Skip to content
JITSudo Docs

Overview

Jitsudo API 1.0.0

Section titled “Jitsudo API 1.0.0”

Access request management API with policy-driven authorization.

Authentication

Two schemes are supported:

  • ApiKeyAuth: X-API-Key header — used by the Terraform provider and admin operations.
  • BearerAuth: Authorization: Bearer <jwt> — used by the web UI and end users.

All endpoints except /healthz require an X-Tenant-ID header identifying the tenant. The middleware validates that the provided credential belongs to the specified tenant. A mismatch returns 403 tenant_mismatch.

Informations

  • OpenAPI version: 3.0.3

Operations

Section titled “ Operations ”
POST
/v1/auth/callback
GET
/v1/auth/providers
POST
/v1/auth/login
POST
/v1/auth/mfa/challenge
POST
/v1/auth/mfa/enroll-via-challenge
POST
/v1/auth/passkey/begin
POST
/v1/auth/mfa/webauthn/begin
POST
/v1/auth/mfa/webauthn/complete
POST
/v1/auth/request-password-reset
POST
/v1/auth/reset-password
POST
/v1/auth/verify-email
POST
/v1/auth/set-initial-password
POST
/v1/auth/revoke-session
POST
/v1/auth/logout
GET
/healthz
GET
/v1/users/me/preferences
PATCH
/v1/users/me/preferences
GET
/v1/users/me/profile
PUT
/v1/users/me/profile
GET
/v1/users/me/notification-preferences
PUT
/v1/users/me/notification-preferences
GET
/v1/users/me/sessions
DELETE
/v1/users/me/sessions
DELETE
/v1/users/me/sessions/{id}
GET
/v1/users/{id}/identities
GET
/v1/users
POST
/v1/users
GET
/v1/users/{id}
PUT
/v1/users/{id}
DELETE
/v1/users/{id}
POST
/v1/users/{id}/suspend
POST
/v1/users/{id}/resend-invite
POST
/v1/users/me/password
GET
/v1/users/{id}/effective-roles
GET
/v1/users/me/notifications
POST
/v1/users/me/notifications/{id}/read
POST
/v1/users/me/notifications/mark-all-read
GET
/v1/tenants
POST
/v1/tenants
GET
/v1/tenants/{id}
PUT
/v1/tenants/{id}
DELETE
/v1/tenants/{id}
GET
/v1/tenants/{id}/users
GET
/v1/tenants/{id}/audit-log
GET
/v1/tenants/{id}/settings
GET
/v1/settings
PUT
/v1/settings/{key}
GET
/v1/settings/ai-providers
GET
/v1/settings/ai-providers/{type}
PUT
/v1/settings/ai-providers/{type}
DELETE
/v1/settings/ai-providers/{type}
POST
/v1/settings/ai-providers/{type}/test
PUT
/v1/settings/ai-provider-default
GET
/v1/oidc-config
PUT
/v1/oidc-config
GET
/v1/notification-channels
POST
/v1/notification-channels/email
POST
/v1/notification-channels/slack-webhook
POST
/v1/notification-channels/generic-webhook
POST
/v1/notification-channels/aws-sns
GET
/v1/notification-channels/{id}
PUT
/v1/notification-channels/{id}
DELETE
/v1/notification-channels/{id}
GET
/v1/identity-providers
POST
/v1/identity-providers
GET
/v1/identity-providers/{id}
PUT
/v1/identity-providers/{id}
DELETE
/v1/identity-providers/{id}
POST
/v1/identity-providers/{id}/sync
GET
/v1/identity-providers/capabilities
POST
/v1/users/{id}/identities
DELETE
/v1/users/{id}/identities/{identityId}
GET
/v1/api-keys
POST
/v1/api-keys
GET
/v1/api-keys/{id}
PUT
/v1/api-keys/{id}
DELETE
/v1/api-keys/{id}
GET
/v1/policies
POST
/v1/policies
POST
/v1/policies/evaluate
PATCH
/v1/policies/reorder
GET
/v1/policies/{policyId}
DELETE
/v1/policies/{policyId}
PATCH
/v1/policies/{policyId}
GET
/v1/policies/{policyId}/rules
POST
/v1/policies/{policyId}/rules
PATCH
/v1/policies/{policyId}/rules/reorder
GET
/v1/policies/{policyId}/rules/{ruleId}
DELETE
/v1/policies/{policyId}/rules/{ruleId}
PATCH
/v1/policies/{policyId}/rules/{ruleId}
GET
/v1/requests
POST
/v1/requests
GET
/v1/requests/{id}
DELETE
/v1/requests/{id}
POST
/v1/requests/{id}/approve
POST
/v1/requests/{id}/deny
GET
/v1/requests/{id}/messages
POST
/v1/requests/{id}/messages
GET
/v1/grants
GET
/v1/grants/{id}
DELETE
/v1/grants/{id}
PATCH
/v1/grants/{id}
GET
/v1/grants/{id}/activity
GET
/v1/grants/{id}/activity/summary
GET
/v1/audit-log
GET
/v1/audit-log/{id}
GET
/v1/resources/{id}
GET
/v1/aws/accounts
PUT
/v1/aws/accounts
GET
/v1/aws/permission-sets
PUT
/v1/aws/permission-sets
GET
/v1/aws/s3-buckets
GET
/v1/aws/rds-instances
GET
/v1/aws/ec2-instances
GET
/v1/aws/organizational-units
GET
/v1/setup/status
POST
/v1/setup/complete
GET
/v1/users/me/mfa
POST
/v1/users/me/mfa/totp
POST
/v1/users/me/mfa/totp/verify
POST
/v1/users/me/mfa/webauthn/register
POST
/v1/users/me/mfa/webauthn/register/complete
DELETE
/v1/users/me/mfa/{id}
POST
/v1/users/me/mfa/backup-codes
GET
/v1/roles
POST
/v1/roles
GET
/v1/roles/{slug}
DELETE
/v1/roles/{slug}
PATCH
/v1/roles/{slug}
GET
/v1/domains
POST
/v1/domains
DELETE
/v1/domains/{id}
POST
/v1/domains/{id}/verify
GET
/granted/config.json
GET
/v1/registry/profiles
POST
/v1/access/ensure
GET
/v1/access/requests/{id}
GET
/v1/groups
POST
/v1/groups
GET
/v1/groups/{id}
DELETE
/v1/groups/{id}
PATCH
/v1/groups/{id}
GET
/v1/groups/{id}/members
POST
/v1/groups/{id}/members
DELETE
/v1/groups/{id}/members/{userId}
GET
/v1/groups/{id}/roles
POST
/v1/groups/{id}/roles
DELETE
/v1/groups/{id}/roles/{role}
GET
/v1/permissions
POST
/v1/integrations/aws-identity-center/bootstrap-template
GET
/v1/integrations/aws-identity-center/external-id
POST
/v1/integrations/aws-identity-center/external-id/rotate
POST
/v1/integrations/aws-identity-center/external-id/confirm
POST
/v1/integrations/aws-identity-center/external-id/cancel
GET
/v1/integrations/aws-identity-center/config
PUT
/v1/integrations/aws-identity-center/config
POST
/v1/integrations/aws-identity-center/test
GET
/public/aws/bootstrap-template/{token}.yaml

Authentication

Section titled “ Authentication ”

ApiKeyAuth

Section titled “ApiKeyAuth ”

Security scheme type: apiKey

Header parameter name: X-API-Key

BearerAuth

Section titled “BearerAuth ”

Security scheme type: http

Bearer format: JWT

CookieAuth

Section titled “CookieAuth ”

Security scheme type: apiKey

Cookie parameter name: jitsudo_session