Roles
Role-based access control management
Returns all roles.
The bearer token can be obtained by creating a ServiceAccount.
Happy response.
Error object.
GET /api/v1/roles HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"items": [
{
"name": "text",
"display_name": "text",
"lrn": "text",
"description": "text",
"id": "text",
"created_at": "2025-11-15T21:17:17.451Z",
"policy_length": 1,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
]
}Creates a new role.
The bearer token can be obtained by creating a ServiceAccount.
Contains the fields needed to create a role.
Sets the unique name of the new role. It must be a valid HQ resource name: it can only contain lowercase alphanumeric characters or hyphens; hyphens cannot appear at the end or start; the length is 63 characters at most.
Sets the display name of the new role. If not provided, the value of "name" will be used.
Sets the description of the new role.
Happy response.
Error object.
POST /api/v1/roles HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 168
{
"name": "text",
"display_name": "text",
"description": "text",
"policy": [
{
"effect": "allow",
"action": "text",
"resource": "text"
}
],
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}{
"name": "text",
"display_name": "text",
"lrn": "text",
"description": "text",
"id": "text",
"created_at": "2025-11-15T21:17:17.451Z",
"policy": [
{
"effect": "allow",
"action": "text",
"resource": "text"
}
],
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}Adds a permission statement to an existing Role's policy. No deduplication is done.
The bearer token can be obtained by creating a ServiceAccount.
Describes the effect for an action and resource.
Enumerates permission effects.
Is either a single action or a list of actions.
Is either a single string or a list of strings.
Happy response.
Error object.
POST /api/v1/roles/{name}/policy HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 52
{
"effect": "allow",
"action": "text",
"resource": "text"
}{
"name": "text",
"display_name": "text",
"lrn": "text",
"description": "text",
"id": "text",
"created_at": "2025-11-15T21:17:17.451Z",
"policy": [
{
"effect": "allow",
"action": "text",
"resource": "text"
}
],
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}Returns a specific role.
The bearer token can be obtained by creating a ServiceAccount.
Happy response.
Error object.
GET /api/v1/roles/{name} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"name": "text",
"display_name": "text",
"lrn": "text",
"description": "text",
"id": "text",
"created_at": "2025-11-15T21:17:17.451Z",
"policy": [
{
"effect": "allow",
"action": "text",
"resource": "text"
}
],
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}Deletes a role.
The bearer token can be obtained by creating a ServiceAccount.
Successful deletion.
Error object.
DELETE /api/v1/roles/{name} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
No content
Updates a role.
The bearer token can be obtained by creating a ServiceAccount.
Updates a role. Absent fields are left untouched.
Updates the display name of the role.
Updates the description of the role.
Happy response.
Error object.
PATCH /api/v1/roles/{name} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 154
{
"display_name": "text",
"description": "text",
"policy": [
{
"effect": "allow",
"action": "text",
"resource": "text"
}
],
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}{
"name": "text",
"display_name": "text",
"lrn": "text",
"description": "text",
"id": "text",
"created_at": "2025-11-15T21:17:17.451Z",
"policy": [
{
"effect": "allow",
"action": "text",
"resource": "text"
}
],
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}Last updated
Was this helpful?