cURL

curl --request POST \
  --url https://api.opal.dev/v1/groups/{group_id}/users/{user_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "duration_minutes": 60,
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}
'

{
  "full_name": "Jake Barnes",
  "user_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
  "group_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
  "expiration_date": "2022-01-23T04:56:07.000Z",
  "email": "jake@company.dev"
}

POST

groups

{group_id}

users

{user_id}

cURL

curl --request POST \
  --url https://api.opal.dev/v1/groups/{group_id}/users/{user_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "duration_minutes": 60,
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}
'

{
  "full_name": "Jake Barnes",
  "user_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
  "group_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
  "expiration_date": "2022-01-23T04:56:07.000Z",
  "email": "jake@company.dev"
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

group_id

string<uuid>

required

The ID of the group.

user_id

string<uuid>

required

The ID of the user to add.

Query Parameters

duration_minutes

integer

The duration for which the group can be accessed (in minutes). Use 0 to set to indefinite.

Required range: x <= 525960

access_level_remote_id

string

The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used.

Body

application/json

duration_minutes

integer

required

The duration for which the group can be accessed (in minutes). Use 0 to set to indefinite.

Example:

60

access_level_remote_id

string

The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used.

Example:

"arn:aws:iam::590304332660:role/AdministratorAccess"

Response

200 - application/json

The GroupUser that was created.

Group Access User Object

Description

The GroupAccessUser object is used to represent a user with access to a group.

Usage Example

Fetch from the LIST GroupUsers endpoint.

group_id

string<uuid>

required

The ID of the group.

Example:

"1b978423-db0a-4037-a4cf-f79c60cb67b3"

group_name

string

required

The name of the group.

Example:

"API Group"

description

string

required

The description of the group.

Example:

"Group required to request API's"

user_id

string<uuid>

required

The ID of the user.

Example:

"29827fb8-f2dd-4e80-9576-28e31e9934ac"

full_name

string

required

The user's full name.

Example:

"Jake Barnes"

string

required

The user's email.

Example:

"jake@company.dev"

access_level

object

Access Level Object

Description

The GroupAccessLevel object is used to represent the level of access that a user has to a group or a group has to a group. The "default" access level is a GroupAccessLevel object whose fields are all empty strings.

Usage Example

View the GroupAccessLevel of a group/user or group/group pair to see the level of access granted to the group.

Show child attributes

Example:

{
  "access_level_name": "Developer",
  "access_level_remote_id": 20
}

expiration_date

string<date-time> | null

The day and time the user's access will expire.

Example:

"2022-01-23T04:56:07.000Z"

propagation_status

object

The state of whether the push action was propagated to the remote system. If this is null, the access was synced from the remote system.

Show child attributes

Last modified on February 19, 2026

Put groups users Delete groups users

API Concepts

SDKs

Opal API

Post groups users

Authorizations

Path Parameters

Query Parameters

Body

Response

Group Access User Object

Description

Usage Example

Access Level Object

Description

Usage Example