Deny access request
const url = 'https://example.com/v1/requests/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/deny';const options = { method: 'POST', headers: { 'X-Tenant-ID': '2489E9AD-2EE2-8E00-8EC9-32D5F69181C0', 'X-API-Key': '<X-API-Key>', 'Content-Type': 'application/json' }, body: '{"reasoning":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/v1/requests/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/deny \ --header 'Content-Type: application/json' \ --header 'X-API-Key: <X-API-Key>' \ --header 'X-Tenant-ID: 2489E9AD-2EE2-8E00-8EC9-32D5F69181C0' \ --data '{ "reasoning": "example" }'Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Header Parameters
Section titled “Header Parameters ”Tenant identifier. Must match the tenant associated with the credential. Returns 403 tenant_mismatch if the credential and header belong to different tenants.
Request Body
Section titled “Request Body ”object
Example generated
{ "reasoning": "example"}Responses
Section titled “ Responses ”OK
object
Identity of the user requesting access (subject claim from JWT).
object
Resource identifier. Format depends on type: aws_account: 12-digit AWS account ID aws_permission_set: permission set ARN aws_s3_bucket: bucket name aws_rds_instance: DB instance ARN aws_ec2_instance: instance ID (i-xxxx) aws_organizational_unit: OU ID (ou-xxxx-xxxxxxxx)
User-provided justification for the request.
Approver or system-provided explanation of the decision.
Identity of the user who approved or denied the request.
How the request was approved. Null for requests created before this field existed.
Whether this was an emergency break-glass request.
Requested duration in seconds.
object
Example
{ "resource": { "type": "aws_account" }, "status": "pending", "approval_mode": "require"}Unauthenticated
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Forbidden
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Not found
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Request not in pending state
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}