Skip to main content
POST
/
configuration-templates
cURL
curl --request POST \
  --url https://api.opal.dev/v1/configuration-templates \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "admin_owner_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
  "visibility": "private",
  "linked_audit_message_channel_ids": [
    "37cb7e41-12ba-46da-92ff-030abe0450b1",
    "37cb7e41-12ba-46da-92ff-030abe0450b2"
  ],
  "request_configuration_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
  "member_oncall_schedule_ids": [
    "37cb7e41-12ba-46da-92ff-030abe0450b1",
    "37cb7e41-12ba-46da-92ff-030abe0450b2"
  ],
  "break_glass_user_ids": [
    "37cb7e41-12ba-46da-92ff-030abe0450b1",
    "37cb7e41-12ba-46da-92ff-030abe0450b2"
  ],
  "require_mfa_to_approve": false,
  "require_mfa_to_connect": false,
  "name": "Prod AWS Template"
}'
{
  "configuration_template_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
  "admin_owner_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
  "visibility": "private",
  "linked_audit_message_channel_ids": [
    "37cb7e41-12ba-46da-92ff-030abe0450b1",
    "37cb7e41-12ba-46da-92ff-030abe0450b2"
  ],
  "request_configuration_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
  "member_oncall_schedule_ids": [
    "37cb7e41-12ba-46da-92ff-030abe0450b1",
    "37cb7e41-12ba-46da-92ff-030abe0450b2"
  ],
  "break_glass_user_ids": [
    "37cb7e41-12ba-46da-92ff-030abe0450b1",
    "37cb7e41-12ba-46da-92ff-030abe0450b2"
  ],
  "require_mfa_to_approve": false,
  "require_mfa_to_connect": false,
  "name": "Prod AWS Template"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

CreateConfigurationTemplateInfo Object

Description

The CreateConfigurationTemplateInfo object is used to store creation info for a configuration template.

Usage Example

Use in the POST Configuration Templates endpoint.

admin_owner_id
string<uuid>
required

The ID of the owner of the configuration template.

Example:

"7c86c85d-0651-43e2-a748-d69d658418e8"

visibility
object
required

The visibility info of the configuration template.

Example:
{
  "visibility": "LIMITED",
  "visibility_group_ids": [
    "7870617d-e72a-47f5-a84c-693817ab4567",
    "1520617d-e72a-47f5-a84c-693817ab48ad2"
  ]
}
require_mfa_to_approve
boolean
required

A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template.

Example:

false

require_mfa_to_connect
boolean
required

A bool representing whether or not to require MFA to connect to resources associated with this configuration template.

Example:

false

name
string
required

The name of the configuration template.

Example:

"Prod AWS Template"

linked_audit_message_channel_ids
string<uuid>[]

The IDs of the audit message channels linked to the configuration template.

Example:
[
  "37cb7e41-12ba-46da-92ff-030abe0450b1",
  "37cb7e41-12ba-46da-92ff-030abe0450b2"
]
member_oncall_schedule_ids
string<uuid>[]

The IDs of the on-call schedules linked to the configuration template.

Example:
[
  "37cb7e41-12ba-46da-92ff-030abe0450b1",
  "37cb7e41-12ba-46da-92ff-030abe0450b2"
]
break_glass_user_ids
string<uuid>[]

The IDs of the break glass users linked to the configuration template.

Example:
[
  "37cb7e41-12ba-46da-92ff-030abe0450b1",
  "37cb7e41-12ba-46da-92ff-030abe0450b2"
]
request_configurations
object[]

The request configuration list of the configuration template. If not provided, the default request configuration will be used.

request_configuration_list
object

The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of request_configurations.

Example:
{
  "request_configurations": [
    {
      "request_configuration_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
      "organization_id": "w86c85d-0651-43e2-a748-d69d658418e8",
      "condition": null,
      "allow_requests": true,
      "auto_approval": false,
      "require_mfa_to_request": false,
      "max_duration_minutes": 120,
      "recommended_duration_minutes": 120,
      "require_support_ticket": false,
      "reviewer_stages": [
        {
          "reviewer_stage_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
          "owner_ids": [
            "37cb7e41-12ba-46da-92ff-030abe0450b1",
            "37cb7e41-12ba-46da-92ff-030abe0450b2"
          ],
          "stage": 1
        }
      ],
      "priority": 0
    },
    {
      "request_configuration_id": "7c86c85d-0651-43e2-a748-d69d658418e9",
      "organization_id": "w86c85d-0651-43e2-a748-d69d658418e8",
      "condition": {
        "group_id": "1b978423-db0a-4037-a4cf-f79c60cb67b4"
      },
      "allow_requests": true,
      "auto_approval": false,
      "require_mfa_to_request": false,
      "max_duration_minutes": 120,
      "recommended_duration_minutes": 120,
      "require_support_ticket": false,
      "reviewer_stages": [
        {
          "reviewer_stage_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
          "owner_ids": [
            "37cb7e41-12ba-46da-92ff-030abe0450b1",
            "37cb7e41-12ba-46da-92ff-030abe0450b2"
          ],
          "stage": 1
        }
      ],
      "priority": 1
    }
  ]
}
ticket_propagation
object

Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource.

custom_request_notification
string | null

Custom request notification sent upon request approval for this configuration template.

Maximum length: 800
Example:

"Check your email to register your account."

Response

200 - application/json

The configuration template just created.

Configuration Template Object

Description

The ConfigurationTemplate object is used to represent a configuration template.

Usage Example

Returned from the GET Configuration Templates endpoint.

configuration_template_id
string<uuid>

The ID of the configuration template.

Example:

"7c86c85d-0651-43e2-a748-d69d658418e8"

name
string

The name of the configuration template.

Example:

"Prod AWS Template"

admin_owner_id
string<uuid>

The ID of the owner of the configuration template.

Example:

"7c86c85d-0651-43e2-a748-d69d658418e8"

visibility
object

The visibility info of the configuration template.

Example:
{
  "visibility": "LIMITED",
  "visibility_group_ids": [
    "7870617d-e72a-47f5-a84c-693817ab4567",
    "1520617d-e72a-47f5-a84c-693817ab48ad2"
  ]
}
linked_audit_message_channel_ids
string<uuid>[]

The IDs of the audit message channels linked to the configuration template.

Example:
[
  "37cb7e41-12ba-46da-92ff-030abe0450b1",
  "37cb7e41-12ba-46da-92ff-030abe0450b2"
]
request_configuration_id
string<uuid>

The ID of the request configuration linked to the configuration template.

Example:

"7c86c85d-0651-43e2-a748-d69d658418e8"

member_oncall_schedule_ids
string<uuid>[]

The IDs of the on-call schedules linked to the configuration template.

Example:
[
  "37cb7e41-12ba-46da-92ff-030abe0450b1",
  "7c86c85d-0651-43e2-a748-d69d658418e8"
]
break_glass_user_ids
string<uuid>[]

The IDs of the break glass users linked to the configuration template.

Example:
[
  "37cb7e41-12ba-46da-92ff-030abe0450b1",
  "37cb7e41-12ba-46da-92ff-030abe0450b2"
]
require_mfa_to_approve
boolean

A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template.

Example:

false

require_mfa_to_connect
boolean

A bool representing whether or not to require MFA to connect to resources associated with this configuration template.

Example:

false

ticket_propagation
object

Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource.

custom_request_notification
string | null

Custom request notification sent upon request approval for this configuration template.

Maximum length: 800
Example:

"Check your email to register your account."