Skip to content
JITSudo Docs

Ensure access entitlements (JIT access request hook)

POST
/v1/access/ensure
 
curl --request POST \
  --url https://example.com/v1/access/ensure \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-Tenant-ID: 2489E9AD-2EE2-8E00-8EC9-32D5F69181C0' \
  --data '{ "entitlements": [ { "target": "example", "role": "example", "duration_seconds": 1 } ], "justification": { "reason": "example", "attachments": [ "example" ] }, "dry_run": false }'

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Header Parameters

Section titled “Header Parameters ”
X-Tenant-ID
required
string format: uuid

Tenant identifier. Must match the tenant associated with the credential. Returns 403 tenant_mismatch if the credential and header belong to different tenants.

Request Body required

Section titled “Request Body required ”
Media type application/json
object
entitlements
required
Array<object>
object
target
required

Entitlement target in format AWS::Account::{account_id}

string
role
required

Permission set / role name

string
duration_seconds
integer
justification
object
reason
string
attachments
Array<string>
dry_run
boolean

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Access grant results

Media type application/json
object
grants
required
Array<object>
object
id
required
string format: uuid
name
required
string
status
required
string
Allowed values: active pending provisioning expired revoked
change
required
string
Allowed values: none activated requested extended
approved
required
boolean
duration_seconds
integer
expires_at
string format: date-time
nullable
activated_at
string format: date-time
nullable
access_request_id
string format: uuid
nullable
provisioning_status
string
Allowed values: pending successful failed
validation
required
object
has_reason
boolean
has_ticket_attachment
boolean
diagnostics
required
Array<object>
object
key
additional properties
any
Example 
{
  "grants": [
    {
      "status": "active",
      "change": "none",
      "provisioning_status": "pending"
    }
  ]
}

400

Section titled “400 ”

Bad request

Media type application/json
object
code
required

Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).

string
message
required

Human-readable description of the error.

string
details

Optional additional context about the error.

object
key
additional properties
any
notices

Policy notices from determining Cedar rules, if applicable.

Array<string>
Example generated
{
  "code": "example",
  "message": "example",
  "details": {},
  "notices": [
    "example"
  ]
}

401

Section titled “401 ”

Unauthenticated

Media type application/json
object
code
required

Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).

string
message
required

Human-readable description of the error.

string
details

Optional additional context about the error.

object
key
additional properties
any
notices

Policy notices from determining Cedar rules, if applicable.

Array<string>
Example generated
{
  "code": "example",
  "message": "example",
  "details": {},
  "notices": [
    "example"
  ]
}

403

Section titled “403 ”

Forbidden

Media type application/json
object
code
required

Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).

string
message
required

Human-readable description of the error.

string
details

Optional additional context about the error.

object
key
additional properties
any
notices

Policy notices from determining Cedar rules, if applicable.

Array<string>
Example generated
{
  "code": "example",
  "message": "example",
  "details": {},
  "notices": [
    "example"
  ]
}