Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This section of API documentation is specific to configuring elements of your instance, such as users, tags, licenses, integrations, and webhooks.
Activities and notifications: View your activity notifications.
Fingerprint service status: Check the status of the Fingerprint service.
IAMs: Manage users and their permissions, groups, and attributes.
Licenses: Manage and view licenses in Immuta.
Sensitive data discovery: Configure custom sensitive data discovery identifiers and tags.
Tags: Create and search for tags.
Webhooks: Create webhooks that are triggered by events that happen in the system.
Jobs API reference guide
This page describes the jobs
endpoint.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
POST
/jobs/statuses
Get the status and output of the provided jobs.
The following request checks the status of the job specified in the payload.
Fingerprint API reference guide
This page illustrates how to check the status of the Fingerprint service using the fingerprint
endpoint.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
GET
/fingerprint/status
Get the status of the Fingerprint service.
The following request gets the status of the Fingerprint service.
Frameworks API reference guide
GET
/frameworks
Get all the frameworks in Immuta.
POST
/frameworks
DELETE
/frameworks/{frameworkId}
Deletes the framework you specify in the request.
The response returns a 204
response code if the request was successful.
GET
/frameworks/{frameworkId}
Gets the framework you specify in the request.
PUT
/frameworks/{frameworkId}
Update a framework. This example updates a framework to be inactive.
POST
/frameworks/{frameworkId}/clone
Clone a framework from an existing framework.
GET
/frameworks/{frameworkId}/versions
Gets every version of the framework you specify in the request.
The framework payload is used when creating or updating a framework. See the parameters below.
The tags object specifies the tags created for and used in the framework. It includes metadata for the tags, like sensitivity and descriptions. The table below outlines its child parameters.
The rules object specifies the rules used in the framework. The table below outlines its child parameters.
The framework reference is the response for many /frameworks
requests. See the parameters described below.
Attribute | Description | Required |
---|---|---|
Attribute | Description |
---|---|
Attribute | Description |
---|---|
The frameworks resource allows you to create and manage classification frameworks. System-created frameworks cannot be edited, so to make any adjustments.
Method | Endpoint | Description |
---|
The response returns all the frameworks in Immuta. See the for details about the response schema.
Create a new framework. This example creates a framework that will tag all columns in a data source with the tag "HR Framework . Internal Employee Data" when a single column within the data source has the tag "Employee Name". Then can be built to only allow HR to access this sensitive employee data.
The request accepts a JSON or YAML payload. See the for parameter details.
The response returns the framework that was created. See the for details about the response schema.
Parameter | Description | Required or optional |
---|
Parameter | Description | Required or optional |
---|
The response returns the framework specified in the request. See the for details about the response schema.
Parameter | Description | Required or optional |
---|
The request accepts a JSON or YAML payload. See the for parameter options; partial updates are supported.
The response returns the framework that was updated. See the for details about the response schema.
Parameter | Description | Required or optional |
---|
The response returns the framework that was created as a clone. See the for details about the response schema.
Parameter | Description | Required or optional |
---|
The response returns a copy of every version of the framework specified in the request. See the for details about the response schema.
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description |
---|
jobIds
string
List of job IDs.
Yes
wait
integer
Number of seconds to wait before returning if all jobs have not yet completed. Use -1
to wait indefinitely. The default is 0
.
No
pollInterval
integer
Number of seconds to wait between subsequent polls. Ignored if not using wait
. The default is 1
. The minimum is 1
.
No
id
string
The job's globally unique identifier.
state
array[string]
The job state: active
, cancelled
, completed
, created
, expired
, failed
, or retry
.
output
string
The output of the job, if it exists.
healthy
boolean
If true
, the fingerprint status is healthy.
id | The unique identifier of the framework. | Required |
id | The unique identifier of the framework. | Required |
id | The unique identifier of the framework. | Required |
id | The unique identifier of the framework. | Required |
id | The unique identifier of the framework. | Required |
name | The fully rendered name of the tag, including any parent tags. | Required | - | - |
source | The catalog the tag is from. | Required | - |
|
description | A description of the classification tag. | Required | - | - |
sensitivities | The sensitivity assigned to the tag. This sensitivity can drive the Detect dashboards and monitors. | Optional |
| - |
sensitivities.dimension | The type of sensitivity assigned to the tag. | Required if adding sensitivities | - |
|
sensitivities.sensitivity | The sensitivity assigned to the tag. | Required if adding sensitivities | - |
|
name | The short, humna-readable name for the rule. | Required | - | - |
classificationTag | The tag to apply to the data source based on the criteria. | Required | - | - |
classificationTag.name | The name of the tag to apply. | Required | - | - |
classificationTag.source | The catalog the tag is from. | Required | - |
|
columnTags | The criteria for applying tags. Tags will be applied to a column when these tags are found on the same column. | Optional |
| - |
columnTags.name | The name of the column tag. When matched, the classification tag will be applied to the same column. | Required if using columnTags criteria | - | - |
columnTags.source | The catalog the column tag is from. | Required if using columnTags criteria | - |
|
neighborColumnTags | The criteria for applying tags. Tags will be applied to all columns within a data source if this tag is found already applied to any column within the data source. | Optional |
| - |
neighborColumnTags.name | The name of the neighboring column tag. When matched, the classification tag will be applied to all columns within that data source. | Required if using neighborColumnTags criteria | - | - |
neighborColumnTags.source | The catalog the neighboring column tag is from. | Required if using neighborColumnTags criteria | - |
|
tableTags | The criteria for applying tags. Tags will be applied to all columns in a data source when this tag is found applied to the data source. | Optional |
| - |
tableTags.name | The name of the data source tag. When matched, the classification tag will be applied to all columns within that data source. | Required if using tableTags criteria | - | - |
tableTags.source | The catalog the data source tag is from. | Required if using tableTags criteria | - |
|
GET | Gets all the frameworks |
POST | Creates a new framework |
DELETE | Deletes a framework |
GET | Gets the framework with the given framework ID |
PUT | Updates a framework |
POST | Clones a framework |
GET | Gets all versions of the framework with the given framework ID |
shortName | The short, human-readable name for the framework. | Required | - | - |
name | The official, human-readable name for the framework. | Required | - | - |
description | A description of the framework. | Required | - | - |
tags | Required | - | - |
rules | Required | - | - |
active | When | Required | - |
|
id | The Immuta-assigned unique ID for the framework. |
version | The Immuta-assigned unique ID for the version of this framework. This can be useful when auditing the changes to frameworks. |
shortName | The short, human-readable name for the framework. |
name | The official, human-readable name for the framework. |
description | A description of the framework. |
createdBy | The unique ID of the user who created the framework. |
createdAt | A timestamp of when the framework was created. |
tags |
rules |
active | If |
Activity API reference guide
This page describes the activity
endpoint of the Immuta API, which allows you to view your activity notifications.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
GET
/activity
View your activity notification feed.
This example request gets 5 activities for the current user and sorts them in descending order.
GET
/activity/hasUnread
Determine whether you have unread activity notifications.
This request determines whether or not the requesting user has unread activities.
Admin API reference guide
This page outlines the admin
endpoint, which allows you to manage and review licenses in Immuta.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
POST
/admin/license
Add a license key to the Immuta tenant to increase the number of seats or enable features.
This example request adds a license key (saved in the example-payload.json
file) to the Immuta tenant.
GET
/admin/license
Get a list of all license keys.
This example request gets the license key for the https://www.organization.immuta.com
Immuta tenant.
GET
/admin/license/licenseStatus
Get the status of a license key's features and seat capacity.
This example request gets the number of seats and active users for the license key associated with the https://www.organization.immuta.com
Immuta tenant.
GET
/admin/license/usage
Get the license usage summary. This endpoint returns a summary of the number of active and inactive users and a list of users.
This request gets the license usage for 5 users in the https://www.organization.immuta.com
Immuta tenant.
DELETE
/admin/license/{licenseId}
Delete the specified license key.
This example request deletes the license key with the ID 1
.
BIM API reference guide
This page details the bim
API, which allows users to programmatically access information about users, their group memberships, and authentications. Most of the actions described here require ADMIN permissions.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
Because the BIM endpoint encompasses groups, users, and authentications, there are three workflows.
POST
/bim/iam/bim/user
Create a new BIM user.
This example request with the payload below will create a new BIM user with the username charlie.doe@immuta.com
.
GET
/bim/iam/{iamid}/user/authenticate
Authenticate a user from a 3rd-party identity provider.
This example request
POST
/bim/iam/{iamid}/user/authenticate
Authenticate a user using their username and password and proxying it to the specified IAM service.
This example request with the payload below will authenticate the user using the bim
IAM.
Payload example
PUT
/bim/iam/{iamid}/user/{userid}/profile
Update a specified user's profile.
This example request will change the location to Boston, MA
for the user with the username jane.doe@immuta.com
.
Payload example
DELETE
/bim/iam/{iamid}/user/{userid}/permissions/{permission}
Remove the specified user's permission.
This example request will delete the permission CREATE_DATA_SOURCE_IN_PROJECT
from the user with the username john.doe@immuta.com
.
PUT
/bim/iam/{iamid}/user/{userid}/permissions
Update the specified user's permission.
This example request with the payload below will change to permissions of the user with the username charlie.doe@immuta.com
to CREATE_DATA_SOURCE_IN_PROJECT
, CREATE_PROJECT
, and CREATE_DATA_SOURCE
.
Payload example
PUT
/bim/iam/{iamid}/user/{userid}/password
Update the specified user's password.
This example request with the payload below will change the password of the user with the ID jane.doe@immuta.com
.
Payload example
PUT
/bim/iam/{iamid}/user/{userid}/disable/{disable}
Disable / enable the specified BIM user.
This example request will disabled the user with the username jane.doe@immuta.com
.
POST
/bim/syncUsers
Sync users from an external IAM.
This example request will sync the users from the specified external IAM with Immuta.
Payload example
POST
/iam/{iamId}/sync
Sync LDAP users with Immuta.
This example request will sync the users from Jump Cloud with Immuta.
Payload example
PUT
/bim/iam/{iamid}/{modelType}/{modelId}/authorizations/{attributeName}/{attributeValue}
Update the specified user's attributes.
This example request will add the attribute Finance.Red Team
to the user with the username jane.doe@immuta.com
.
DELETE
/bim/iam/{iamid}/{modelType}/{modelId}/authorizations/{key}/{value}
Remove an attribute from the specified group or user.
This example request will remove the attribute Country.JP
from the user with the user ID jane.doe@immuta.com
.
Configure SMTP: SMTP must be configured to use this endpoint. Additionally, after the users are created, they will not be active until they sign in to the Immuta UI.
POST
/bim/iam/bim/user/{userid}/clone
Clones the provided user (including their permissions, groups, and attributes) to create multiple additional user accounts.
This example request will clone the user with the username jane.doe@immuta.com
.
GET
/bim/iam
Get a listing of configured IAM services.
The request below will list all of the IAMs in use.
GET
/bim/user
Administrative search over the aggregated view of all users.
The request below will search all of the users in Immuta.
GET
/bim/rpc/user/current
Get the currently logged in user's information.
This request will return information on the user that is logged in.
GET
/bim/iam/{iamid}/user/{id}
Gets the specified user's aggregated view.
This example request will return information about the user with the ID 2
.
GET
/bim/iam/{iamid}/user/{userid}/profile
Gets the specified user's profile.
This example request will return the profile of the user with the ID 2
.
GET
/bim/iam/{iamid}/user/{userid}/groups
Get the specified user's list of groups.
This example request will return information on the groups of the user with the username john.doe@immuta.com
.
DELETE
/bim/iam/bim/user/{userid}
Delete the specified user in Immuta.
This example request will delete the user with the username charlie.doe@immuta.com
.
POST
/bim/group
Create a new group.
This request with the payload below will create a group through the bim
IAM with the name API Group
.
PUT
/bim/group/{groupId}
Update the specified group.
This request with the payload below will update the group with the ID 2
with the name API Group #2
and with a new description.
Payload example
DELETE
/bim/group/{groupId}/user/{groupuserid}
Remove a user from a group.
POST
/bim/group/{groupId}/user
Add a new user to a group.
This request with the payload below adds the user with the ID tom.jones@immuta.com
to the group with the ID 2
.
Payload example
PUT
/bim/iam/{iamid}/group/{groupid}/authorizations/{attributeName}/{attributeValue}
Update the specified group's attributes.
This example request will add the attribute Finance.Red Team
to the group with the ID 2
.
GET
/bim/group
Get the list of groups from all configured IAMs.
This request will return all of the groups in Immuta.
GET
/bim/group/{groupid}
Get the specified group.
This request will search for the group with the ID 2
.
GET
/bim/group/{groupid}/user
Get group users.
This request will return information on the users in the group with the ID 2
.
DELETE
/bim/group/{groupId}
Delete the specified group.
This request will delete the group with the ID 3
.
POST
/bim/apikey
Authenticate the user and create a project API key.
The payload must have one or both of the two attributes above.
This example request with the payload below will authenticate the user Jane Doe
in the project with the ID 1
and create a new API key for her.
POST
/bim/apikey/authenticate
Authenticate with the Immuta API using an API key.
This example request will authenticate the user with the Immuta API.
Payload example
POST
/bim/apikey/impersonate
Impersonate another user using an API key.
This example request will allow the requesting user to impersonate the user specified in example-payload.json
.
Payload example
POST
/bim/token
Get information for a given token, should it exist.
This example request will return information on the access token in the payload.
Payload example
GET
/bim/iam/{iamid}/user/{userid}/apikeys
Get metadata for all of the user's API keys.
This example request will return information on the API keys of the user with the username john.doe@immuta.com
.
DELETE
/bim/apikey/{keyid}
Delete an API key, all auth tokens issued using that API key, and generate a new API key.
This example request will delete the API key with the ID 323
, revoke all the auth tokens issued using that API key, and generate a new API key.
Tag API reference guide
This page describes the tag
endpoint. When implemented, this standard REST interface can tag new data sources automatically.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
POST
/tag
Create a new tag.
The following request creates a new tag.
GET
/tag
Search across all tags.
The following request searches all tags.
POST
/tag/refresh
Refresh external tags.
The following request refreshes external tags.
POST
/tag/{modelType}/{modelId}
Add tags to a particular model. No tags will be processed if any invalid tags are found in the payload.
No tags will be processed if any invalid tags are found in the payload.
Request example
The following request adds tags to the data source with the data source ID 22
.
Request payload example
Response example
Request example
The following request adds tags to the project with the project ID 2
.
Request payload example
Response example
Request example
The following request adds tags to the countrycode
column of the data source with the data source ID 6
.
Request payload example
Response example
DELETE
/tag/{tag}
Delete a tag.
The following request deletes a tag.
DELETE
/tag/{modelType}/{modelId}/{tag}
Delete tags from a particular model.
The following request deletes a tag.
Webhooks API reference guide
Webhooks notify users or other systems when actions happen in Immuta. Every action that generates a notification is available as a webhook.
This page lists the REST endpoints for managing webhooks and provides examples of requests.
Application Admins can configure webhooks that are triggered by events that happen in the system (such as when data sources or projects are created), but any user can configure webhooks that are triggered by access requests and activity notifications.
POST
/webhooks
Create a new webhook. Users can create multiple webhooks in a single request.
The following request with the payload below creates a new webhook.
GET
/webhooks
Return a list of webhooks the user can see. (Admins can see all webhooks; users can only see their own webhooks.)
The following request returns a list of webhooks the user can see.
GET
/webhooks/actions
Return a list of valid notification actions that a webhook can be triggered by. |
The following request returns a list of valid notification actions that a webhook can be triggered by.
GET
/webhooks/history
Return historical records for webhook requests, including requests and responses.
The following request returns historical records for webhook requests, including requests and responses.
GET
/webhooks/{id}
Return specified webhook by ID.
The following request returns details on the webhook with the ID 1
.
POST
/webhooks/history/retry/{id}
Retry webhook requests by history ID. This can be done against any history record, regardless of failure or success.
The following request retries the webhook with the ID 1
.
DELETE
/webhooks/{id}
Delete a webhook by ID.
The following request deletes the webhook with the ID 1
.
The webhook request took longer than Immuta allows for a response. The default time limit is 10 seconds. To change this limit, reach out to your Immuta representative.
Sensitive data discovery (SDD) API reference guide
POST
/sdd/classifier
Create an identifier.
The following request creates an identifier, saved in example-payload.json
.
POST
/sdd/template
Create an identification framework.
The following request creates an identification framework that contains 2 identifiers, saved in example-payload.json
.
GET
/sdd/classifier
List or search identifiers.
The following request lists 5 identifiers.
GET
/sdd/template
List or search identification frameworks.
The following request lists all identification frameworks.
GET
/sdd/classifier/{classifierName}
Get an identifier by name.
This request gets the identifier named MY_REGEX_IDENTIFIER
.
GET
/sdd/template/{templateName}
Get an identification framework by name.
This request gets the identification framework named MY_FIRST_FRAMEWORK
.
GET
/sdd/template/global
View the current global framework.
This request gets the current global framework information.
PUT
/sdd/template/apply
Apply an identification framework to a set of data sources.
This request applies the MY_FIRST_FRAMEWORK
framework to the Public Case
data source.
POST
/sdd/run
Run SDD on specified data sources.
This request runs SDD on the data source Public Case
.
This request runs SDD on all your data sources.
This request runs SDD on the Medical Claims data source with the PII_REVISION
framework, but will not tag any columns if matches are found.
PUT
/sdd/classifier/{classifierName}
Update an identifier. Partial updates are not supported.
The following request updates the name and description of the MY_REGEX_IDENTIFIER
identifier.
Payload example
POST
/sdd/template/{templateName}/clone
Clone an identification framework.
This request clones the MY_FIRST_FRAMEWORK
identification framework.
Payload example
PUT
/sdd/template/{templateName}
Update an identification framework.
The following request updates the name of, description of, and identifiers in the MY_FIRST_FRAMEWORK
identification framework.
Payload example
DELETE
/sdd/classifier/{classifierName}
Delete an identifier.
The following request deletes the REGULAR_EXPRESSION
identifier.
DELETE
/sdd/template/{templateName}
Delete an identification framework.
The following request deletes the HEALTH_DATA
identification framework.
The tags used in the framework and the sensitivity attached to them. Each tag used must have a tags object. See the tags for child parameters.
The rules used to apply the tags in the framework. See the rules for child parameters.
The tags used in the framework and the sensitivity attached to them. See the tags for child parameters.
The rules used to apply the tags in the framework. See the rules for child parameters.
Method | Path | Purpose |
---|---|---|
Attribute | Description | Required |
---|---|---|
Attribute | Description |
---|---|
Attribute | Description |
---|---|
Parameter | Description | Required |
---|---|---|
Attribute | Description |
---|---|
Method | Path | Purpose |
---|---|---|
Attribute | Description |
---|---|
Attribute | Description |
---|---|
Parameter | Description | Required |
---|---|---|
Attribute | Description |
---|---|
Parameter | Description | Required |
---|---|---|
Attribute | Description |
---|---|
.
.
.
.
.
.
.
.
.
.
.
.
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description |
---|
Attribute | Description |
---|
Attribute | Description |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
.
.
.
.
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Endpoint | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Endpoint | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
All user-configured webhook integrations must respond within 10 seconds of receiving the webhook request payload. If the webhook integration takes longer to respond, the .
.
Type | Triggers |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Endpoint | Purpose |
---|
Attribute | Description |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
statusCode | code | Issue |
---|
.
.
.
.
.
.
.
To run this identifier against your data, ensure it is
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
GET
/activity
GET
/activity/hasUnread
excludeMine
boolean
If true
, excludes activities that were initiated by the calling user.
No
nonRequestActivity
boolean
If true, excludes data source access requests from the returned activities.
No
new
boolean
If true
, excludes activities that are marked as 'read'.
No
offset
integer
Used in combination with size
to fetch pages.
No
size
integer
The number of records to return in this query.
No
modelType
string
The type of object to get activity for (i.e., data source, script, etc.).
No
modelId
string
The ID for the model (i.e., the data source ID).
No
sortField
string
The field to use for sorting.
No
sortOrder
string
The sort order to use. The default is desc
.
No
searchText
string
If set, will use text to search through notification types and return all matched types.
No
notificationType
string
If set, will only return activities of this type.
No
permission
string
If set, will only return activities from users with a given permission if current user has it as well.
No
count
integer
The total number of results available.
unread
integer
The number of unread activities.
activities
metadata
The information about the individual activities.
unread
boolean
If true
, the user has unread activities.
licenseKey
string
The license key, as a payload.
Yes
licenseKey
string
The license key.
id
integer
The ID of the license.
uuid
string
The unique universal identifier.
features
array
The features included in the license.
handlers
array
The data handlers included in the license.
expires
timestamp
The date the license expires.
seats
integer
The number of user seats available.
createdAt
timestamp
The date the license key was generated.
notice
string
This notice appears on the login page.
noticeOnExpire
string
This notice appears on the login page after the license expires.
GET
/admin/license
GET
/admin/license/licenseStatus
id
integer
The ID of the license.
uuid
string
The unique universal identifier.
features
array
The features included in the license.
handlers
array
The data handlers included in the license.
expires
timestamp
The date the license expires.
seats
integer
The number of user seats available.
createdAt
timestamp
The date the license key was generated.
notice
string
This notice appears on the login page.
noticeOnExpire
string
This notice appears on the login page after the license expires.
activeUserCount
integer
The number of active users in the Immuta tenant.
licenseSeats
integer
The total number of seats available in the license.
canAddUser
boolean
When true
, the administrator can add user accounts to the Immuta tenant.
hardSeats
integer
The number of licensed seats available.
offset
integer
The start index of the records to return. You can combine the offset
and size
parameters to return a specific set of user records. For example, to return the second and third user records in the response, you would set offset=1
and size=2
. The default start index is 0
.
No
size
integer
The number of user records to return. The default size is 10
.
No
users
array[]
An array of user records.
users.userType
string
The type of user. Value can be dataConsumer
or policyOwner
.
users.name
string
The name of the user.
users.email
string
The user's email address.
users.iamid
string
The IAM the user belongs to.
users.userid
string
The user's username.
users.active
boolean
If true
, the user is active. This is determined by whether Immuta has tracked any activity by the user in the last year.
summary
object
The summary of license usage that covers all users, not just the subset returned by a call to this endpoint.
summary.dataConsumers
array
Includes a summary of the dataConsumers
type.
summary.dataConsumers.totalCount
integer
The total number of users of this type known to Immuta.
summary.dataConsumers.activeCount
integer
The number of active data consumers known to Immuta, determined by whether Immuta has tracked any activity by the user in the last year. Minimum value is 0
.
summary.dataConsumers.inactiveCount
integer
The number of inactive data consumers known to Immuta, determined by whether Immuta has tracked any activity by the user in the last year. Minimum value is 0
.
summary.policyOwners
object
Includes a summary of the policyOwners
type.
summary.policyOwners.totalCount
integer
The total number of users of this type known to Immuta.
licenseId
integer
The ID of the license key you want to delete.
Yes
id
integer
The license key ID.
licenseKey
string
The license key.
seats
integer
The number of seats in the license.
softSeats
integer
The number of users that can be added beyond seats
without access being blocked.
expires
timestamp
The date the license expires.
uuid
string
The unique universal identifier.
deleted
boolean
If true
, the license key has been deleted.
features
array
The features included in the license.
handlers
array
The data handlers included in the license.
hardExpiration
boolean
When true
, all data access is blocked when the license expires.
notice
string
This notice appears on the login page.
noticeOnExpire
string
This notice appears on the login page after the license expires.
createdAt
timestamp
The date the license key was generated.
updatedAt
timestamp
The date the license key was deleted.
hardDelete
boolean
If true
, the license key cannot be re-added after it is deleted.
expired
boolean
If true
, the license has expired.
iamid |
| Yes |
userid |
| Yes |
password |
| No |
profile |
| No |
permissions |
| No |
id |
|
iamid |
|
userid |
|
bimAuthorizations |
|
iamAuthorizations |
|
authorizations |
|
permissions |
|
profile |
|
lastLogin |
|
disabled |
|
createdAt |
|
updatedAt |
|
newUserLink |
|
emailFailed |
|
emailSent |
|
iamid |
| Yes |
iamid |
| Yes |
username |
| Yes |
password |
| Yes |
authenticated |
|
token |
|
tokenExpiration |
|
profileId |
|
iamid |
| Yes |
userId |
| Yes |
iamid |
| No |
userid |
| No |
| No |
phone |
| No |
sqlUser |
| No |
about |
| No |
location |
| No |
organization |
| No |
position |
| No |
externalUserIds |
| No |
preferences |
| No |
scim |
| No |
profile |
|
permissions |
|
iamid |
|
userid |
|
authorizations |
|
updatedAt |
|
disabled |
|
lastLogin |
|
bimAuthorizations |
|
iamAuthorizations |
|
hasLogin |
|
id |
|
iamid |
|
userid |
|
bimAuthorizations |
|
iamAuthorizations |
|
authorizations |
|
permissions |
|
profile |
|
lastLogin |
|
disabled |
|
createdAt |
|
updatedAt |
|
iamid |
| Yes |
userid |
| Yes |
id |
|
iamid |
|
userid |
|
bimAuthorizations |
|
iamAuthorizations |
|
authorizations |
|
permissions |
|
profile |
|
lastLogin |
|
disabled |
|
createdAt |
|
updatedAt |
|
iamid |
| Yes |
userid |
| Yes |
originalPassword |
| Yes |
password |
| Yes |
success |
|
iamid |
| Yes |
userid |
| Yes |
disable |
| Yes |
userid |
|
disabled |
|
iamid |
| Yes |
iamId |
| Yes |
dryRun |
| Yes |
iamConfig |
| No |
plugin |
| No |
schema |
| No |
supportedActions |
| No |
type |
| No |
totalCount |
|
importedUsers |
|
refreshedUsers |
|
disabledUsers |
|
enabledUsers |
|
runningInBackground |
|
count |
|
iamid |
| Yes |
modelType |
| Yes |
modelID |
| Yes |
attributeName |
| Yes |
attributeValue |
| Yes |
id |
|
iamid |
|
userid |
|
name |
|
bimAuthorizations |
|
iamAuthorizations |
|
authorizations |
|
permissions |
|
profile |
|
lastLogin |
|
disabled |
|
createdAt |
|
updatedAt |
|
iamid |
| Yes |
modelId |
| Yes |
modelType |
| Yes |
key |
| Yes |
value |
| No |
id |
|
iamid |
|
authorizations |
|
permissions |
|
profile |
|
systemGenerated |
|
createdAt |
|
updatedAt |
|
userId |
| Yes |
| Yes |
failedEmails |
|
id |
|
displayName |
|
type |
|
oauth |
|
size |
| No |
name |
| No |
userid |
| No |
| No |
iamid |
| No |
profileIds |
| No |
excludeSystemGenerated |
| No |
excludeAdminAndGovernor |
| No |
excludeDeletediams |
| No |
excludebim |
| No |
includeDisabled |
| No |
offset |
| No |
sortField |
| No |
sortOrder |
| No |
permission |
| No |
count |
|
hits |
|
id |
|
iamid |
|
userid |
|
bimAuthorizations |
|
iamAuthorizations |
|
authorizations |
|
projectId |
|
permissions |
|
profile |
|
lastLogin |
|
disabled |
|
hasLogin |
|
groups |
|
createdAt |
|
updatedAt |
|
id |
|
iamid |
|
userid |
|
bimAuthorizations |
|
iamAuthorizations |
|
authorizations |
|
projectId |
|
permissions |
|
profile |
|
lastLogin |
|
disabled |
|
hasLogin |
|
groups |
|
createdAt |
|
updatedAt |
|
iamid |
| Yes |
id |
| Yes |
params |
| No |
profile |
|
preferences |
|
permissions |
|
iamid |
|
userid |
|
authorizations |
|
updatedAt |
|
systemGenerated |
|
disabled |
|
lastLogin |
|
lastExternalRefresh |
|
bimAuthorizations |
|
iamAuthorizations |
|
hasLogin |
|
iamid |
| Yes |
id |
| Yes |
name |
|
|
phone |
|
about |
|
location |
|
organization |
|
position |
|
externalUserIds |
|
createdAt |
|
updatedAt |
|
preferences |
|
iamid |
| Yes |
userid |
| Yes |
id |
|
name |
|
iamid |
|
groupUser |
|
userid |
| Yes |
userid |
|
iamid |
|
iamid |
| Yes |
name |
| Yes |
| No |
description |
| No |
id |
|
iamid |
|
name |
|
|
authorizations |
|
description | The group description. |
createdAt |
|
updatedAt |
|
groupId |
| Yes |
name |
| No |
| No |
description |
| No |
id |
|
iamid |
|
name |
|
|
authorizations |
|
description |
|
createdAt |
|
updatedAt |
|
groupId |
| Yes |
groupuserid |
| Yes |
groupId |
| Yes |
userid |
| Yes |
iamid |
| Yes |
id |
|
group |
|
profile |
|
createdAt |
|
updatedAt |
|
iamid |
| Yes |
groupId |
| Yes |
attributeName |
| Yes |
attributeValue |
| Yes |
id |
|
iamid |
|
name |
|
|
authorizations |
|
description |
|
createdAt |
|
updatedAt |
|
name |
| No |
ids |
| No |
userid |
| No |
iamid |
| No |
size |
| No |
offset |
| No |
sortField |
| No |
sortOrder |
| No |
nameOnly |
| No |
count |
|
hits |
|
id |
|
iamid |
|
name |
|
|
authorizations |
|
descriptions |
|
createdAt |
|
updatedAt |
|
groupId |
| Yes |
id |
|
iamid |
|
name |
|
|
authorizations |
|
descriptions |
|
createdAt |
|
updatedAt |
|
groupId |
| Yes |
offset |
| No |
size |
| No |
sortOrder |
| No |
count |
|
hits |
|
id |
|
iamid |
|
userid |
|
profile |
|
disabled |
|
group |
|
createdAt |
|
updatedAt |
|
groupId |
| Yes |
projectId |
| No |
name |
| No |
apikey |
|
keyid |
|
project |
|
name |
|
apikey |
|
authenticated |
|
token |
|
apikey |
|
userid |
|
iamid |
|
projectId |
|
authenticated |
|
token |
|
token |
|
id |
|
type |
|
iamid |
|
userid |
|
project |
|
token |
|
created |
|
lastUsed |
|
expiration |
|
name |
|
createdAt |
|
updatedAt |
|
scopes |
|
impersonationuserid |
|
impersonationiamid |
|
iamid |
| Yes |
userid |
| Yes |
keyid |
|
created |
|
project |
|
lastUsed |
|
name |
|
keyid |
| Yes |
revokedTokens |
|
name |
| Yes |
id |
| No |
rootTag |
| No |
id |
|
color |
|
description |
|
name |
|
source |
|
deleted |
|
systemCreated |
|
createdBy |
|
createdAt |
|
updatedAt |
|
searchText |
| No |
source |
| No |
excludedSource |
| No |
includeAllSystemTags |
| No |
excludedHierarchies |
| No |
limit |
| No |
id |
|
name |
|
color |
|
description |
|
source |
|
deleted |
|
systemCreated |
|
modelType |
| Yes |
modelId |
| Yes |
name |
| Yes |
id |
| No |
displayName |
| No |
source |
| No |
systemCreated |
| No |
addedBy |
| No |
deleted |
| No |
hasLeafNodes |
| No |
createdBy |
| No |
createdAt |
| No |
updatedAt |
| No |
name |
|
source |
|
addedBy |
|
deleted |
|
tag |
| Yes |
deleteHierarchy |
| No |
id |
|
name |
|
color |
|
description |
|
source |
|
deleted |
|
systemCreated |
|
createdBy |
|
createdAt |
|
updatedAt |
|
tag |
| Yes |
modelType |
| Yes |
modelId |
| Yes |
acknowledgedAccess | A project member acknowledges the purposes on a project. |
addedToProject | A data source is added to a project. |
apiKeyRevoked | A user's API key is revoked. |
attributeAdded | An attribute is added to a group or user. |
attributeRemoved | An attribute is removed from a group or user. |
attributeUpdated | Attributes for a group or user are updated. |
bulkJobStatus | A bulk action is completed (whether success/failure). |
certificationRequired | A Global Policy that requires certification by the data source owner is applied to a data source. |
conflictingGlobalPolicies | Global Policies are applied to the same column on a data source. |
dataSourceExpired | A data source that was configured to expire has expired. |
dataSourceExpiring | A data source that was configured to expire expires tomorrow. |
dataSourceUpdated | A data source is updated. |
deletedDatasourceRemovedFromProject | A data source has been deleted and then removed from a project. |
expiredDatasourceRemovedFromProject | A data source that has expired and been deleted is removed from a project. |
firstQuery | A data source is queried for the first time through Immuta. |
globalPolicyCreated | A Global Policy is created. |
globalPolicyDeleted | A Global Policy is deleted. |
globalPolicyDisabled | A Global Policy is disabled. |
globalPolicyUpdated | A Global Policy is updated. |
groupUserAdded | A user is added to a group. |
groupUserDeleted | A user is removed from a group. |
healthCheckFailed | A health check runs and returns not healthy. |
healthCheckResolved | A health check runs and returns healthy. |
modelAccessApproved | A user's access request is approved for a data source or project. |
modelAccessDenied | A user's access request is denied for a data source or project. |
modelAccessRequested | A user requests access to a data source or project. |
modelAccessRevoked | A user's access request is revoked for a data source or project. |
modelAccessUpdated | A user's access level is updated for a data source or project. |
modelCreated | A data source or project is created. |
modelDeleted | A data source or project is deleted. |
modelTagAdded | A tag is added to a data source or a data source column. |
modelTagRemoved | A tag is removed from a data source or a data source column. |
modelUserAdded | A user is added to a data source. |
modelUserDeleted | A user is removed from a data source. |
modelUserJoined | A user joins a data source that they are already allowed to join. |
nativeWorkspaceStateChanged | A native workspace configuration within a project changes. |
permissionsUpdated | A user's permissions are updated. |
policyAdjustmentCreated | A policy adjustment is created. |
policyAdjustmentExpired | A policy adjustment has expired (the default is after a year). |
policyCertificationExpired | A policy certification on a data source has expired. |
policyUpdated | A data source's policies have been updated by a user or Global Policy. Policy updates are triggered for many reasons, including when a data source is created, a user updates them, a Global Policy changed, tags are added to a data source or column, the data dictionary changed, a fingerprint is recomputed, an external catalog modifies tags on a linked data source, or a policy disabled. |
projectDisabled | A project is disabled. |
projectEqualizationMemberNotInCompliance | A member of an equalized project is out of compliance. |
projectEqualizationToggled | Project equalization is toggled on or off. |
projectUpdated | A project is updated. |
purposeCreated | A purpose is created. |
purposeDeleted | A purpose is deleted. |
purposeUpdated | A purpose is updated. |
queryCanceled | A running query is canceled due to a change on a data source. |
queryCreated | A user creates a public query on a data source. |
queryUpdated | A public query is updated. |
removedFromProject | A data source is removed from a project. |
switchedCurrentProject | A user switches their current project. |
tagCreated | A tag is created. |
tagDeleted | A tag is deleted. |
tagUpdated | A tag is updated. |
taskDeleted | An outstanding data source task is deleted without validation. |
taskValidated | An outstanding data source task is validated. |
userCloned | A user is cloned. |
userCreated | A user or group is created. |
userDeleted | A user or group is deleted. |
userDisabled | A user is disabled. |
userEnabled | A user is enabled. |
userMigrated | A user is migrated from an old IAM to a new IAM. |
usernameUpdated | A user's name is updated. |
userUpdated | A group is updated. |
webhooks |
| Yes |
url |
| Yes |
name |
| Yes |
global |
| Yes |
notificationType |
| Yes |
actionType |
| Yes |
secret |
| No |
createdWebhooks |
|
value |
|
value |
|
offset |
| No |
pageSize |
| No |
sortField |
| No |
sortOrder |
| No |
notificationType |
| No |
includeGlobal |
| No |
includeUser |
| No |
successOrFailure |
| No |
count |
|
records |
|
id |
| Yes |
value |
|
id |
| Yes |
id |
|
request |
|
response |
|
statusCode |
|
notificationType |
|
webhooksActivityId |
|
createdAt |
|
updatedAt |
|
id |
| Yes |
value |
|
name |
| Yes |
displayName |
| Yes |
description |
| Yes |
type |
| Yes |
config |
| Yes |
config.tags |
| No |
config.regex |
| No |
config.columnNameRegex |
| No |
config.values |
| No |
config.caseSensitive |
| No |
config.minConfidence |
| Yes |
createdBy |
|
name |
|
displayName |
|
description |
|
type |
|
config |
|
config.tags |
|
config.columnNameRegex |
|
config.regex |
|
config.values |
|
config.caseSensitive |
|
config.minConfidence |
|
createdAt |
|
updatedAt |
|
name |
| Yes |
displayName |
| Yes |
description |
| Yes |
classifiers |
| Yes |
classifiers.name |
| Yes |
classifiers.overrides |
| No |
classifiers.overrides.tags |
| No |
id |
|
createdBy |
|
name |
|
displayName |
|
description |
|
classifiers |
|
createdAt |
|
updatedAt |
|
sortField |
| No |
sortOrder |
| No |
offSet |
| No |
limit |
| No |
type |
| No |
searchText |
| No |
count |
|
createdBy |
|
name |
|
displayName |
|
description |
|
type |
|
config |
|
config.tags |
|
config.columnNameRegex |
|
config.regex |
|
config.values |
|
config.caseSensitive |
|
createdAt |
|
updatedAt |
|
sortField |
| No |
sortOrder |
| No |
offSet |
| No |
limit |
| No |
classifiers |
| No |
searchText |
| No |
count |
|
id |
|
createdBy |
|
name |
|
displayName |
|
description |
|
classifiers |
|
createdAt |
|
updatedAt |
|
classifierName |
| Yes |
id |
|
createdBy |
|
name |
|
displayName |
|
description |
|
type |
|
config |
|
config.tags |
|
config.columnNameRegex |
|
config.regex |
|
config.values |
|
config.caseSensitive |
|
createdAt |
|
updatedAt |
|
templateName |
| Yes |
id |
|
createdBy |
|
name |
|
displayName |
|
description |
|
classifiers |
|
createdAt |
|
updatedAt |
|
id |
|
name |
|
displayName |
|
description |
|
classifiers |
|
createdBy |
|
createdAt |
|
updatedAt |
|
template |
| Yes |
sources |
| Yes |
success |
|
sources |
| Yes |
all |
| No |
wait |
| No |
dryRun |
| No |
template |
| No |
id |
|
state |
|
output |
|
classifierName |
| Yes |
name |
| Yes |
displayName |
| Yes |
description |
| Yes |
type |
| Yes |
config |
| Yes |
config.tags |
| No |
config.regex |
| No |
config.columnNameRegex |
| No |
config.values |
| No |
config.caseSensitive |
| No |
config.minConfidence |
| Yes |
createdBy |
|
name |
|
displayName |
|
description |
|
type |
|
config |
|
config.tags |
|
config.columnNameRegex |
|
config.regex |
|
config.values |
|
config.caseSensitive |
|
createdAt |
|
updatedAt |
|
templateName |
| Yes |
name |
| Yes |
displayName |
| Yes |
description |
| No |
id |
|
createdBy |
|
name |
|
displayName |
|
description |
|
classifiers |
|
createdAt |
|
updatedAt |
|
templateName |
| Yes |
name |
| Yes |
displayName |
| Yes |
description |
| Yes |
classifiers |
| Yes |
classifiers.name |
| Yes |
classifiers.overrides |
| No |
classifiers.overrides.tags |
| No |
id |
|
createdBy |
|
name |
|
displayName |
|
description |
|
classifiers |
|
createdAt |
|
updatedAt |
|
classifierName |
| Yes |
createdBy |
|
name |
|
displayName |
|
description |
|
type |
|
config |
|
config.tags |
|
config.columnNameRegex |
|
config.regex |
|
config.values |
|
config.caseSensitive |
|
createdAt |
|
updatedAt |
|
templateName |
| Yes |
id |
|
createdBy |
|
name |
|
displayName |
|
description |
|
classifiers |
|
createdAt |
|
updatedAt |
|
GET |
|
POST |
|
PUT |
|
DELETE |
|
PUT |
|
PUT |
|
PUT |
|
POST |
|
POST |
|
PUT |
|
DELETE |
|
POST |
|
iamid |
| Yes |
userid |
| Yes |
permission | Yes |
permissions | Yes |
GET |
|
GET |
|
GET |
|
GET |
|
GET |
|
GET |
|
PUT |
|
DELETE |
|
POST |
|
PUT |
|
GET |
|
GET |
|
GET |
|
POST |
|
POST |
|
POST |
|
GET |
|
|
|
|
|
Return a list of webhooks the user can see. (Admins can see all webhooks; users can only see their own webhooks.) |
Return a list of valid notification actions that a webhook can be triggered by. |
Return historical records for webhook requests, including requests and responses. |
Return specified webhook by ID. |
| The request timed out. |
GET |
|
GET |
|
GET |
|
GET |
|
GET |
|
PUT |
|
POST |
|
PUT |
|
DELETE |
|
DELETE |
|
Search filter API reference guide
This page describes the searchFilter
endpoint.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
POST
/searchFilter
Save a new search filter.
The following request saves a new search filter.
GET
/searchFilter
Retrieve saved search filters.
The following request retrieves all saved search filters.
DELETE
/searchFilter/{searchFilterName}
Delete a search filter by name.
The following request deletes the Medical Claims
search filter.
.
.
.
.
.
.
.
.
.
.
.
.
string
The permission to remove. See for a list of Immuta permissions.
array[string]
A list of the user's permissions. This list is going to be a comprehensive list of all of the user's permissions. See for a list of Immuta permissions.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Attribute | Description | Required |
---|---|---|
Attribute | Description |
---|---|
Attribute | Description | Required |
---|---|---|
Attribute | Description |
---|---|
Attribute | Description | Required |
---|---|---|
Attribute | Description |
---|---|
filter
array
Includes facets to use in the search filter, such as searchText
(the base search string for data sources/projects), tag
, column
, connectionString
, schema
, and type
(type of models to search for: datasource
or project
).
Yes
name
string
Name to be used for the search filter.
No
filter
array
The facets used in the search filter, such as searchText
(the base search string for data sources/projects), tag
, column
, connectionString
, schema
, and type
(type of models used in the filter: datasource
or project
).
name
string
The name of the search filter.
searchText
string
A string used to filter returned saved filters. The query is executed with a wildcard prefix and suffix.
No
values
array
Details regarding the search filters, including name
, filter
, searchText
(the base search string for data sources/projects), tag
, column
, connectionString
, schema
, and type
(type of models used in the filter: datasource
or project
).
searchFilterName
string
The name of the specific search filter.
Yes
values
array
Details regarding the search filters, including name
, filter
, searchText
(the base search string for data sources/projects), tag
, column
, connectionString
, schema
, and type
(type of models used in the filter: datasource
or project
).