SGNL Public API v2.0.0
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
SGNL Public API
Base URLs:
-
Endpoint for Access service. All access evaluation calls must be made to this endpoint. The URL might change based on whether SGNL is running in an on-prem or SaaS environment.
Product Documentation
Email: API Support
Web: API Support
License: Apache 2.0
Terms of service
Introduction
The SGNL API is based on REST. It accepts JSON-encoded requests, returns JSON-encoded responses and uses standard HTTP verbs, authentication and response codes. The access API endpoint is used by integrations to make access requests and uses Bearer Authentication for access control and authentication. The authentication token is generated during integration configuration. Use -H "Authorization: Bearer <authentication_token>" in your requests. All API requests must be made over HTTPS.
Access Evaluation
accessEvaluation
Code samples
POST /access/v2/evaluations HTTP/1.1
Content-Type: application/json
Accept: application/json
X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
Accept-Language: en, en-US;q=0.8, es;q=0.7
Authorization: Bearer {access-token}
Host: access.sgnlapis.cloud
Content-Length: 179
{"principal":{"id":"john.doe@sgnl.ai","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"}]}
curl --request POST \
--url https://access.sgnlapis.cloud/access/v2/evaluations \
--header 'Accept: application/json' \
--header 'Accept-Language: en, en-US;q=0.8, es;q=0.7' \
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/json' \
--header 'X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716' \
--data '{"principal":{"id":"john.doe@sgnl.ai","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"}]}'
CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://access.sgnlapis.cloud/access/v2/evaluations");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Content-Type: application/json");
headers = curl_slist_append(headers, "Accept: application/json");
headers = curl_slist_append(headers, "X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
headers = curl_slist_append(headers, "Accept-Language: en, en-US;q=0.8, es;q=0.7");
headers = curl_slist_append(headers, "Authorization: Bearer {access-token}");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}");
CURLcode ret = curl_easy_perform(hnd);
HttpResponse<String> response = Unirest.post("https://access.sgnlapis.cloud/access/v2/evaluations")
.header("Content-Type", "application/json")
.header("Accept", "application/json")
.header("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.header("Accept-Language", "en, en-US;q=0.8, es;q=0.7")
.header("Authorization", "Bearer {access-token}")
.body("{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
.asString();
val client = OkHttpClient()
val mediaType = MediaType.parse("application/json")
val body = RequestBody.create(mediaType, "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
val request = Request.Builder()
.url("https://access.sgnlapis.cloud/access/v2/evaluations")
.post(body)
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.addHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.addHeader("Accept-Language", "en, en-US;q=0.8, es;q=0.7")
.addHeader("Authorization", "Bearer {access-token}")
.build()
val response = client.newCall(request).execute()
var client = new RestClient("https://access.sgnlapis.cloud/access/v2/evaluations");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
request.AddHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
request.AddHeader("Accept-Language", "en, en-US;q=0.8, es;q=0.7");
request.AddHeader("Authorization", "Bearer {access-token}");
request.AddParameter("application/json", "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://access.sgnlapis.cloud/access/v2/evaluations"
payload := strings.NewReader("{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
req.Header.Add("Accept-Language", "en, en-US;q=0.8, es;q=0.7")
req.Header.Add("Authorization", "Bearer {access-token}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
const data = JSON.stringify({
"principal": {
"id": "john.doe@sgnl.ai",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://access.sgnlapis.cloud/access/v2/evaluations");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
xhr.setRequestHeader("Accept-Language", "en, en-US;q=0.8, es;q=0.7");
xhr.setRequestHeader("Authorization", "Bearer {access-token}");
xhr.send(data);
const http = require("https");
const options = {
"method": "POST",
"hostname": "access.sgnlapis.cloud",
"port": null,
"path": "/access/v2/evaluations",
"headers": {
"Content-Type": "application/json",
"Accept": "application/json",
"X-Request-Id": "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
"Accept-Language": "en, en-US;q=0.8, es;q=0.7",
"Authorization": "Bearer {access-token}"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({
principal: {
id: 'john.doe@sgnl.ai',
ipAddress: '172.217.22.14',
deviceId: '48:65:ee:17:7e:0b'
},
queries: [{action: 'delete', assetId: '3cdd2459-d9d3-4df4-abbd-8cee6fecea2d'}]
}));
req.end();
import http.client
conn = http.client.HTTPSConnection("access.sgnlapis.cloud")
payload = "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}"
headers = {
'Content-Type': "application/json",
'Accept': "application/json",
'X-Request-Id': "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
'Accept-Language': "en, en-US;q=0.8, es;q=0.7",
'Authorization': "Bearer {access-token}"
}
conn.request("POST", "/access/v2/evaluations", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://access.sgnlapis.cloud/access/v2/evaluations")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Accept"] = 'application/json'
request["X-Request-Id"] = 'bfe9eb29-ab87-4ca3-be83-a1d5d8305716'
request["Accept-Language"] = 'en, en-US;q=0.8, es;q=0.7'
request["Authorization"] = 'Bearer {access-token}'
request.body = "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}"
response = http.request(request)
puts response.read_body
POST /access/v2/evaluations
Evaluate whether a principal can perform actions on assets.
Body parameter
{
"principal": {
"id": "john.doe@sgnl.ai",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| X-Request-Id | header | string | false | Arbitrary string identifier used to correlate requests with responses. The response will contain the X-Request-Id header with the same value. |
| Accept-Language | header | string | false | none |
| body | body | AccessEvaluationRequest | false | none |
| principal | body | Principal | true | Principal trying to access a protected asset |
| id | body | string | true | Identifier for the principal |
| ipAddress | body | string | false | IP address from which the principal is making the request |
| deviceId | body | string | false | The identifier for the device making the request |
| queries | body | [Query] | true | Collection of assets and/or actions |
| action | body | string | false | Action the principal is trying to perform on the asset |
| assetId | body | string | false | Identifer for the asset |
Example responses
200 Response
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"principalId": "john.doe@sgnl.ai",
"evaluationDuration": 2550,
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | AccessEvaluationResponse |
| 400 | Bad Request | Invalid request | ErrorResponse |
| 401 | Unauthorized | Unauthorized | ErrorResponse |
| 403 | Forbidden | Forbidden | ErrorResponse |
| 500 | Internal Server Error | Internal Error | ErrorResponse |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-Request-Id | string | none | |
| 400 | X-Request-Id | string | none | |
| 401 | X-Request-Id | string | none | |
| 403 | X-Request-Id | string | none | |
| 500 | X-Request-Id | string | none |
Assets search
accessSearch
Code samples
POST /access/v2/search HTTP/1.1
Content-Type: application/json
Accept: application/json
X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
Authorization: Bearer {access-token}
Host: access.sgnlapis.cloud
Content-Length: 130
{"principal":{"id":"john.doe@sgnl.ai","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete"}]}
curl --request POST \
--url https://access.sgnlapis.cloud/access/v2/search \
--header 'Accept: application/json' \
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/json' \
--header 'X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716' \
--data '{"principal":{"id":"john.doe@sgnl.ai","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete"}]}'
CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://access.sgnlapis.cloud/access/v2/search");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Content-Type: application/json");
headers = curl_slist_append(headers, "Accept: application/json");
headers = curl_slist_append(headers, "X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
headers = curl_slist_append(headers, "Authorization: Bearer {access-token}");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}");
CURLcode ret = curl_easy_perform(hnd);
HttpResponse<String> response = Unirest.post("https://access.sgnlapis.cloud/access/v2/search")
.header("Content-Type", "application/json")
.header("Accept", "application/json")
.header("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.header("Authorization", "Bearer {access-token}")
.body("{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}")
.asString();
val client = OkHttpClient()
val mediaType = MediaType.parse("application/json")
val body = RequestBody.create(mediaType, "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}")
val request = Request.Builder()
.url("https://access.sgnlapis.cloud/access/v2/search")
.post(body)
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.addHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.addHeader("Authorization", "Bearer {access-token}")
.build()
val response = client.newCall(request).execute()
var client = new RestClient("https://access.sgnlapis.cloud/access/v2/search");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
request.AddHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
request.AddHeader("Authorization", "Bearer {access-token}");
request.AddParameter("application/json", "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://access.sgnlapis.cloud/access/v2/search"
payload := strings.NewReader("{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
req.Header.Add("Authorization", "Bearer {access-token}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
const data = JSON.stringify({
"principal": {
"id": "john.doe@sgnl.ai",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete"
}
]
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://access.sgnlapis.cloud/access/v2/search");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
xhr.setRequestHeader("Authorization", "Bearer {access-token}");
xhr.send(data);
const http = require("https");
const options = {
"method": "POST",
"hostname": "access.sgnlapis.cloud",
"port": null,
"path": "/access/v2/search",
"headers": {
"Content-Type": "application/json",
"Accept": "application/json",
"X-Request-Id": "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
"Authorization": "Bearer {access-token}"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({
principal: {
id: 'john.doe@sgnl.ai',
ipAddress: '172.217.22.14',
deviceId: '48:65:ee:17:7e:0b'
},
queries: [{action: 'delete'}]
}));
req.end();
import http.client
conn = http.client.HTTPSConnection("access.sgnlapis.cloud")
payload = "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}"
headers = {
'Content-Type': "application/json",
'Accept': "application/json",
'X-Request-Id': "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
'Authorization': "Bearer {access-token}"
}
conn.request("POST", "/access/v2/search", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://access.sgnlapis.cloud/access/v2/search")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Accept"] = 'application/json'
request["X-Request-Id"] = 'bfe9eb29-ab87-4ca3-be83-a1d5d8305716'
request["Authorization"] = 'Bearer {access-token}'
request.body = "{\"principal\":{\"id\":\"john.doe@sgnl.ai\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}"
response = http.request(request)
puts response.read_body
POST /access/v2/search
Returns accessible assets for a principal given integration configuration
Body parameter
{
"principal": {
"id": "john.doe@sgnl.ai",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| X-Request-Id | header | string | false | Arbitrary string identifier used to correlate requests with responses. The response will contain the X-Request-Id header with the same value. |
| pageToken | query | string | false | Token to use to get the next set of assets |
| pageSize | query | integer | false | Maximum number of assets returned in a single page |
| body | body | SearchRequest | false | none |
| principal | body | Principal | true | Principal trying to access a protected asset |
| id | body | string | true | Identifier for the principal |
| ipAddress | body | string | false | IP address from which the principal is making the request |
| deviceId | body | string | false | The identifier for the device making the request |
| queries | body | [SearchQuery] | true | Collection of actions |
| action | body | string | false | Action the principal is trying to perform on the asset |
Example responses
200 Response
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"principalId": "john.doe@sgnl.ai",
"evaluationDuration": 2550,
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"assetAttributes": {}
}
],
"nextPageToken": "NWU0OGFiZTItNjI1My00NTQ5LWEzYTctNWQ1YmE1MmVmM2Q4"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | SearchResponse |
| 400 | Bad Request | Invalid request | ErrorResponse |
| 401 | Unauthorized | Unauthorized | ErrorResponse |
| 403 | Forbidden | Forbidden | ErrorResponse |
| 500 | Internal Server Error | Internal Error | ErrorResponse |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-Request-Id | string | none | |
| 400 | X-Request-Id | string | none | |
| 401 | X-Request-Id | string | none | |
| 403 | X-Request-Id | string | none | |
| 500 | X-Request-Id | string | none |
Schemas
ErrorResponse
{
"error": {
"code": 401,
"internalCode": "SGNL-40100",
"message": "The user is not authorized to make the request.",
"status": "UNAUTHORIZED"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| error | object | false | none | none |
| code | integer | false | none | none |
| internalCode | string | false | none | none |
| message | string | false | none | none |
| status | string | false | none | none |
AccessEvaluationRequest
{
"principal": {
"id": "john.doe@sgnl.ai",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
}
Request containing principal, assets and/or actions being sent for evaluation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| principal | Principal | true | none | Principal that is trying to access a protected asset |
| queries | [Query] | true | none | Collection of assets and/or actions |
SearchRequest
{
"principal": {
"id": "john.doe@sgnl.ai",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete"
}
]
}
Request containing principal and optional actions being sent for evaluation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| principal | Principal | true | none | Principal that is trying to access protected assets |
| queries | [SearchQuery] | true | none | Collection of actions |
Principal
{
"id": "john.doe@sgnl.ai",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
}
Principal trying to access a protected asset
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | true | none | Identifier for the principal |
| ipAddress | string | false | none | IP address from which the principal is making the request |
| deviceId | string | false | none | The identifier for the device making the request |
SearchQuery
{
"action": "delete"
}
Action used as parameter to the policies applied to evaluate access
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | Action the principal is trying to perform on the asset |
Query
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
Action and/or asset identifier used as parameters to the policies applied to evaluate access
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | Action the principal is trying to perform on the asset |
| assetId | string | false | none | Identifer for the asset |
AccessEvaluationResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"principalId": "john.doe@sgnl.ai",
"evaluationDuration": 2550,
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
]
}
]
}
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | AbstractAccessResponse | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | object | false | none | none |
| decisions | [AccessEvaluationQueryDecision] | true | none | Access decisions returned by the access API |
AbstractAccessResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"principalId": "john.doe@sgnl.ai",
"evaluationDuration": 2550
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| issuedAt | string(date-time) | true | none | Time at which the decision was issued |
| principalId | string | true | none | Principal making the request |
| evaluationDuration | integer | true | none | The time taken to make a decision in milliseconds |
SearchResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"principalId": "john.doe@sgnl.ai",
"evaluationDuration": 2550,
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"assetAttributes": {}
}
],
"nextPageToken": "NWU0OGFiZTItNjI1My00NTQ5LWEzYTctNWQ1YmE1MmVmM2Q4"
}
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | AbstractAccessResponse | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | object | false | none | none |
| decisions | [SearchQueryDecision] | true | none | Access decisions and assets |
| nextPageToken | string | false | none | Base64 encoded token used to retreive the next set of results |
AccessEvaluationQueryDecision
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | The action the principal is trying to perform on the asset |
| assetId | string | false | none | Identifer for the asset |
| decision | AccessDecision | true | none | Access decision returned by access API |
| reasons | [string] | false | none | Reasons associated to this decision |
SearchQueryDecision
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"assetAttributes": {}
}
An asset on which the principal is allowed to perform an action
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | The action the principal is trying to perform on the asset |
| assetId | string | true | none | Identifier for the asset |
| decision | AccessDecision | true | none | Access decision returned by access API |
| assetAttributes | object | true | none | The attributes of the asset |
AccessDecision
"Allow"
Access decision returned by access API
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | string | false | none | Access decision returned by access API |
Enumerated Values
| Property | Value |
|---|---|
| decision | Allow |
| decision | Deny |