Submit access request
const url = 'https://example.com/v1/requests';const options = { method: 'POST', headers: { 'X-Tenant-ID': '2489E9AD-2EE2-8E00-8EC9-32D5F69181C0', 'X-API-Key': '<X-API-Key>', 'Content-Type': 'application/json' }, body: '{"resource":{"type":"aws_account","id":"example"},"action":"example","reason":"example","duration_seconds":1,"break_glass":false,"metadata":{}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/v1/requests \ --header 'Content-Type: application/json' \ --header 'X-API-Key: <X-API-Key>' \ --header 'X-Tenant-ID: 2489E9AD-2EE2-8E00-8EC9-32D5F69181C0' \ --data '{ "resource": { "type": "aws_account", "id": "example" }, "action": "example", "reason": "example", "duration_seconds": 1, "break_glass": false, "metadata": {} }'Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Header Parameters
Section titled “Header Parameters ”Tenant identifier. Must match the tenant associated with the credential. Returns 403 tenant_mismatch if the credential and header belong to different tenants.
Request Body required
Section titled “Request Body required ”object
object
Resource identifier. Format depends on type: aws_account: 12-digit AWS account ID aws_permission_set: permission set ARN aws_s3_bucket: bucket name aws_rds_instance: DB instance ARN aws_ec2_instance: instance ID (i-xxxx) aws_organizational_unit: OU ID (ou-xxxx-xxxxxxxx)
Requested duration in seconds. Null or omitted means use system default.
Emergency bypass flag. Skips policy evaluation and creates an approved request immediately.
object
Responses
Section titled “ Responses ”Created
object
Identity of the user requesting access (subject claim from JWT).
object
Resource identifier. Format depends on type: aws_account: 12-digit AWS account ID aws_permission_set: permission set ARN aws_s3_bucket: bucket name aws_rds_instance: DB instance ARN aws_ec2_instance: instance ID (i-xxxx) aws_organizational_unit: OU ID (ou-xxxx-xxxxxxxx)
User-provided justification for the request.
Approver or system-provided explanation of the decision.
Identity of the user who approved or denied the request.
How the request was approved. Null for requests created before this field existed.
Whether this was an emergency break-glass request.
Requested duration in seconds.
object
Example
{ "resource": { "type": "aws_account" }, "status": "pending", "approval_mode": "require"}Invalid input
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Unauthenticated
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Forbidden
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}