cURL

curl --request POST \
  --url https://api.opal.dev/v1/resources/{resource_id}/non-human-identities/{non_human_identity_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "duration_minutes": 60,
  "access_level_remote_id": "roles/cloudsql.instanceUser"
}'

{
  "non_human_identity_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
  "resource_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
  "expiration_date": "2022-01-23T04:56:07.000Z"
}

POST

resources

{resource_id}

non-human-identities

{non_human_identity_id}

cURL

curl --request POST \
  --url https://api.opal.dev/v1/resources/{resource_id}/non-human-identities/{non_human_identity_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "duration_minutes": 60,
  "access_level_remote_id": "roles/cloudsql.instanceUser"
}'

{
  "non_human_identity_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
  "resource_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
  "expiration_date": "2022-01-23T04:56:07.000Z"
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

resource_id

string<uuid>

required

The ID of the resource.

non_human_identity_id

string<uuid>

required

The resource ID of the non-human identity to add.

Body

application/json

duration_minutes

integer

required

The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite.

Required range: x <= 525960

Example:

60

access_level_remote_id

string

The remote ID of the access level to grant. If omitted, the default access level remote ID value (empty string) is used.

Example:

"roles/cloudsql.instanceUser"

Response

200 - application/json

Details about the access that the non-human identity was granted to the resource.

Resource Non-Human Identity Direct Access Object

Description

This object is used to represent a non-human identity with direct access to a resource.

resource_id

string<uuid>

required

The ID of the resource.

Example:

"1b978423-db0a-4037-a4cf-f79c60cb67b3"

non_human_identity_id

string<uuid>

required

The resource ID of the non-human identity.

Example:

"29827fb8-f2dd-4e80-9576-28e31e9934ac"

access_level

object

Access Level Object

Description

The AccessLevel object is used to represent the level of access that a principal has. The "default" access level is a AccessLevel object whose fields are all empty strings.

Usage Example

View the AccessLevel of a resource/user or resource/group pair to see the level of access granted to the resource.

Show child attributes

Example:

{
  "access_level_name": "AdminRole",
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}

expiration_date

string<date-time> | null

The day and time the non-human identity's access will expire.

Example:

"2022-01-23T04:56:07.000Z"

Get resource users Delete resources non human identities

⌘I

API Concepts

SDKs

Opal API

Post resources non human identities

Authorizations

Path Parameters

Body

Response

Resource Non-Human Identity Direct Access Object

Description

Access Level Object

Description

Usage Example