Manage IAMs
BIM API reference guide
This page details the bim
API, which allows users to programmatically access information about users, their group memberships, and authentications. Most of the actions described here require ADMIN permissions.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
BIM workflow
Because the BIM endpoint encompasses groups, users, and authentications, there are three workflows.
Users workflow
Groups workflow
Authenticate with the API workflow
Create a new user
POST
/bim/iam/bim/user
Create a new BIM user.
Payload parameters
iamid
string
The IAM ID.
Yes
userid
string
The new user's username.
Yes
password
string
The new user's password.
No
profile
array
Information on the new user's name and email.
No
permissions
array
Information on the new user's permissions.
No
Response parameters
id
integer
The user ID.
iamid
string
The IAM ID.
userid
string
The user's username.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
authorizations
array
The user's groups and attributes.
permissions
array
The user's permissions.
profile
array
Details on the user, including name
, email
, phone
, about
, location
, organization
, position
, preferences
, externalUserIds
, scim
, systemGenerated
, id
, createdAt
, and updatedAt
values.
lastLogin
timestamp
The date the user most recently logged into Immuta.
disabled
boolean
If true
, the user is disabled.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date the user was last updated.
newUserLink
string
A link for the new user to log in and create a password.
emailFailed
boolean
If true
, the login email was unable to be sent to the user's provided email address.
emailSent
boolean
If true
, a login email was sent to the new user.
Request example
This example request with the payload below will create a new BIM user with the username charlie.doe@immuta.com
.
Payload example
Response example
Manage users
POST
/bim/iam/{iamid}/user/authenticate
DELETE
/bim/iam/{iamid}/user/{userid}/permissions/{permission}
PUT
/bim/iam/{iamid}/{modelType}/{modelId}/authorizations/{attributeName}/{attributeValue}
DELETE
/bim/iam/{iamid}/{modelType}/{modelId}/authorizations/{key}/{value}
POST
/bim/iam/bim/user/{userid}/clone
Authenticate a user from an outside IAM
GET
/bim/iam/{iamid}/user/authenticate
Authenticate a user from a 3rd-party identity provider.
Request parameters
iamid
string
The IAM ID.
Yes
Request example
This example request
Authenticate user with username and password
POST
/bim/iam/{iamid}/user/authenticate
Authenticate a user using their username and password and proxying it to the specified IAM service.
Request parameters
iamid
string
The IAM ID.
Yes
Payload parameters
username
string
The user's username for the IAM dictated in the request.
Yes
password
string
The user's password for the IAM dictated in the request.
Yes
Response parameters
authenticated
boolean
If true
, the user has been successfully authenticated.
token
string
The user's access token.
tokenExpiration
timestamp
The date the token will expire.
profileId
integer
The user ID.
Request example
This example request with the payload below will authenticate the user using the bim
IAM.
Payload example
Response example
Update a user profile
PUT
/bim/iam/{iamid}/user/{userid}/profile
Update a specified user's profile.
Request parameters
iamid
string
The IAM ID.
Yes
userId
string
The user's username.
Yes
Payload parameters
iamid
string
The IAM ID.
No
userid
string
The user's username.
No
string
The user email.
No
phone
string
The user phone number.
No
sqlUser
string
The user's SQL username.
No
about
string
Details about the user to be displayed on their profile.
No
location
string
The user's location.
No
organization
string
The user's organization.
No
position
string
The user's position.
No
externalUserIds
array
A list of the user's external usernames for hdfsUser
, databricksUser
, snowflakeUser
, prestoUser
, asaUser
, and redshiftUser
.
No
preferences
array
No
scim
array
No
Response parameters
profile
array
Details information about the user, including name
, email
, phone
, about
, location
, organization
, position
, preferences
, externalUserIds
, scim
, id
, and the date of creation.
permissions
array
A list of the user's permissions.
iamid
string
The IAM ID.
userid
string
The user's username.
authorizations
array
The user's attributes and groups.
updatedAt
timestamp
The date the user was last updated.
disabled
boolean
If true
, the user is disabled.
lastLogin
timestamp
The date the user last logged in.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
hasLogin
boolean
If true
, the user has logged into Immuta.
Request example
This example request will change the location to Boston, MA
for the user with the username jane.doe@immuta.com
.
Payload example
Response example
Remove a user's permissions
DELETE
/bim/iam/{iamid}/user/{userid}/permissions/{permission}
Remove the specified user's permission.
Request parameters
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
permission
string
The permission to remove. See Immuta permissions and personas for a list of Immuta permissions.
Yes
Response parameters
id
integer
The user's ID.
iamid
string
The IAM ID.
userid
string
The user's username.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
authorizations
array
Details on the user's groups and attributes.
permissions
array[string]
A list of the user's permissions.
profile
integer
The user's profile ID.
lastLogin
timestamp
The date the user last logged into Immuta.
disabled
boolean
If true
, the user is disabled.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date the user was last updated.
Request example
This example request will delete the permission CREATE_DATA_SOURCE_IN_PROJECT
from the user with the username john.doe@immuta.com
.
Response example
Update a user's permissions
PUT
/bim/iam/{iamid}/user/{userid}/permissions
Update the specified user's permission.
Request parameters
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
Request parameters
permissions
array[string]
A list of the user's permissions. This list is going to be a comprehensive list of all of the user's permissions. See Immuta permissions and personas for a list of Immuta permissions.
Yes
Response parameters
id
integer
The user's ID.
iamid
string
The IAM ID.
userid
string
The user's username.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
authorizations
array
Details on the user's groups and attributes.
permissions
array
A list of the user's permissions.
profile
integer
The user's profile ID.
lastLogin
timestamp
The date the user last logged into Immuta.
disabled
boolean
If true
, the user is disabled.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date the user was last updated.
Request example
This example request with the payload below will change to permissions of the user with the username charlie.doe@immuta.com
to CREATE_DATA_SOURCE_IN_PROJECT
, CREATE_PROJECT
, and CREATE_DATA_SOURCE
.
Payload example
Response example
Update a user's password
PUT
/bim/iam/{iamid}/user/{userid}/password
Update the specified user's password.
Request parameters
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
Request parameters
originalPassword
string
The user's old password.
Yes
password
string
The user's new password.
Yes
Response parameters
success
boolean
If true
, the user's password has been successfully changed to the new password.
Request example
This example request with the payload below will change the password of the user with the ID jane.doe@immuta.com
.
Payload example
Response example
Disable or enable a user
PUT
/bim/iam/{iamid}/user/{userid}/disable/{disable}
Disable / enable the specified BIM user.
Request parameters
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
disable
boolean
If true
, the user will be disabled.
Yes
Response parameters
userid
string
The user's username.
disabled
boolean
If true
, the user is disabled.
Request example
This example request will disabled the user with the username jane.doe@immuta.com
.
Response example
Sync users from an external IAM
POST
/bim/syncUsers
Sync users from an external IAM.
Payload parameters
iamid
string
The external IAM ID.
Yes
Request example
This example request will sync the users from the specified external IAM with Immuta.
Payload example
Sync LDAP users with Immuta
POST
/iam/{iamId}/sync
Sync LDAP users with Immuta.
Request parameters
iamId
string
The external IAM ID.
Yes
Payload parameters
dryRun
boolean
If true
, no updates will actually be made.
Yes
iamConfig
array
Details about the IAM configuration, including authenticationOnly
, credentials
, defaultPermissions
, displayName
, id
, ldapSync
, and options
.
No
plugin
string
The type of plugin the IAM uses, ldap
.
No
schema
array
Details about the IAM schema, including group
, profile
, authorizations
, and externalUserIds
.
No
supportedActions
string
No
type
string
The type of IAM, ldap
.
No
Response parameters
totalCount
integer
The total number of users in the external IAM that could be synced over into Immuta.
importedUsers
array
Details about the users who were successfully imported from the sync, including userId
and dn
.
refreshedUsers
array
Details about the users who were successfully refreshed from the sync, including userId
and dn
.
disabledUsers
array
Details about the users who were successfully disabled from the sync, including userId
and dn
.
enabledUsers
array
Details about the users who were successfully enabled from the sync, including userId
and dn
.
runningInBackground
boolean
If true
, the sync created a job to run in the background.
count
integer
The number of users successfully updated from the IAM.
Request example
This example request will sync the users from Jump Cloud with Immuta.
Payload example
Response example
Update a user's or group's attributes
PUT
/bim/iam/{iamid}/{modelType}/{modelId}/authorizations/{attributeName}/{attributeValue}
Update the specified user's attributes.
Request parameters
iamid
string
The IAM ID.
Yes
modelType
string
The type of model the attribute is added to. Options include group
or user
.
Yes
modelID
string
The user or group ID.
Yes
attributeName
string
The attribute name.
Yes
attributeValue
string
The attribute value.
Yes
Response parameters
id
integer
The user or group ID.
iamid
string
The IAM ID.
userid
string
The user's username.
name
string
The group name.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
authorizations
array
Details on the user's or group's and attributes.
permissions
array
A list of the user's permissions.
profile
integer
The user's profile ID.
lastLogin
timestamp
The date the user last logged into Immuta.
disabled
boolean
If true
, the user is disabled.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date the user was last updated.
Request example
This example request will add the attribute Finance.Red Team
to the user with the username jane.doe@immuta.com
.
Response example
Remove a user or group's attribute
DELETE
/bim/iam/{iamid}/{modelType}/{modelId}/authorizations/{key}/{value}
Remove an attribute from the specified group or user.
Request parameters
iamid
string
The ID for the IAM the user or group is under.
Yes
modelId
string
The user or group ID.
Yes
modelType
string
The type of model the attribute is being removed from. Options include group
or user
.
Yes
key
string
The attribute to remove.
Yes
value
string
The attribute value to remove.
No
Response parameters
id
integer
The user or group ID.
iamid
string
The IAM ID.
authorizations
array
The user or group attributes after the request has been made.
permissions
array
The user or group permissions.
profile
integer
The profile ID, if the model is a user.
systemGenerated
boolean
If true
, the user was created by Immuta.
createdAt
timestamp
The date the user or group was created.
updatedAt
timestamp
The date the user or group was last updated.
Request example
This example request will remove the attribute Country.JP
from the user with the user ID jane.doe@immuta.com
.
Response example
Clone user
Configure SMTP: SMTP must be configured to use this endpoint. Additionally, after the users are created, they will not be active until they sign in to the Immuta UI.
POST
/bim/iam/bim/user/{userid}/clone
Clones the provided user (including their permissions, groups, and attributes) to create multiple additional user accounts.
Request parameters
userId
string
The user's username.
Yes
Payload parameters
array
The list of new users' emails.
Yes
Response parameters
failedEmails
array
A list of any emails that failed to become users.
Request example
This example request will clone the user with the username jane.doe@immuta.com
.
Payload example
Response example
Review user information
Search all IAMs
GET
/bim/iam
Get a listing of configured IAM services.
Response parameters
id
string
The IAM ID.
displayName
string
The name displayed in Immuta and entered at the time of configuration.
type
string
The identity provider type.
oauth
boolean
When true
, the IAM service uses OAuth framework for authorization.
Request example
The request below will list all of the IAMs in use.
Response example
Search all users
GET
/bim/user
Administrative search over the aggregated view of all users.
Query parameters
size
integer
The maximum number of records to return. The default is 25
.
No
name
string
A partial name to match against user names.
No
userid
string
A partial ID to match against user IDs.
No
string
A partial email address to match against user email addresses.
No
iamid
string[]
Optionally provide the IAM to filter the users.
No
profileIds
string[]
Filters results to return users with the specified profile IDs.
No
excludeSystemGenerated
boolean
If true
, the results will exclude accounts automatically created for handlers that periodically crawl and ingest.
No
excludeAdminAndGovernor
boolean
If true
, Admin and Governor accounts will be excluded.
No
excludeDeletediams
boolean
If true
, the results will exclude users for any IAMs that are no longer configured.
No
excludebim
boolean
If true
, users from the Immuta internal identity manager will be excluded.
No
includeDisabled
boolean
If true
, the results will include disabled users.
No
offset
integer
Offset to start returning values.
No
sortField
string
The field to sort results on. The default is user name. Possible values: name
, createdAt
, iamid
, email
.
No
sortOrder
string
The order that the results will be sorted in. The default is asc
. Possible values: asc
, desc
.
No
permission
string
A permission to filter the users by.
No
Response parameters
count
integer
Total number of results. May be greater than the length of hits if additional results exist. Use size
and offset
to page additional results.
hits
metadata
Details for each result, including id
, iamid
, userid
, bimAuthorizations
, iamAuthorizations
, authorizations
, projectId
, permissions
, groupPermissions
, profile
, authentication
, systemGenerated
, lastLogin
, lastExternalRefresh
, disabled
, hasLogin
, groups
, createdAt
, updatedAt
, and schema
values. The following details are excluded from the response if the requesting user does not have the USER_ADMIN
Immuta permission: bimAuthorizations
, iamAuthorizations
, and authorizations
.
id
integer
The user ID.
iamid
string
The ID of the IAM the user is connected to.
userid
string
The user's username.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile. This attribute is excluded from the response if the requesting user does not have the USER_ADMIN
Immuta permission.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile. This attribute is excluded from the response if the requesting user does not have the USER_ADMIN
Immuta permission.
authorizations
metadata
Details on the user's attributes. This attribute is excluded from the response if the requesting user does not have the USER_ADMIN
Immuta permission.
projectId
integer
The project ID for the user's current project.
permissions
string
A list of the user's permissions.
profile
metadata
Details on the user, including name
, email
, phone
, about
, location
, organization
, position
, preferences
, externalUserIds
, scim
, systemGenerated
, id
, createdAt
, and updatedAt
values.
lastLogin
timestamp
The date of the user's last Immuta login.
disabled
boolean
If true
, the user has been disabled.
hasLogin
boolean
If true
, the user has logged into Immuta.
groups
metadata
Information on the user's groups.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date of the last time the user's information was updated.
Request example
The request below will search all of the users in Immuta.
Response example
View current user's information
GET
/bim/rpc/user/current
Get the currently logged in user's information.
Response parameters
id
integer
The user ID.
iamid
string
The ID of the IAM the user is connected to.
userid
string
The user's username.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
authorizations
metadata
Details on the user's attributes.
projectId
integer
The project ID for the user's current project.
permissions
string
A list of the user's permissions.
profile
metadata
Details on the user, including name
, email
, phone
, about
, location
, organization
, position
, preferences
, externalUserIds
, scim
, systemGenerated
, id
, createdAt
, and updatedAt
values.
lastLogin
timestamp
The date of the user's last Immuta login.
disabled
boolean
If true
, the user has been disabled.
hasLogin
boolean
If true
, the user has logged into Immuta.
groups
metadata
Information on the user's groups.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date of the last time the user's information was updated.
Request example
This request will return information on the user that is logged in.
Response example
View a user's information
GET
/bim/iam/{iamid}/user/{id}
Gets the specified user's aggregated view.
Request parameters
iamid
string
The IAM ID.
Yes
id
integer
The user ID.
Yes
params
query
No
Response parameters
profile
array
Details about the user, including name
, email
, phone
, about
, location
, organization
, position
, preferences
, externalUserIds
, scim
, id
, and the date of creation.
preferences
array
Information about the user's tabDataSourceState
, tabProjectState
, sortDataSourceState
, and currentProject
.
permissions
array
A list of the user's permissions.
iamid
string
The IAM ID.
userid
string
The user's username.
authorizations
array
The user's attributes and groups.
updatedAt
timestamp
The date the user was last updated.
systemGenerated
boolean
disabled
boolean
If true
, the user is disabled.
lastLogin
timestamp
The date the user last logged in.
lastExternalRefresh
timestamp
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
hasLogin
boolean
If true
, the user has logged into Immuta.
Request example
This example request will return information about the user with the ID 2
.
Response example
View a user profile
GET
/bim/iam/{iamid}/user/{userid}/profile
Gets the specified user's profile.
Request parameters
iamid
string
The IAM ID.
Yes
id
integer
The user ID.
Yes
Response parameters
name
string
The user's name.
string
The user's email.
phone
string
The user's phone number.
about
string
Details about the user.
location
string
The user's location.
organization
string
The user's organization.
position
string
The user's position.
externalUserIds
array
A list of user IDs for technologies outside of Immuta, if specified as different from the Immuta user ID.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date the profile was last updated.
preferences
array
Information on the user's preferences including values for sortProjectState
and currentProject
.
Request example
This example request will return the profile of the user with the ID 2
.
Response example
View a user's groups
GET
/bim/iam/{iamid}/user/{userid}/groups
Get the specified user's list of groups.
Request parameters
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
Response parameters
id
integer
The group ID.
name
string
The group name.
iamid
string
The IAM ID.
groupUser
integer
The user's ID within the group.
Request example
This example request will return information on the groups of the user with the username john.doe@immuta.com
.
Response example
Delete a user
DELETE
/bim/iam/bim/user/{userid}
Delete the specified user in Immuta.
Request parameters
userid
string
The user's username.
Yes
Response parameters
userid
string
The user's username.
iamid
string
The IAM ID.
Request example
This example request will delete the user with the username charlie.doe@immuta.com
.
Response example
Create a new group
POST
/bim/group
Create a new group.
Payload parameters
iamid
string
The IAM ID.
Yes
name
string
The new group name.
Yes
string
The new group's email.
No
description
string
The new group's description.
No
Response parameters
id
integer
The group ID.
iamid
string
The IAM ID.
name
string
The group name.
string
The group email.
authorizations
array
The group's attributes.
description
The group description.
createdAt
timestamp
The date the group was created.
updatedAt
timestamp
The date the group was last updated.
Request example
This request with the payload below will create a group through the bim
IAM with the name API Group
.
Payload example
Response example
Manage groups
Update a group
PUT
/bim/group/{groupId}
Update the specified group.
Request parameters
groupId
integer
The group ID.
Yes
Payload parameters
name
string
The group's new name.
No
string
The group's new email.
No
description
string
The group's new description.
No
Response parameters
id
integer
The group ID.
iamid
string
The IAM ID.
name
string
The group name.
string
The group email.
authorizations
string
The group attributes.
description
string
The group description.
createdAt
timestamp
The date the group was created.
updatedAt
timestamp
The date the group was last updated.
Request example
This request with the payload below will update the group with the ID 2
with the name API Group #2
and with a new description.
Payload example
Response example
Remove a user from a group
DELETE
/bim/group/{groupId}/user/{groupuserid}
Remove a user from a group.
Request parameters
groupId
integer
The group ID.
Yes
groupuserid
integer
The user's group ID.
Yes
Request example
Add a user to a group
POST
/bim/group/{groupId}/user
Add a new user to a group.
Request parameters
groupId
integer
The group ID.
Yes
Payload parameters
userid
string
The new user's ID.
Yes
iamid
string
The new user's IAM.
Yes
Response parameters
id
integer
The user's group ID.
group
integer
The group ID.
profile
integer
The user ID.
createdAt
timestamp
The date the user was added to the group.
updatedAt
timestamp
The date the user was last updated within the group.
Request example
This request with the payload below adds the user with the ID tom.jones@immuta.com
to the group with the ID 2
.
Payload example
Response example
Update a group's attributes
PUT
/bim/iam/{iamid}/group/{groupid}/authorizations/{attributeName}/{attributeValue}
Update the specified group's attributes.
Request parameters
iamid
string
The IAM ID.
Yes
groupId
integer
The group ID.
Yes
attributeName
string
The attribute name.
Yes
attributeValue
string
The attribute value.
Yes
Response parameters
id
integer
The group ID.
iamid
string
The IAM ID.
name
string
The group name.
string
The group email.
authorizations
string
The group attributes.
description
string
The group description.
createdAt
timestamp
The date the group was created.
updatedAt
timestamp
The date the group was last updated.
Request example
This example request will add the attribute Finance.Red Team
to the group with the ID 2
.
Response example
Search groups
Search all groups from all IAMs
GET
/bim/group
Get the list of groups from all configured IAMs.
Query parameters
name
string
A partial name to match against group names.
No
ids
string[]
Filters results to return groups with specified IDs.
No
userid
integer
The user ID. This will return the groups that the user is a member of.
No
iamid
array[string]
Optionally provide IAMs to filter the groups returned.
No
size
integer
The maximum number of records to return. The default is 25
.
No
offset
integer
Offset to start returning values.
No
sortField
string
The field to sort results on. Possible values: name
, createdAt
, iamid
. Default is name
.
No
sortOrder
string
The order that the results will be sorted in. Possible values: asc
, desc
. The default is asc
.
No
nameOnly
boolean
If true
, results will only return distinct group names.
No
Response parameters
count
integer
Total number of results. May be greater than the length of hits if additional results exist. Use size
and offset
to page additional results.
hits
metadata
Details on each result, including id
, iamid
, name
, gid
, email
, authorizations
, description
, scim
, scimid
, createdAt
, and updatedAt
values.
id
integer
The group ID.
iamid
string
The IAM ID.
name
string
The name of the group.
string
The group email.
authorizations
metadata
Details on the group's attributes.
descriptions
string
Details attached to the group.
createdAt
timestamp
The date the group was created.
updatedAt
timestamp
The date the group was last updated.
Request example
This request will return all of the groups in Immuta.
Response example
Search a specific group
GET
/bim/group/{groupid}
Get the specified group.
Query parameters
groupId
integer
The ID of the group.
Yes
Response parameters
id
integer
The group's ID.
iamid
string
The IAM ID.
name
string
The group's name.
string
The group's email.
authorizations
metadata
Details on the group's attributes.
descriptions
string
The group's description.
createdAt
timestamp
The date the group was created.
updatedAt
timestamp
The date the group was last updated.
Request example
This request will search for the group with the ID 2
.
Response example
Search a group's users
GET
/bim/group/{groupid}/user
Get group users.
Query parameters
groupId
integer
The ID of the group.
Yes
offset
integer
Offset to start returning values.
No
size
integer
The maximum number of records to return. The default is 25
.
No
sortOrder
string
The order that the results will be sorted in. Possible values: asc
, desc
. The default is asc
.
No
Response parameters
count
integer
Total number of results. May be greater than the length of hits if additional results exist. Use size
and offset
to page additional results.
hits
metadata
Details for each result, including id
, group
, profile
, uid
, iamid
, userid
, disabled
, scim
, scimid
, createdAt
, and updatedAt
values.
id
integer
The group ID.
iamid
string
The ID of the IAM the user is connected to.
userid
string
The user's username.
profile
metadata
Details on the user, including iamid
, userid
, name
, email
, phone
, about
, location
, organization
, position
, preferences
, externalUserIds
, scim
, systemGenerated
, id
, createdAt
, and updatedAt
values.
disabled
boolean
If true
, the user has been disabled.
group
integer
The group ID.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date of the last time the user's information was updated.
Request example
This request will return information on the users in the group with the ID 2
.
Response example
Delete a group
DELETE
/bim/group/{groupId}
Delete the specified group.
Query parameters
groupId
integer
The group ID.
Yes
Request example
This request will delete the group with the ID 3
.
Authenticate a user and create a project API key
POST
/bim/apikey
Authenticate the user and create a project API key.
Payload parameters
projectId
integer
The project ID.
No
name
string
The name to associate with the API key.
No
The payload must have one or both of the two attributes above.
Response parameters
apikey
string
The new API key.
keyid
integer
The new API key's ID.
project
integer
The project ID.
name
string
The name of the API key.
Request example
This example request with the payload below will authenticate the user Jane Doe
in the project with the ID 1
and create a new API key for her.
Payload example
Response example
Authenticate with an API key
Authenticate a user with an API key
POST
/bim/apikey/authenticate
Authenticate with the Immuta API using an API key.
Payload parameters
apikey
string
The API key.
Response parameters
authenticated
boolean
If true
, the user has been successfully authenticated.
token
string
The user's access token.
Request example
This example request will authenticate the user with the Immuta API.
Payload example
Response example
Impersonate a user with an API key
POST
/bim/apikey/impersonate
Impersonate another user using an API key.
Payload parameters
apikey
string
The API key of the account with the user impersonation permission.
userid
string
The username of the impersonated user.
iamid
string
The IAM ID of the impersonated user.
projectId
integer
The project ID of the impersonated user.
Response parameters
authenticated
boolean
If true
, the user has been successfully authenticated.
token
string
The user's access token.
Request example
This example request will allow the requesting user to impersonate the user specified in example-payload.json
.
Payload example
Response example
View tokens and API keys
View token information
POST
/bim/token
Get information for a given token, should it exist.
Payload parameters
token
string
The access token.
Response parameters
id
integer
The access token ID.
type
string
The token type: bearer
.
iamid
string
The IAM ID.
userid
string
The user's username.
project
integer
If the token was generated using a project API key, this is the project ID.
token
string
The access token.
created
timestamp
The date the token was created.
lastUsed
timestamp
The date the token was last used.
expiration
timestamp
The date the token will expire.
name
string
The token name.
createdAt
timestamp
The date the token was created.
updatedAt
timestamp
The date the token was last updated.
scopes
string
The scope of the token, such as impersonation
.
impersonationuserid
string
The user ID of the impersonating user.
impersonationiamid
string
The IAM ID of the impersonating user.
Request example
This example request will return information on the access token in the payload.
Payload example
Response example
View a user's API keys
GET
/bim/iam/{iamid}/user/{userid}/apikeys
Get metadata for all of the user's API keys.
Request parameters
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
Response parameters
keyid
integer
The API key ID.
created
timestamp
The date the API key was created.
project
array
Information on the project attached to the API key, including values for name
, status
, description
, documentation
, deleted
, allowMaskedJoins
, subscriptionType
, subscriptionPolicy
, equalization
, snowflake
, salt
, type
, schema
, id
, createdAt
, updatedAt
, workspace
, createdBy
, updatedBy
, and schemaEvolutionId
.
lastUsed
timestamp
The date the API key was last used.
name
string
The API key name.
Request example
This example request will return information on the API keys of the user with the username john.doe@immuta.com
.
Response example
Delete an API key
DELETE
/bim/apikey/{keyid}
Delete an API key, all auth tokens issued using that API key, and generate a new API key.
Request parameters
keyid
integer
The API key ID.
Yes
Response parameters
revokedTokens
integer
The number of tokens revoked.
Request example
This example request will delete the API key with the ID 323
, revoke all the auth tokens issued using that API key, and generate a new API key.
Response example
Last updated