cURL

curl --request POST \
  --url https://api.opal.dev/v1/groups/{group_id}/resources/{resource_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess",
  "duration_minutes": 60
}
'

{
  "group_id": "f454d283-ca87-4a8a-bdbb-df212eca5353",
  "resource_id": "b5a5ca27-0ea3-4d86-9199-2126d57d1fbd",
  "access_level_remote_id": "write"
}

POST

groups

{group_id}

resources

{resource_id}

cURL

curl --request POST \
  --url https://api.opal.dev/v1/groups/{group_id}/resources/{resource_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess",
  "duration_minutes": 60
}
'

{
  "group_id": "f454d283-ca87-4a8a-bdbb-df212eca5353",
  "resource_id": "b5a5ca27-0ea3-4d86-9199-2126d57d1fbd",
  "access_level_remote_id": "write"
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

group_id

string<uuid>

required

The ID of the group.

resource_id

string<uuid>

required

The ID of the resource.

Query Parameters

access_level_remote_id

string

The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used.

Body

application/json

access_level_remote_id

string

The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used.

Example:

"arn:aws:iam::590304332660:role/AdministratorAccess"

duration_minutes

integer

The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite.

Required range: 0 <= x <= 525960

Example:

60

Response

200 - application/json

The created GroupResource object.

GroupResource Object

Description

The GroupResource object is used to represent a relationship between a group and a resource.

group_id

string<uuid>

required

The ID of the group.

Example:

"f454d283-ca87-4a87-bdbb-df212eca5353"

resource_id

string<uuid>

required

The ID of the resource.

Example:

"b5a5ca27-0ea3-4d86-9199-2126d57d1fbd"

access_level

object

required

Access Level Object

Description

The AccessLevel object is used to represent the level of access that a principal has. The "default" access level is a AccessLevel object whose fields are all empty strings.

Usage Example

View the AccessLevel of a resource/user or resource/group pair to see the level of access granted to the resource.

Show child attributes

access_level.access_level_name

string

required

The human-readable name of the access level.

Example:

"AdminRole"

access_level.access_level_remote_id

string

required

The machine-readable identifier of the access level.

Example:

"arn:aws:iam::590304332660:role/AdministratorAccess"

Example:

{
  "access_level_name": "AdminRole",
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}

Delete groups containing groups Get groups visibility

⌘I

API Concepts

SDKs

Opal API

Post groups resources

Authorizations

Path Parameters

Query Parameters

Body

Response

GroupResource Object

Description

Access Level Object

Description

Usage Example