> ## Documentation Index > Fetch the complete documentation index at: https://docs.opal.dev/llms.txt > Use this file to discover all available pages before exploring further. # Post configuration templates > Creates a configuration template. ## OpenAPI ````yaml https://app.opal.dev/openapi.yaml post /configuration-templates openapi: 3.1.0 info: contact: email: hello@opal.dev name: Opal Team url: https://www.opal.dev/ description: >- The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. title: Opal API version: '1.0' servers: - description: Production url: https://api.opal.dev/v1 security: [] tags: - name: access-rules description: Operations related to access rules - name: apps description: Operations related to apps - name: bundles description: Operations related to bundles - name: configuration-templates description: Operations related to configuration templates - name: delegations description: Operations related to request reviewer delegations - name: events description: Operations related to events - name: groups description: Operations related to groups - name: group-bindings description: Operations related to group bindings - name: idp-group-mappings description: Operations related to IDP group mappings - name: message-channels description: Operations related to message channels - name: non-human-identities description: Operations related to non-human identities - name: on-call-schedules description: Operations related to on-call schedules - name: owners description: Operations related to owners - name: requests description: Operations related to requests - name: resources description: Operations related to resources - name: sessions description: Operations related to sessions - name: tags description: Operations related to tags - name: tokens description: Operations related to API tokens - name: uars description: Operations related to UARs - name: users description: Operations related to users paths: /configuration-templates: post: tags: - configuration-templates description: Creates a configuration template. operationId: createConfigurationTemplate requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateConfigurationTemplateInfo' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConfigurationTemplate' description: The configuration template just created. security: - BearerAuth: [] components: schemas: CreateConfigurationTemplateInfo: description: >- # CreateConfigurationTemplateInfo Object ### Description The `CreateConfigurationTemplateInfo` object is used to store creation info for a configuration template. ### Usage Example Use in the `POST Configuration Templates` endpoint. example: admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 visibility: private linked_audit_message_channel_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 member_oncall_schedule_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 break_glass_user_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 require_mfa_to_approve: false require_mfa_to_connect: false name: Prod AWS Template required: - admin_owner_id - visibility - name - require_mfa_to_approve - require_mfa_to_connect properties: admin_owner_id: description: The ID of the owner of the configuration template. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string visibility: $ref: '#/components/schemas/VisibilityInfo' description: The visibility info of the configuration template. example: private linked_audit_message_channel_ids: description: >- The IDs of the audit message channels linked to the configuration template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: type: string format: uuid type: array member_oncall_schedule_ids: description: >- The IDs of the on-call schedules linked to the configuration template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: type: string format: uuid type: array break_glass_user_ids: description: >- The IDs of the break glass users linked to the configuration template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: type: string format: uuid type: array require_mfa_to_approve: description: >- A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. example: false type: boolean require_mfa_to_connect: description: >- A bool representing whether or not to require MFA to connect to resources associated with this configuration template. example: false type: boolean name: description: The name of the configuration template. example: Prod AWS Template type: string request_configurations: type: array items: $ref: '#/components/schemas/RequestConfiguration' description: >- The request configuration list of the configuration template. If not provided, the default request configuration will be used. request_configuration_list: $ref: '#/components/schemas/CreateRequestConfigurationInfoList' description: >- The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. deprecated: true example: request_configurations: - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 condition: null allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 0 - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 condition: group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 1 ticket_propagation: $ref: '#/components/schemas/TicketPropagationConfiguration' custom_request_notification: description: >- Custom request notification sent upon request approval for this configuration template. type: string maxLength: 800 nullable: true example: Check your email to register your account. ConfigurationTemplate: description: >- # Configuration Template Object ### Description The `ConfigurationTemplate` object is used to represent a configuration template. ### Usage Example Returned from the `GET Configuration Templates` endpoint. example: configuration_template_id: 7c86c85d-0651-43e2-a748-d69d658418e8 admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 visibility: private linked_audit_message_channel_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 member_oncall_schedule_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 break_glass_user_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 require_mfa_to_approve: false require_mfa_to_connect: false name: Prod AWS Template properties: configuration_template_id: description: The ID of the configuration template. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string name: description: The name of the configuration template. example: Prod AWS Template type: string admin_owner_id: description: The ID of the owner of the configuration template. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string visibility: $ref: '#/components/schemas/VisibilityInfo' description: The visibility info of the configuration template. example: private linked_audit_message_channel_ids: description: >- The IDs of the audit message channels linked to the configuration template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: type: string format: uuid type: array request_configuration_id: description: >- The ID of the request configuration linked to the configuration template. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string member_oncall_schedule_ids: description: >- The IDs of the on-call schedules linked to the configuration template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 7c86c85d-0651-43e2-a748-d69d658418e8 items: type: string format: uuid type: array break_glass_user_ids: description: >- The IDs of the break glass users linked to the configuration template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: type: string format: uuid type: array require_mfa_to_approve: description: >- A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. example: false type: boolean require_mfa_to_connect: description: >- A bool representing whether or not to require MFA to connect to resources associated with this configuration template. example: false type: boolean ticket_propagation: $ref: '#/components/schemas/TicketPropagationConfiguration' custom_request_notification: description: >- Custom request notification sent upon request approval for this configuration template. type: string maxLength: 800 nullable: true example: Check your email to register your account. VisibilityInfo: description: Visibility infomation of an entity. example: visibility: LIMITED visibility_group_ids: - 7870617d-e72a-47f5-a84c-693817ab4567 - 1520617d-e72a-47f5-a84c-693817ab48ad2 properties: visibility: $ref: '#/components/schemas/VisibilityTypeEnum' visibility_group_ids: items: type: string format: uuid type: array type: object required: - visibility RequestConfiguration: description: >- # Request Configuration Object ### Description The `RequestConfiguration` object is used to represent a request configuration. ### Usage Example Returned from the `GET Request Configurations` endpoint. example: request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 created_at: '2021-01-06T20:00:00.000Z' updated_at: '2021-01-06T20:00:00.000Z' condition: group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 1 type: object properties: condition: $ref: '#/components/schemas/Condition' description: The condition for the request configuration. allow_requests: description: >- A bool representing whether or not to allow requests for this resource. example: true type: boolean auto_approval: description: >- A bool representing whether or not to automatically approve requests for this resource. example: false type: boolean require_mfa_to_request: description: >- A bool representing whether or not to require MFA for requesting access to this resource. example: false type: boolean max_duration_minutes: description: >- The maximum duration for which the resource can be requested (in minutes). type: integer example: 120 recommended_duration_minutes: description: >- The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. type: integer example: 120 require_support_ticket: description: >- A bool representing whether or not access requests to the resource require an access ticket. example: false type: boolean extensions_duration_in_minutes: description: >- The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. type: integer example: 120 request_template_id: description: The ID of the associated request template. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string reviewer_stages: description: The list of reviewer stages for the request configuration. items: $ref: '#/components/schemas/ReviewerStage' type: array priority: description: The priority of the request configuration. example: 1 type: integer required: - organization_id - allow_requests - auto_approval - require_mfa_to_request - require_support_ticket - priority CreateRequestConfigurationInfoList: description: >- # CreateRequestConfigurationInfoList Object ### Description The `CreateRequestConfigurationInfoList` object is used as an input to the CreateRequestConfigurations API. ### Formatting Requirements The `CreateRequestConfigurationInfoList` object must contain a list of `RequestConfiguration` objects. Exactly one default `RequestConfiguration` must be provided. A default `RequestConfiguration` is one with a `condition` of `null` and a `priority` of `0`. The default `RequestConfiguration` will be used when no other `RequestConfiguration` matches the request. Only one `RequestConfiguration` may be provided for each priority, and the priorities must be contiguous. For example, if there are two `RequestConfigurations` with priorities 0 and 2, there must be a `RequestConfiguration` with priority 1. To use the `condition` field, the `condition` must be a valid JSON object. The `condition` must be a JSON object with the key `group_ids` (more options may be added in the future), whose value is a list of group IDs. The `condition` will match if the user requesting access is a member of any of the groups in the list. Currently, we only support using a single group as a condition. example: request_configurations: - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 condition: null allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 0 - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 condition: group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 1 properties: request_configurations: description: A list of request configurations to create. items: $ref: '#/components/schemas/RequestConfiguration' type: array type: object required: - request_configurations TicketPropagationConfiguration: description: >- Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource. type: object properties: enabled_on_grant: type: boolean enabled_on_revocation: type: boolean ticket_provider: $ref: '#/components/schemas/TicketingProviderEnum' ticket_project_id: type: string required: - enabled_on_grant - enabled_on_revocation VisibilityTypeEnum: description: The visibility level of the entity. enum: - GLOBAL - LIMITED example: GLOBAL type: string Condition: description: |- # Condition Object ### Description The `Condition` object is used to represent a condition. ### Usage Example Used to match request configurations to users in `RequestConfiguration` example: group_ids: - 1b978423-db0a-4037-a4cf-f79c60cb67b3 type: object properties: group_ids: description: The list of group IDs to match. example: - 1b978423-db0a-4037-a4cf-f79c60cb67b3 items: type: string format: uuid type: array role_remote_ids: description: The list of role remote IDs to match. example: - arn:aws:iam::590304332660:role/AdministratorAccess type: array items: type: string ReviewerStage: description: A reviewer stage. example: owner_ids: - 7870617d-e72a-47f5-a84c-693817ab4567 - 1520617d-e72a-47f5-a84c-693817ab48ad2 service_user_ids: - 7870617d-e72a-47f5-a84c-693817ab4568 properties: require_manager_approval: description: Whether this reviewer stage should require manager approval. example: false type: boolean require_admin_approval: description: Whether this reviewer stage should require admin approval. example: false type: boolean operator: description: >- The operator of the reviewer stage. Admin and manager approval are also treated as reviewers. enum: - AND - OR example: AND type: string owner_ids: description: The IDs of owners assigned as reviewers for this stage. items: type: string format: uuid type: array service_user_ids: description: The IDs of service users assigned as reviewers for this stage. items: type: string format: uuid type: array type: object required: - operator - require_manager_approval - owner_ids - stage TicketingProviderEnum: description: The third party ticketing platform provider. enum: - JIRA - LINEAR - SERVICE_NOW example: LINEAR type: string securitySchemes: BearerAuth: scheme: bearer type: http ````