The id, blobHandlerType, and name values of the data sources that have been successfully added.

inError

array The id, blobHandlerType, and name values of the data sources that have not been successfully added.

id

integer The data source ID.

blobHandlerType

string The type of blob handler of the data source.

name

string The data source name.

Example request

This example request with the payload below will add the data source with the data source ID 1 to the project with the project ID 1.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/project/1/dataSources

Example request payload

This example payload will add the data source with the data source ID 2 to the project.

{
  "dataSourceIds": [
    2
  ]
}

Example response

{
  "success": [
    {
      "id": 2,
      "name": "Credit Payments Bank Deposits",
      "blobHandlerType": "Snowflake"
    }
  ],
  "inError": []
}

Update the reason for adding a data source

PUT /project/{projectId}/dataSources/{dataSourceId}

Updates the reason for adding a data source to a project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

dataSourceId

integer The data source ID.

Yes

Request example

This example request with the payload below will update the reason that the data source with the data source ID 1 was added to the project with the project ID 1.

curl \
    --request PUT \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/project/1/dataSources/1

Response example

None.

Manage project comments

Method
Path
Purpose

GET

/project/{projectId}/comments

POST

/project/{projectId}/comments

GET

/project/{projectId}/comments/count

GET

/project/{projectId}/comments/{commentId}

DELETE

/project/{projectId}/comments/{commentId}

GET

/project/{projectId}comments/{parentId}/replies

POST

/project/{projectId}/comments/{commentId}/resolve

POST

/project/{projectId}/comments/{commentId}/reply

View all project comments

GET /project/{projectId}/comments

Get all of the comments for a given project.

Query Parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

dataSources

array[integer] The project-data source IDs to retrieve comments for.

No

resolved

boolean When true, returns resolved comments.

No

sortField

string Used to sort results by field. Options include lastReply, totalReplies, body, profileName and createAt. The default is createdAt.

No

sortOrder

string Sort results in ascending (asc) or descending order (desc). The default is desc.

No

Response Parameters

For each comment listed based on the request there will be

Attribute
Description

author

array Details about the author of the comment.

body

string The content of the comment.

resolved

boolean If true, the comment has been marked resolved.

id

integer The ID of the comment within the project.

createdAt

timestamp A timestamp of the date the comment was first made.

updatedAt

timestamp A timestamp of the date of the most recent edit to the comment.

models

array Details of the project that has the comment.

totalReplies

integer The number of replies to the comment.

lastReply

timestamp A timestamp of the date the last reply to the comment was made.

public

boolean If true, the comment is public.

Request example

This example request gets all of the comments for the project with the project ID 1.

curl \
    --request GET \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/1/comments

Response example

[
  {
    "author": {
      "id": 2,
      "name": "John Doe",
      "email": "john.doe@immuta.com"
    },
    "body": "This is a discussion for Blue Team",
    "resolved": false,
    "id": 2,
    "createdAt": "2021-09-1T22:47:21.553Z",
    "updatedAt": "2021-09-1T22:47:21.553Z",
    "models": [
      {
        "modelType": "project",
        "modelId": "1",
        "modelName": "demo"
      }
    ],
    "totalreplies": 0,
    "lastreply": "0001-01-01T00:00:00.000Z",
    "public": true
  },
  {
    "author": {
      "id": 2,
      "name": "John Doe",
      "email": "john.doe@immuta.com"
    },
    "body": "This is a discussion for Red Team",
    "resolved": false,
    "id": 1,
    "createdAt": "2021-09-1T22:47:02.203Z",
    "updatedAt": "2021-09-1T22:47:02.203Z",
    "models": [
      {
        "modelType": "project",
        "modelId": "1",
        "modelName": "demo"
      }
    ],
    "totalreplies": 0,
    "lastreply": "0001-01-01T00:00:00.000Z",
    "public": true
  }
]

Add a comment to a project

POST /project/{projectId}/comments

Add a comment to the project.

Query Parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

Payload Parameters

Attribute
Description
Required

body

string The body of the new comment.

Yes

dataSource

integer The data source the new comment will be attached to.

No

Response Parameters

Attribute
Description

author

integer The ID of the author of the new comment.

body

string The body of the new comment.

parentId

integer If the comment is a reply to another, this is the ID of the parent comment. This value will be null for comments that are not replies.

resolved

boolean If true, the comment has been marked resolved.

id

integer The ID of the comment within the project.

createdAt

timestamp The timestamp of the date the comment was created.

updatedAt

timestamp The timestamp of the date the comment was most recently updated.

Example request

This example request with the payload below writes a new comment for the project with the project ID 1 stating Comment made in the API.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/project/1/comments

Example request payload

{
  "body": "Comment made in the API"
}

Example response

{
  "author": 2,
  "body": "Comment made in the API",
  "parentId": null,
  "resolved": false,
  "id": 3,
  "createdAt": "2021-09-1T02:13:24.363Z",
  "updatedAt": "2021-09-1T02:13:24.363Z"
}

Count the project's comments

GET /project/{projectId}/comments/count

Count the comments for a project.

Query Parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

dataSources

integer The data source IDs; comments will be counted for the data source IDs specified here.

No

resolved

boolean If true, the comment has been resolved.

No

Response Parameters

Attribute
Description

modelId

integer The project ID.

modelType

string The type of Immuta feature. This should say project.

count

integer The total number of comments on that project.

Example request

This example counts the comments on the project with the project ID 2.

curl \
    --request GET \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/2/comments/count

Example response

{
  "modelId": "2",
  "modelType": "project",
  "count": 2
}

View a project comment by comment ID

GET /project/{projectId}/comments/{commentId}

Get a comment by ID for a given project.

Query Parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

commentId

integer The comment ID.

Yes

Response Parameters

Attribute
Description

id

integer The comment ID.

author

string The author of the comment.

resolved

boolean If true, the comment has been resolved.

body

string The content of the comment.

parentId

integer If the comment is a reply to another, this is the ID of the parent comment. This value will be null for comments that are not replies.

replies

array Details on the comment's replies.

createdAt

timestamp The date when the comment was written.

updatedAt

timestamp The date of the most recent edit to the comment.

Example request

This example gets the comment with the ID 1 on the project with the project ID 2.

curl \
    --request GET \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/2/comments/1

Example response

{
  "author": 2,
  "parentId": null,
  "resolved": false,
  "body": "This is a discussion for Red Team",
  "id": 1,
  "createdAt": "2021-09-1T22:47:02.203Z",
  "updatedAt": "2021-09-1T22:47:02.203Z"
}

View a project comment's replies by comment ID

GET /project/{projectId}/comments/{parentId}/replies

Get all of the replies for a given comment.

Query Parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

parentId

integer The parent comment ID that the replies are attached to.

Yes

Response Parameters

Attribute
Description

id

integer The reply ID.

author

array Details on the author of the reply.

resolved

boolean If true, the reply has been resolved.

body

string The content of the reply.

parentId

integer The parent comment ID that the replies are attached to.

createdAt

timestamp The date when the comment was written.

updatedAt

timestamp The date of the most recent edit to the comment.

totalReplies

integer The number of replies to that reply.

public

boolean If true, the reply is public.

Example request

This example gets the replies to the comment with the comment ID 2 on the project with the project ID 1.

curl \
    --request GET \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/1/comments/2/replies

Example response

[
  {
    "author": {
      "id": 2,
      "name": "John Doe",
      "email": "john.doe@immuta.com"
    },
    "body": "This is a reply from the Blue Team.",
    "parentId": 2,
    "resolved": false,
    "id": 4,
    "createdAt": "2021-09-1T01:00:35.104Z",
    "updatedAt": "2021-09-1T01:00:35.104Z",
    "totalreplies": 0,
    "public": true
  }
]

Delete a project comment

DELETE /project/{projectId}/comments/{commentId}

Delete a project comment. Deleting a project comment will delete the replies to that comment as well.

Query Parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

commentId

integer The comment ID.

Yes

Example request

This example deletes the comment with the comment ID 1 on the project with the project ID 1.

curl \
    --request DELETE \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/1/comments/1

Resolve a project comment

POST /project/{projectId}/comments/{commentId}/resolve

Resolve a comment for a project.

Query Parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

commentId

integer The comment ID.

Yes

Request example

This example request marks the comment with the comment ID 2 resolved in the project with the project ID 1.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/1/comments/2/resolve

Reply to a project comment

POST /project/{projectId}/comments/{parentId}/reply

Reply to a project comment.

Query Parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

parentId

integer The parent comment ID that the reply should be made to.

Yes

Payload Parameters

Attribute
Description
Required

body

string The reply comment text.

Yes

Response Parameters

Attribute
Description

id

integer The ID of the new reply that was written.

Request example

This example request with the payload below will reply to the comment with the comment ID 2 in the project with the project ID 1.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/project/1/comments/2/reply

Payload example

This example payload will reply to the comment with the text This is a reply through the API.

{
  "body": "This is a reply through the API"
}

Response example

{
  "id": 6
}

Use projects

Method
Path
Purpose

DELETE

/project/{projectId}/unsubscribe

POST

/project/current/null

POST

/project/{projectId}/members/{subscriptionId}/acknowledge

Unsubscribe from a project

DELETE /project/{projectId}/unsubscribe

Unsubscribe from a project.

Query parameters

Attribute
Description
Required

projectId

string The project ID.

Yes

Request example

This example request unsubscribes the user from the project with the project ID 5.

curl \
    --request DELETE \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/5/unsubscribe

Select the current project to act under

POST /project/current/{projectId}

Set the current project ID the current user is acting under.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

Request example

This example request sets the current project to act under as the project with the project ID 1.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/current/1

Set current project to None

POST /project/current/null

Set the project context to None.

Request example

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/current/null

Acknowledge the project restrictions

POST /project/{projectId}/members/{subscriptionId}/acknowledge

Acknowledge all the restrictions on this project.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

subscriptionId

integer The project member's subscription ID.

Yes

Payload parameters

Attribute
Description
Required

text

string

Yes

Response parameters

Attribute
Description

acknowledgeRequired

boolean When true, the requesting user has not yet agreed to the project acknowledgement.

purposes

array Details of the purpose that has been acknowledged.

Request example

This example request acknowledges all of the purposes in the project with the project ID 1.

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/project/1/members/1/acknowledge

Payload example

{}

Response example

{
  "acknowledgeRequired": false,
  "purposes": [
    {
      "id": 1,
      "name": "Re-identification Prohibited",
      "acknowledgement": "I agree to use the data associated with this project for the stated purpose of the project, and for that purpose only, as listed in the project's homepage, and to refrain from sharing that data outside of the project or Immuta. I also agree not to re-identify or take any steps to re-identify the individuals whose personal information is contained in the data sources attached to the project. In the event that these individuals have been identified or that I discover risks that I believe could lead to their identification, I agree to immediately notify the project owner or governance team and take immediate action to address and mitigate such risks. I further agree to refrain from contacting any individuals who might be identified."
    }
  ]
}

Delete project by ID

DELETE /project/{projectId}

Delete the project with the given ID.

Query parameters

Attribute
Description
Required

projectId

integer The project ID.

Yes

Response parameters

Attribute
Description

hardDelete

boolean If true, the project was permanently deleted.

Example request

This example request will delete the project with the project ID 4.

curl \
    --request DELETE \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    https://demo.immuta.com/project/4

Example response

{
  "hardDelete": true
}

Last updated

Other versions

SaaS2024.32024.2

Copyright © 2014-2024 Immuta Inc. All rights reserved.