Manage Batches of Security Identities

This is for:

Developer System Administrator

It’s possible to add, update, and/or disable batches of security identities in the security identity provider of a secured Push source.

This means that you can forward many push operations to the service using only a few Push API calls, rather than performing hundreds (or thousands) of individual Push API calls to achieve the same results. Therefore, Manage security identities in batches is the best way to ensure that you never get throttled by the service (see Push API limits - Recommended maximum number of items/security identities per hour).

Performing batch push operations is slightly more complex than performing single push operations, as doing so involves three distinct steps which are detailed in this article.

Step 1: Create a file container

See Create a file container.

Step 2: Upload the security identity update into the file container

Perform the following PUT request to upload the push operations required for your security identity update into the Amazon S3 file container you got from Step 1: Create a file container.

Request template

Request definition

PUT <MyUploadURI> HTTP/1.1

<HTTPHeaders>

Request body

See Security identity models - BatchIdentityModel.

{
  "members": [
    <MySecurityIdentityDefinition>*
  ],
  "mappings": [
    <MyUserAliasDefinition>*
  ],
  "deleted": [
    {
      "identity": {
        "name": <MySecurityIdentityName>,
        "type": <"GROUP"|"UNKNOWN"|"USER"|"VIRTUAL_GROUP">
      }
    }*
  ]
}

Replace:

  • <MyUploadUri> with the value of the uploadUri property you got in the response when you created your file container in Step 1: Create a file container.

  • <HTTPHeaders> with the keys-value pairs of the requiredHeaders object property you got in the response when you created your file container in Step 1: Create a file container.

In the request body (see Security identity models - BatchIdentityModel):

A successful response (200 OK) has no content, but indicates that security identity update push operations were successfully uploaded into the Amazon S3 file container.

Sample request

The following example shows how to upload a batch of security identity update operations into a file container.

Request definition

PUT link:https://coveo-nprod-customerdata.s3.amazonaws.com/proda/blobstore/mycoveocloudv2organizationg8tp8wu3/b5e8767e-8f0d-4a89-9095-1127915c89c7[...] HTTP/1.1

x-amz-server-side-encryption: AES256
Content-Type: application/octet-stream

Request body

{
  "members": [
    {
      "identity": {
        "name": "SampleGroup",
        "type": "GROUP"
      },
      "members": [
        {
          "name": "asmith@example.com",
          "type": "USER"
        },
        // ...More members for this group...
      ],
      "wellKnowns": [
        {
          "name": "Domain Users",
          "type": "GROUP"
        },
        // ...More granted identities for this group...
      ]
    },
    // ...More security identity definitions...
  ],
  "mappings": [
    {
      "identity": {
        "name": "asmith@example.com",
        "type": "USER"
      },
      "mappings": [
        {
          "name": "alice_smith@example.com",
          "type": "USER",
          "provider": "Email Security Provider"
        },
        // ...More aliases for this user...
      ],
      "wellKnowns": [
        {
          "name": "Everyone",
          "type": "GROUP"
        },
        // ...More granted identities for this alias...
      ]
    },
    // ...More alias definitions...
  ],
  "deleted": [
    {
      "identity": {
        "name": "SampleGroup2",
        "type": "GROUP"
      }
    },
    {
      "identity": {
        "name": "bjones_alias",
        "type": "USER"
      }
    }
    // ...More security identities to disable...
  ]
}

Successful response - 200 OK

{}

Step 3: Push the file container into a security identity provider

Use the add, update, and/or delete batch of security identities operation to push the Amazon S3 file container into the security identity provider of your secured Push source.

Request template

Request definition

PUT https://api.cloud.coveo.com/push/v1/organizations/<MyOrganizationId>/providers/<MySecurityIdentityProviderId>/permissions/batch?fileId=<MyFileId> HTTP/1.1

Content-Type: application/json
Accept: application/json
Authorization: Bearer <MyAccessToken>

Request body

{}
Note

For legacy reasons, the request path of this operation includes the word permissions instead of identities. While those two concepts are related, they have entirely different meanings.

Remember that this operation actually allows you to interact with security identities (not item permissions).

In the request path:

In the query string:

In the Authorization HTTP header:

Note

You may notice that certain security identities in a security identity provider are in error. Typically, this is because the security identity no longer exists in the security identity provider (that is, it has been disabled), but one or several item permission models still refer to it. To address this error, you must perform the necessary push operations on the secured Push source to ensure that item permission models and security identities are perfectly in sync.

Sample request

This example shows how to push a file container into the security identity provider of a secured Push source.

Request definition

PUT https://api.cloud.coveo.com/push/v1/organizations/mycoveocloudv2organizationg8tp8wu3/providers/My%20Secured%20Push%20Source%20Security%20Identity%20Provider/permissions/batch?fileId=b5e8767e-8f0d-4a89-9095-1127915c89c7 HTTP/1.1

Content-Type: application/json
Accept: application/json
Authorization: Bearer **********-****-****-****-************

Request body

{}

Successful response - 202 Accepted

null