curl --request GET \
--url https://api.opal.dev/v1/non-human-identities \
--header 'Authorization: Bearer <token>'{
"next": "cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw",
"previous": "cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ",
"results": [
{
"resource_id": "f454d283-ca67-4a8a-bdbb-df212eca5353",
"description": "This resource represents AWS IAM role \"SupportUser\".",
"admin_owner_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
"remote_id": "arn:aws:iam::490306337630:role/SupportUser",
"remote_name": "SupportUser",
"max_duration": 120,
"require_manager_approval": false,
"require_support_ticket": false,
"parent_resource_id": "f454d283-ca67-4a8a-bdbb-df212eca5345"
},
{
"resource_id": "99d0b81d-14be-4cf6-bd27-348b4af1d11b",
"description": "This resource represents GCP project \"app-demo\".",
"remote_id": "app-demo-307223",
"remote_name": "app-demo",
"admin_owner_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
"max_duration": 360,
"require_manager_approval": false,
"require_support_ticket": true
}
]
}Get non human identities
Returns a list of non-human identities for your organization.
curl --request GET \
--url https://api.opal.dev/v1/non-human-identities \
--header 'Authorization: Bearer <token>'{
"next": "cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw",
"previous": "cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ",
"results": [
{
"resource_id": "f454d283-ca67-4a8a-bdbb-df212eca5353",
"description": "This resource represents AWS IAM role \"SupportUser\".",
"admin_owner_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
"remote_id": "arn:aws:iam::490306337630:role/SupportUser",
"remote_name": "SupportUser",
"max_duration": 120,
"require_manager_approval": false,
"require_support_ticket": false,
"parent_resource_id": "f454d283-ca67-4a8a-bdbb-df212eca5345"
},
{
"resource_id": "99d0b81d-14be-4cf6-bd27-348b4af1d11b",
"description": "This resource represents GCP project \"app-demo\".",
"remote_id": "app-demo-307223",
"remote_name": "app-demo",
"admin_owner_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
"max_duration": 360,
"require_manager_approval": false,
"require_support_ticket": true
}
]
}Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Query Parameters
The pagination cursor value.
Number of results to return per page. Default is 200.
x <= 1000Response
One page worth non-human identities in your organization.
Show child attributes
Show child attributes
The ID of the resource.
"f454d283-ca87-4a8a-bdbb-df212eca5353"
The ID of the app.
"b5a5ca27-0ea3-4d86-9199-2126d57d1fbd"
The name of the resource.
"mongo-db-prod"
A description of the resource.
"This resource represents AWS IAM role \"SupportUser\"."
The ID of the owner of the resource.
"7c86c85d-0651-43e2-a748-d69d658418e8"
The ID of the resource on the remote system.
318038399
The name of the resource on the remote system.
"repo-name"
The type of the resource.
AWS_IAM_ROLE, AWS_EC2_INSTANCE, AWS_EKS_CLUSTER, AWS_RDS_POSTGRES_CLUSTER, AWS_RDS_POSTGRES_INSTANCE, AWS_RDS_MYSQL_CLUSTER, AWS_RDS_MYSQL_INSTANCE, AWS_ACCOUNT, AWS_SSO_PERMISSION_SET, AWS_ORGANIZATIONAL_UNIT, AZURE_MANAGEMENT_GROUP, AZURE_RESOURCE_GROUP, AZURE_SUBSCRIPTION, AZURE_VIRTUAL_MACHINE, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_CONTAINER, AZURE_SQL_SERVER, AZURE_SQL_MANAGED_INSTANCE, AZURE_SQL_DATABASE, AZURE_SQL_MANAGED_DATABASE, AZURE_USER_ASSIGNED_MANAGED_Identity, AZURE_ENTRA_ID_ROLE, AZURE_ENTERPRISE_APP, CUSTOM, CUSTOM_CONNECTOR, DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL, GCP_ORGANIZATION, GCP_BUCKET, GCP_COMPUTE_INSTANCE, GCP_FOLDER, GCP_GKE_CLUSTER, GCP_PROJECT, GCP_CLOUD_SQL_POSTGRES_INSTANCE, GCP_CLOUD_SQL_MYSQL_INSTANCE, GCP_BIG_QUERY_DATASET, GCP_BIG_QUERY_TABLE, GCP_SERVICE_ACCOUNT, GIT_HUB_REPO, GIT_HUB_ORG_ROLE, GIT_LAB_PROJECT, GOOGLE_WORKSPACE_ROLE, MONGO_INSTANCE, MONGO_ATLAS_INSTANCE, OKTA_APP, OKTA_ROLE, OPAL_ROLE, OPAL_SCOPED_ROLE, PAGERDUTY_ROLE, TAILSCALE_SSH, SALESFORCE_PERMISSION_SET, SALESFORCE_PROFILE, SALESFORCE_ROLE, SNOWFLAKE_DATABASE, SNOWFLAKE_SCHEMA, SNOWFLAKE_TABLE, WORKDAY_ROLE, MYSQL_INSTANCE, MARIADB_INSTANCE, POSTGRES_INSTANCE, TELEPORT_ROLE, ILEVEL_ADVANCED_ROLE, DATASTAX_ASTRA_ROLE, COUPA_ROLE, CURSOR_ORGANIZATION, OPENAI_PLATFORM_PROJECT, OPENAI_PLATFORM_SERVICE_ACCOUNT, ANTHROPIC_WORKSPACE, GIT_HUB_ORG, ORACLE_FUSION_ROLE, DEVIN_ORGANIZATION, DEVIN_ROLE "AWS_IAM_ROLE"
The maximum duration for which the resource can be requested (in minutes).
120
The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.
120
The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.
120
A bool representing whether or not access requests to the resource require manager approval.
false
A bool representing whether or not access requests to the resource require an access ticket.
false
A bool representing whether or not to require MFA for reviewers to approve requests for this resource.
false
A bool representing whether or not to require MFA for requesting access to this resource.
false
A bool representing whether or not to require MFA to connect to this resource.
false
A bool representing whether or not to automatically approve requests to this resource.
false
The ID of the associated request template.
"06851574-e50d-40ca-8c78-f72ae6ab4304"
A bool representing whether or not to allow access requests to this resource.
false
The ID of the parent resource.
"06851574-e50d-40ca-8c78-f72ae6ab4305"
The ID of the associated configuration template.
"06851574-e50d-40ca-8c78-f72ae6ab4304"
A list of configurations for requests to this resource.
Show child attributes
Show child attributes
A bool representing whether or not to allow requests for this resource.
true
A bool representing whether or not to automatically approve requests for this resource.
false
A bool representing whether or not to require MFA for requesting access to this resource.
false
A bool representing whether or not access requests to the resource require an access ticket.
false
The priority of the request configuration.
1
The condition for the request configuration.
Show child attributes
Show child attributes
The list of group IDs to match.
["1b978423-db0a-4037-a4cf-f79c60cb67b3"]The list of role remote IDs to match.
[
"arn:aws:iam::590304332660:role/AdministratorAccess"
]{
"group_ids": ["1b978423-db0a-4037-a4cf-f79c60cb67b3"]
}The maximum duration for which the resource can be requested (in minutes).
120
The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.
120
The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.
120
The ID of the associated request template.
"06851574-e50d-40ca-8c78-f72ae6ab4304"
The list of reviewer stages for the request configuration.
Show child attributes
Show child attributes
Whether this reviewer stage should require manager approval.
false
The operator of the reviewer stage. Admin and manager approval are also treated as reviewers.
AND, OR "AND"
Whether this reviewer stage should require admin approval.
false
A list of configurations for requests to this resource. Deprecated in favor of request_configurations.
Show child attributes
Show child attributes
A bool representing whether or not to allow requests for this resource.
true
A bool representing whether or not to automatically approve requests for this resource.
false
A bool representing whether or not to require MFA for requesting access to this resource.
false
A bool representing whether or not access requests to the resource require an access ticket.
false
The priority of the request configuration.
1
The condition for the request configuration.
Show child attributes
Show child attributes
The list of group IDs to match.
["1b978423-db0a-4037-a4cf-f79c60cb67b3"]The list of role remote IDs to match.
[
"arn:aws:iam::590304332660:role/AdministratorAccess"
]{
"group_ids": ["1b978423-db0a-4037-a4cf-f79c60cb67b3"]
}The maximum duration for which the resource can be requested (in minutes).
120
The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.
120
The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.
120
The ID of the associated request template.
"06851574-e50d-40ca-8c78-f72ae6ab4304"
The list of reviewer stages for the request configuration.
Show child attributes
Show child attributes
Whether this reviewer stage should require manager approval.
false
The operator of the reviewer stage. Admin and manager approval are also treated as reviewers.
AND, OR "AND"
Whether this reviewer stage should require admin approval.
false
Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource.
Show child attributes
Show child attributes
The third party ticketing platform provider.
JIRA, LINEAR, SERVICE_NOW "LINEAR"
Custom request notification sent upon request approval.
800The risk sensitivity level for the resource. When an override is set, this field will match that.
UNKNOWN, CRITICAL, HIGH, MEDIUM, LOW, NONE Indicates the level of potential impact misuse or unauthorized access may incur.
UNKNOWN, CRITICAL, HIGH, MEDIUM, LOW, NONE JSON metadata about the remote resource. Only set for items linked to remote systems. See this guide for details.
"{\n \"okta_directory_role\":\n {\n \"role_id\": \"SUPER_ADMIN-b52aa037-4a35-4ac3-9350-f6260fd12345\",\n \"role_type\": \"SUPER_ADMIN\",\n },\n}"
Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields.
Show child attributes
Show child attributes
Remote info for Databricks account service principal.
Show child attributes
Show child attributes
The application ID of the service principal.
"00000000-0000-0000-0000-000000000000"
The resource ID of the service principal.
"00000000-0000-0000-0000-000000000000"
Remote info for Azure virtual machine.
Show child attributes
Show child attributes
The ARM resource ID of the virtual machine.
"/subscriptions/0000/resourceGroups/rg/providers/Microsoft.Compute/virtualMachines/vm01"
Remote info for Azure storage account.
Show child attributes
Show child attributes
The ARM resource ID of the storage account.
"/subscriptions/0000/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/sa01"
Remote info for Azure storage container.
Show child attributes
Show child attributes
The ARM resource ID of the storage container.
"/subscriptions/0000/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/sa01/blobServices/default/containers/c01"
Remote info for Azure SQL database.
Show child attributes
Show child attributes
The ARM resource ID of the SQL database.
"/subscriptions/0000/resourceGroups/rg/providers/Microsoft.Sql/servers/sqldev01/databases/db01"
Remote info for Azure SQL managed instance.
Show child attributes
Show child attributes
The ARM resource ID of the SQL managed instance.
"/subscriptions/0000/resourceGroups/rg/providers/Microsoft.Sql/managedInstances/mi01"
Remote info for Azure SQL managed database.
Show child attributes
Show child attributes
The ARM resource ID of the SQL managed database.
"/subscriptions/0000/resourceGroups/rg/providers/Microsoft.Sql/managedInstances/mi01/databases/midb01"
Remote info for Azure user assigned managed identity.
Show child attributes
Show child attributes
The ARM resource ID of the user assigned managed identity.
"/subscriptions/0000/resourceGroups/rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id01"
Remote info for AWS organizational unit.
Remote info for AWS account.
Remote info for AWS Identity Center permission set.
Show child attributes
Show child attributes
The ARN of the permission set.
"arn:aws:sso:::permissionSet/asdf-32139302d201d32/ps-f03323201211e1b9"
The ID of an AWS account to which this permission set is provisioned.
234234234234
Remote info for AWS IAM role.
Remote info for AWS EC2 instance.
Show child attributes
Show child attributes
The instanceId of the EC2 instance.
"i-13f1a1e2899f9e93a"
The region of the EC2 instance.
"us-east-2"
The id of the AWS account. Required for AWS Organizations.
234234234234
Remote info for AWS RDS cluster.
Show child attributes
Show child attributes
The clusterId of the RDS cluster.
"demo-mysql-cluster"
The region of the RDS cluster.
"us-east-2"
The resourceId of the RDS cluster.
"cluster-AOO8V0XUCNU13XLZXQDQRSN0NQ"
The id of the AWS account. Required for AWS Organizations.
234234234234
The name of the database in the RDS cluster. This can be the value of the tag opal:database-name or the database name.
"mydatabase"
The database engine for the RDS instance.
MYSQL, POSTGRESQL Remote info for AWS RDS instance.
Show child attributes
Show child attributes
The instanceId of the RDS instance.
"demo-mysql-db"
The region of the RDS instance.
"us-east-2"
The resourceId of the RDS instance.
"db-AOO8V0XUCNU13XLZXQDQRSN0NQ"
The id of the AWS account. Required for AWS Organizations.
234234234234
Remote info for AWS EKS cluster.
Remote info for a custom connector resource.
Show child attributes
Show child attributes
The id of the resource in the end system
"01fa7402-01d8-103b-8deb-5f3a0ab7884"
A bool representing whether or not the resource can have usage data.
false
Remote info for GCP compute instance.
Show child attributes
Show child attributes
The id of the instance.
"example-instance-898931321"
The id of the project the instance is in.
"example-project-898931321"
The zone the instance is in.
"us-central1-a"
Remote info for GCP BigQuery Dataset.
Remote info for GCP BigQuery Table.
Show child attributes
Show child attributes
The id of the project the table is in.
"example-project-898931321"
The id of the dataset the table is in.
"example-dataset-898931321"
The id of the table.
"example-table-898931321"
Remote info for GCP SQL instance.
Remote info for a GCP service account.
Show child attributes
Show child attributes
The email of the service account.
The id of the service account.
103561576023829460000
The id of the project the service account is in.
"example-project-898931321"
Remote info for Snowflake table.
Show child attributes
Show child attributes
The name of the database the table is in.
"mydatabase"
The name of the schema the table is in.
"mycatalogschema"
The name of the table.
"myitemstable"
Remote info for Salesforce profile.
Remote info for OpenAI Platform service account.
List of resource IDs that are ancestors of this resource.
[
"f454d283-ca67-4a8a-bdbb-df212eca5345",
"f454d283-ca67-4a8a-bdbb-df212eca5346"
]List of resource IDs that are descendants of this resource.
[
"f454d283-ca67-4a8a-bdbb-df212eca5347",
"f454d283-ca67-4a8a-bdbb-df212eca5348"
]Information about the last successful sync of this resource.
{
"id": "7c86c85d-0651-43e2-a748-d69d658418e8",
"completed_at": "2023-10-01T12:00:00.000Z"
}The cursor with which to continue pagination if additional result pages exist.
"cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw"
The cursor used to obtain the current result page.
"cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ"
Was this page helpful?