cURL

curl --request POST \
  --url https://api.opal.dev/v1/resources/{resource_id}/users/{user_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "duration_minutes": 60,
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}'

{
  "full_name": "Jake Barnes",
  "user_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
  "resource_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
  "expiration_date": "2022-01-23T04:56:07.000Z",
  "email": "jake@company.dev"
}

POST

resources

{resource_id}

users

{user_id}

cURL

curl --request POST \
  --url https://api.opal.dev/v1/resources/{resource_id}/users/{user_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "duration_minutes": 60,
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}'

{
  "full_name": "Jake Barnes",
  "user_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
  "resource_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
  "expiration_date": "2022-01-23T04:56:07.000Z",
  "email": "jake@company.dev"
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

resource_id

string<uuid>

required

The ID of the resource.

user_id

string<uuid>

required

The ID of the user to add.

Query Parameters

duration_minutes

integer

deprecated

The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite.

Required range: x <= 525960

access_level_remote_id

string

deprecated

The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used.

Body

application/json

duration_minutes

integer

required

The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite.

Required range: x <= 525960

Example:

60

access_level_remote_id

string

The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used.

Example:

"arn:aws:iam::590304332660:role/AdministratorAccess"

Response

200 - application/json

The ResourceUser that was created.

Resource User Object

Description

The ResourceUser object is used to represent a user with direct access to a resource.

resource_id

string<uuid>

required

The ID of the resource.

Example:

"1b978423-db0a-4037-a4cf-f79c60cb67b3"

user_id

string<uuid>

required

The ID of the user.

Example:

"29827fb8-f2dd-4e80-9576-28e31e9934ac"

access_level

object

required

Access Level Object

Description

The AccessLevel object is used to represent the level of access that a principal has. The "default" access level is a AccessLevel object whose fields are all empty strings.

Usage Example

View the AccessLevel of a resource/user or resource/group pair to see the level of access granted to the resource.

Show child attributes

Example:

{
  "access_level_name": "AdminRole",
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}

full_name

string

required

The user's full name.

Example:

"Jake Barnes"

string

required

The user's email.

Example:

"jake@company.dev"

expiration_date

string<date-time> | null

The day and time the user's access will expire.

Example:

"2022-01-23T04:56:07.000Z"

Put resources users Delete resources users

⌘I

API Concepts

SDKs

Opal API

Post resources users

Authorizations

Path Parameters

Query Parameters

Body

Response

Resource User Object

Description

Access Level Object

Description

Usage Example