API docs by Redocly

Authorization Server API (v1)

Invites

List groups current user is invited to

Lists all groups that the current user is currently invited to.

Authorizations:
oauth2
cookie Parameters
invite_code
string

Responses

Organization Access

List API keys with privilege access level

Lists the API keys with a specific privilege access level in an organization.

See Privilege reference.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
accessLevel
required
Array of strings unique
Items Enum: "EDIT_ALL" "CUSTOM" "VIEW_ALL" "NONE"

The access level an API key must have to be included in the response.
Allowed values:
- EDIT_ALL: API key can edit the organization.
- CUSTOM: API key has custom access to the organization.
- VIEW_ALL: API key can view the organization.
- NONE: API key has no access to the organization.

privilegeOwner
required
string

The owner value an API key must have to be included in the response.

privilegeTargetDomain
required
string

The targetDomain value an API key must have to be included in response.

Responses

List groups with privilege access level

Lists groups with a specific privilege access level in an organization.
See Privilege reference.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
OR
{"owner":"{privilegeOwner}","targetDomain":"{privilegeTargetDomain}","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
accessLevel
required
Array of strings unique
Items Enum: "EDIT_ALL" "CUSTOM" "VIEW_ALL" "NONE"

The access level the groups privileges must match to be included in the response.
Allowed values:
- EDIT_ALL: Groups can edit the organization.
- CUSTOM: Groups have custom access to the organization.
- VIEW_ALL: Groups can view the organization.
- NONE: Groups have no access to the organization.

privilegeOwner
required
string

The owner value the groups privileges must match to be included in the response.

privilegeTargetDomain
required
string

The targetDomain value the groups privileges must match to be included in the response.

Responses

Temporary Access

List temporary accesses

Lists the temporary accesses in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"TEMPORARY_ACCESS","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the organization for which to list temporary accesses.
Example: mycoveocloudorganizationg8tp8wu3

Responses

List active temporary accesses

List active temporary accesses in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"TEMPORARY_ACCESS","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the organization for which to list active temporary accesses.
Example: mycoveocloudorganizationg8tp8wu3

Responses

List expired temporary accesses

List expired temporary accesses in an organization.
Required privilege: Temporary access - View

Privilege required

{"owner":"PLATFORM","targetDomain":"TEMPORARY_ACCESS","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the organization for which to list expired temporary accesses.
Example: mycoveocloudorganizationg8tp8wu3

Responses

List user temporary accesses

Lists user temporary accesses in an organization.
Required privilege: Temporary access - View

Privilege required

{"owner":"PLATFORM","targetDomain":"TEMPORARY_ACCESS","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

username
required
string

The username of the user for which to list temporary access.
Example: jsmith@email.com-google

Responses

Revoke temporary access

Revokes a temporary access in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"TEMPORARY_ACCESS","type":"EDIT","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

temporaryAccessId
required
string

The unique identifier of the temporary access to revoke.
Example: 0378a782-ca90-11e9-a32f-2a2ae2dbcce4

Responses

Show temporary access

Shows a temporary access in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"TEMPORARY_ACCESS","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

temporaryAccessId
required
string

The unique identifier of the temporary access to show.
Example: wrm4yyygma4dga6zouiqcaknv4

Responses

List temporary accesses for current user

Lists the temporary accesses for the current user.

Authorizations:
oauth2
path Parameters
username
required
string

The username of the user for which to list temporary access.
Example: jsmith@email.com-google

Responses

List active temporary accesses for current user

Lists the active temporary accesses for the current user.

Authorizations:
oauth2
path Parameters
username
required
string

The username of the user for which to list active temporary accesses.
Example: jsmith@email.com-google

Responses

List expired temporary accesses for current user

List the expired temporary accesses for the current user.

Authorizations:
oauth2
path Parameters
username
required
string

The username of the user for which to list expired temporary accesses.
Example: jsmith@email.com-google

Responses

List expired and revoked temporary accesses for current user

Lists the expired and revoked temporary accesses for the current user.

Authorizations:
oauth2
path Parameters
username
required
string

The username of the user for which to list expired and revoked temporary accesses.
Example: jsmith@email.com-google

Responses

Revoke temporary access for current user

Revokes temporary access for a user to an organization.

Authorizations:
oauth2
path Parameters
temporaryAccessId
required
string

The unique identifier of the temporary access to revoke.
Example: 0378a782-ca90-11e9-a32f-2a2ae2dbcce4

username
required
string

The username of the user for which to revoke a temporary access.
Example: jsmith@email.com-google

Responses

Show temporary access for current user

Shows a temporary access for the current user.

Authorizations:
oauth2
path Parameters
temporaryAccessId
required
string

The unique identifier of the temporary access to show.
Example: wrm4yyygma4dga6zouiqcaknv4

username
required
string

The username of the user for which to show a temporary access.
Example: jsmith@email.com-google

Responses

Api Keys

List API keys

Lists all API keys in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the organization

query Parameters
status
string
Enum: "ACTIVE" "SOON_TO_BE_DISABLED" "SOON_TO_BE_EXPIRED" "ACTIVE_AND_EXPOSED" "DEACTIVATED"

Optional filter for API key status

Responses

Create API key

Creates an API key in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"CREATE","targetId":"*"}
Creating an API Key
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
apiKeyTemplateId
string

The unique identifier of the template on which to base the API key.

Request Body schema: application/json

The JSON configuration of the API key to create.

object (ApiKeyAdditionalConfigurationModel)

The additional configuration to attach to the API key.

allowedIps
Array of strings

A set of public IP addresses allowed to use the API key. If an IP address is included in both the allowedIps and the deniedIps, the IP address will be denied.

Array of objects (IdAndDisplayNameModel) unique
deniedIps
Array of strings

A set of public IP addresses that will be denied access when attempting to use the API key.
Notes:
- IP ranges using CIDR notation are also supported.
- If an IP address is included in both the allowedIps and the deniedIps, the IP address will be denied.

description
string <= 1000 characters

A brief description of the API key.

displayName
string <= 125 characters

The display name for the API key.

enabled
boolean

Whether the API key is enabled.

Array of objects (IdAndDisplayNameModel) unique
Array of objects (PrivilegeModel) unique

A set of privileges.

Responses

Request samples

Content type
application/json
{
  • "additionalConfiguration": {
    },
  • "allowedIps": "[`\"70.32.10.85\"`, `\"29.186.225.13\"`]",
  • "apiKeysThatCanEdit": [
    ],
  • "deniedIps": "[`\"70.32.10.85\"`, `\"29.186.225.13\"`]",
  • "description": "API key used for managing sources.",
  • "displayName": "PushAPIKey",
  • "enabled": true,
  • "groupsThatCanEdit": [
    ],
  • "privileges": [
    ]
}

Activate API keys

Activates multiple API keys in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"EDIT","targetId":"{apiKeyId}"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Request Body schema: application/json
required

A list of unique identifiers of API keys.
Example: ["t4hk287bfj5sg6wskg64ckk5a"]
See Getting the apiKeyId.

Array
string

Responses

Request samples

Content type
application/json
[
  • "loggerId1",
  • "loggerId2",
  • "loggerId3"
]

Response samples

Content type
application/json
{
  • "errorCode": "string",
  • "message": "string",
  • "requestID": "string"
}

Delete API keys

Deletes multiple API keys from an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"EDIT","targetId":"{apiKeyId}"}
Deleting an API Key
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Request Body schema: application/json
required

A list of unique identifiers of API keys.
Example: ["t4hk287bfj5sg6wskg64ckk5a"]
See Getting the apiKeyId.

Array
string

Responses

Request samples

Content type
application/json
[
  • "loggerId1",
  • "loggerId2",
  • "loggerId3"
]

Response samples

Content type
application/json
{
  • "errorCode": "string",
  • "message": "string",
  • "requestID": "string"
}

Disable multiple API keys

Disables multiple API keys in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"EDIT","targetId":"{apiKeyId}"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Request Body schema: application/json
required

A list of unique identifiers of API keys.
Example: ["t4hk287bfj5sg6wskg64ckk5a"]
See Getting the apiKeyId.

Array
string

Responses

Request samples

Content type
application/json
[
  • "loggerId1",
  • "loggerId2",
  • "loggerId3"
]

Response samples

Content type
application/json
{
  • "errorCode": "string",
  • "message": "string",
  • "requestID": "string"
}

Delete API key

Deletes an API key from an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"EDIT","targetId":"{apiKeyId}"}
Deleting an API Key
Authorizations:
oauth2
path Parameters
apiKeyId
required
string

The unique identifier of the API key.
Example: t4hk287bfj5sg6wskg64ckk5a
See Getting the apiKeyId.

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Show API key

Shows an API key in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"VIEW","targetId":"*"}
Getting the API Key ID
Authorizations:
oauth2
path Parameters
apiKeyId
required
string

The unique identifier of the API key.
Example: t4hk287bfj5sg6wskg64ckk5a

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Update API key

Updates an existing API key in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"EDIT","targetId":"{apiKeyId}"}
Authorizations:
oauth2
path Parameters
apiKeyId
required
string

The unique identifier of the API key.
Example: t4hk287bfj5sg6wskg64ckk5a
See Getting the apiKeyId.

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Request Body schema: application/json
required

The JSON configuration to update the target API key to.

object (ApiKeyAdditionalConfigurationModel)

The additional configuration to attach to the API key.

allowedIps
Array of strings

A set of public IP addresses allowed to use the API key. If an IP address is included in both the allowedIps and the deniedIps, the IP address will be denied.

Array of objects (IdAndDisplayNameModel) unique
deniedIps
Array of strings

A set of public IP addresses that will be denied access when attempting to use the API key.
Notes:
- IP ranges using CIDR notation are also supported.
- If an IP address is included in both the allowedIps and the deniedIps, the IP address will be denied.

description
string <= 1000 characters

A brief description of the API key.

displayName
string <= 125 characters

The display name for the API key.

Array of objects (IdAndDisplayNameModel) unique

Responses

Request samples

Content type
application/json
{
  • "additionalConfiguration": {
    },
  • "allowedIps": "[`\"70.32.10.85\"`, `\"29.186.225.13\"`]",
  • "apiKeysThatCanEdit": [
    ],
  • "deniedIps": "[`\"70.32.10.85\"`, `\"29.186.225.13\"`]",
  • "description": "API key used for managing sources.",
  • "displayName": "PushAPIKey",
  • "groupsThatCanEdit": [
    ]
}

Activate API key

Activates an API key in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"EDIT","targetId":"{apiKeyId}"}
Authorizations:
oauth2
path Parameters
apiKeyId
required
string

The unique identifier of the API key.
Example: t4hk287bfj5sg6wskg64ckk5a
See Getting the apiKeyId.

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Extend API key activation

Extend the activation of an API key in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"EDIT","targetId":"{apiKeyId}"}
Authorizations:
oauth2
path Parameters
apiKeyId
required
string

The unique identifier of the API key.
Example: t4hk287bfj5sg6wskg64ckk5a
See Getting the apiKeyId.

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Disable API key

Disables an API key in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"EDIT","targetId":"{apiKeyId}"}
Authorizations:
oauth2
path Parameters
apiKeyId
required
string

The unique identifier of the API key.
Example: t4hk287bfj5sg6wskg64ckk5a
See Getting the apiKeyId.

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Duplicate API key

Duplicates and existing API key of an API key in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"CREATE","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

sourceApiKeyId
required
string

The unique identifier of the API key.
Example: t4hk287bfj5sg6wskg64ckk5a
See Getting the apiKeyId.

Request Body schema: application/json

The JSON configuration of the API key to be duplicated.

description
string <= 1000 characters

A brief description of the API key.

displayName
string <= 1000 characters

The display name for the API key.

object

The lifetime duration until the api key expiration. Represented in ISO 8601 format.

Responses

Request samples

Content type
application/json
{
  • "description": "API key used for managing sources.",
  • "displayName": "PushAPIKey",
  • "lifetimeDuration": "P1M"
}

Built-in Groups

List built-in groups

Lists all the built-in groups in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Built-in groups
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Groups

List groups

Lists the groups of an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Create group

Creates a group in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"CREATE","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
canEditItself
boolean
Default: false

Whether the new group can edit itself.

sendEmailToInvitedUsers
boolean
Default: true

Whether to send an invitation email alongside the invite.

Request Body schema: application/json
required

The group to create.

Array of objects (IdAndDisplayNameModel) unique
deletable
boolean

Whether the group can be deleted.

displayName
string

The display name of the group.
Example: Administrators

Array of objects (IdAndDisplayNameModel) unique
id
string

The unique identifier of the group.
Example: myorg-administrators-feioshf3w3fi4535

Array of objects (InviteModel)

The invites to the group.

Array of objects (MemberModel) unique

The set of members of the group.

Array of objects (PrivilegeModel) unique

The privileges of the group.

Array of objects (RealmModel) unique

The realms of the group.

resourceId
string

Responses

Request samples

Content type
application/json
{
  • "apiKeysThatCanEdit": [
    ],
  • "deletable": true,
  • "displayName": "string",
  • "groupsThatCanEdit": [
    ],
  • "id": "string",
  • "invites": [
    ],
  • "members": [
    ],
  • "privileges": [
    ],
  • "realms": [
    ],
  • "resourceId": "string"
}

Delete group

Deletes a group in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"{groupId}"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Show group details

Show the details of a group in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Update group

Updates a group in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"{groupId}"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
sendEmailToInvitedUsers
boolean
Default: true

Whether to send an email to the users that are invited to the group.

Request Body schema: application/json
required

The JSON configuration to update the target group to.

Array of objects (IdAndDisplayNameModel) unique
deletable
boolean

Whether the group can be deleted.

displayName
string

The display name of the group.
Example: Administrators

Array of objects (IdAndDisplayNameModel) unique
id
string

The unique identifier of the group.
Example: myorg-administrators-feioshf3w3fi4535

Array of objects (InviteModel)

The invites to the group.

Array of objects (MemberModel) unique

The set of members of the group.

Array of objects (PrivilegeModel) unique

The privileges of the group.

Array of objects (RealmModel) unique

The realms of the group.

resourceId
string

Responses

Request samples

Content type
application/json
{
  • "apiKeysThatCanEdit": [
    ],
  • "deletable": true,
  • "displayName": "string",
  • "groupsThatCanEdit": [
    ],
  • "id": "string",
  • "invites": [
    ],
  • "members": [
    ],
  • "privileges": [
    ],
  • "realms": [
    ],
  • "resourceId": "string"
}

List privileges granted by group to current user

Lists the privileges that are granted exclusively by the group to the current user.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Group Invites

List invites

Lists all invites of a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Invite user to group

Invites a user to a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"{groupId}"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
sendEmail
boolean
Default: true

Whether to send an invitation email alongside the invite.

Request Body schema: application/json
required

The configuration of the invite to send.

displayName
string
email
string

The email address to send the invite to, if applicable.
Example:jsmith@email.com

expirationDate
string <date-time>

The expiration date of the invite in number of milliseconds since UNIX epoch.
Example:1556722981779

id
string
invitedDate
string <date-time>

The date at which the invite was sent in milliseconds since UNIX epoch.
Example:1556722921779

provider
string
Enum: "SALESFORCE" "SALESFORCE_SANDBOX" "GOOGLE" "OFFICE365" "SAML" … 1 more

The provider that the user who sent the invite is assigned to.

providerUsername
string

The username of the member in the target provider.
Example: jsmith@email.com-google

username
string

The username of the invited member
Example:jsmith

Responses

Request samples

Content type
application/json
{
  • "displayName": "string",
  • "email": "string",
  • "expirationDate": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "invitedDate": "2019-08-24T14:15:22Z",
  • "provider": "SALESFORCE",
  • "providerUsername": "string",
  • "username": "string"
}

Accept invite to group

Accepts an invite to a group.

Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

cookie Parameters
invite_code
string

Responses

Decline invite to group

Declines an invite to a group.

Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

cookie Parameters
invite_code
string

Responses

Delete invite to group

Deletes an invite to a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"{groupId}"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

usernameOrEmail
required
string

The username or email of the invited user.
Example: jsmith@email.com-google

Responses

Group Members

List group members

Lists the members of a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Add user

Adds a user to a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"{groupId}"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
sendEmailOnInvite
boolean
Default: true

Whether to send an email alongside the invite.

Request Body schema: application/json
required

The user to whom to send an invite (i.e., to add to the group).

displayName
string

The display name of the member.

email
string

The email address of the member.

id
string
provider
string
Enum: "SALESFORCE" "SALESFORCE_SANDBOX" "GOOGLE" "OFFICE365" "SAML" … 1 more

The provider of the member.

providerUsername
string

The username of the member in the target provider.
Example: jsmith@email.com-google

username
string

The username of the member.

Responses

Request samples

Content type
application/json
{
  • "displayName": "string",
  • "email": "string",
  • "id": "string",
  • "provider": "SALESFORCE",
  • "providerUsername": "string",
  • "username": "string"
}

Delete user

Deletes a member from a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"{groupId}"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

username
required
string

The username of the member to delete.
Example: jsmith@email.com-google

Responses

Show member

Shows a member of a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

username
required
string

The username of the member to show.
Example: jsmith@email.com-google

Responses

Group Realms

List realms

Lists the realms of a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Add realm

Adds a realm to a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"{groupId}"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Request Body schema: application/json
required
displayName
string

The display name of the realm.
Example: example.com

id
string

The unique identifier of the realm.
Example: example-domain.com

provider
string
Enum: "SALESFORCE" "SALESFORCE_SANDBOX" "GOOGLE" "OFFICE365" "SAML" … 1 more

The provider of the realm.

samlIdentityProviderId
string

The unique identifier of the realm.
Example: myprovider

Responses

Request samples

Content type
application/json
{
  • "displayName": "string",
  • "id": "string",
  • "provider": "SALESFORCE",
  • "samlIdentityProviderId": "string"
}

Destroy realm

Destroys a realm of a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"{groupId}"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

realmId
required
string

The unique identifier of the realm to delete.
Example: website-domain-coveo.com

Responses

Show realm

Shows a realm of a group.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
groupId
required
string

The unique identifier of the target group.
Example:myorganization-bfghkjfjb674jh5egjk

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

realmId
required
string

The unique identifier of the realm to show.
Example: website-domain-coveo.com

Responses

Organization Invites

List organization invites

Lists the invites to an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the organization for which to list invites.
Example: mycoveocloudorganizationg8tp8wu3

Responses

Organization Members

List members

Lists the members of an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Update organization members

Updates the members of an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
sendEmailToInvitedUsers
boolean
Default: true

Whether to send an invitation email alongside the invite(s).
Default: true

Request Body schema: application/json
required

The JSON configuration to which to update the organization members (e.g., send invites to new members, remove old members, etc).

Array
email
string

The email of the user to which the invite is sent.
Example:jsmith@email.com

Array of objects (OrganizationGroupInviteModel_Public)

The set of groups from the organization to which the member is invited.

provider
string
Enum: "SALESFORCE" "SALESFORCE_SANDBOX" "GOOGLE" "OFFICE365" "SAML" … 1 more

The provider of the invited member.

providerUsername
string

The username used for the assigned provider.
Example: jsmith@email.com-google

username
string

The username of the user to which the invite is sent.
Example: jsmith@email.com-google

Responses

Request samples

Content type
application/json
[
  • {
    }
]

List privileges of current user

Lists the privileges for the current user on an organization.

Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Delete member

Deletes a member from all groups of an organization.
Note: Deleted users can still be included by domain.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

username
required
string

The username of the member to delete.
Example: jsmith@email.com-google

Responses

Show member

Shows a member of an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

username
required
string

The username of the member to show.
Example: jsmith@email.com-google

Responses

Update member

Updates a member of an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

username
required
string

The username of the member to update.
Example: jsmith@email.com-google

Request Body schema: application/json
required

The JSON configuration to update the target member to.

displayName
string

The display name of the member.
Example:John Smith

email
string

The email of the member.
Example:jsmith@email.com

Array of objects (OrganizationMemberGroupModel_Public)

The groups the member is a part of.

provider
string
Enum: "SALESFORCE" "SALESFORCE_SANDBOX" "GOOGLE" "OFFICE365" "SAML" … 1 more

The provider of the member.

providerUsername
string

The username used for the assigned provider.
Example: jsmith@email.com-google

username
string

The username of the member.
Example: jsmith@email.com-google

Responses

Request samples

Content type
application/json
{
  • "displayName": "string",
  • "email": "string",
  • "groups": [
    ],
  • "provider": "SALESFORCE",
  • "providerUsername": "string",
  • "username": "string"
}

List groups for organization member

Lists the groups to which an organization member belongs.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

username
required
string

The username of the user for which to list groups.
Example: jsmith@email.com-google

Responses

Organization Privileges

List possible privileges

Lists the possible privileges in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"ORGANIZATION","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

List possible API key privileges

Lists possible API key privileges in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"ORGANIZATION","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

List privileges for current member

List privileges of the current member in an organization.

Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

List possible Platform token privileges

Lists possible Platform token privileges in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"ORGANIZATION","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

List privileges for access token

List privileges of an access token in an organization.

Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
accessToken
string

The access token for which to list privileges.

Responses

List privileges for access token

List privileges of an access token in an organization.

Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

query Parameters
accessToken
required
string

The access token for which to list privileges.

Responses

Organization Realms

List realms

Lists the realms of an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Add realm for groups

Adds a realm for a set of groups in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Request Body schema: application/json
required

The realms to add to an organization.

Array
displayName
string

The display name of the realm.
Example: example.com

Array of objects (IdAndDisplayNameModel)

The groups that are affected by the realm.

id
string

The unique identifier of the realm.
Example: example-domain.com

provider
string
Enum: "SALESFORCE" "SALESFORCE_SANDBOX" "GOOGLE" "OFFICE365" "SAML" … 1 more

The provider of the realm.

samlIdentityProviderId
string

The unique identifier of the realm.
Example: myprovider

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Update realm

Updates a realm of an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"GROUP","type":"EDIT","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

realmId
required
string

The unique identifier of the realm to update.
Example: website-domain-coveo.com

Request Body schema: application/json
required

The JSON configuration to update the target realm to.

displayName
string

The display name of the realm.
Example: example.com

Array of objects (IdAndDisplayNameModel)

The groups that are affected by the realm.

id
string

The unique identifier of the realm.
Example: example-domain.com

provider
string
Enum: "SALESFORCE" "SALESFORCE_SANDBOX" "GOOGLE" "OFFICE365" "SAML" … 1 more

The provider of the realm.

samlIdentityProviderId
string

The unique identifier of the realm.
Example: myprovider

Responses

Request samples

Content type
application/json
{
  • "displayName": "string",
  • "groups": [
    ],
  • "id": "string",
  • "provider": "SALESFORCE",
  • "samlIdentityProviderId": "string"
}

Saml Identity Providers

List manageable identity providers

List SAML identity providers that the current user can manage.
Required privilege: SAML identity provider - View

Privilege required

{"owner":"PLATFORM","targetDomain":"SAML_IDENTITY_PROVIDER","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Check if any identity provider exists

Checks if any SAML identity provider exists in an organization.
Required privilege: Organization - View

Privilege required

{"owner":"PLATFORM","targetDomain":"ORGANIZATION","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Delete identity provider

Deletes the identity provider of an organization.
Required privilege: SAML identity provider - Edit

Privilege required

{"owner":"PLATFORM","targetDomain":"SAML_IDENTITY_PROVIDER","type":"EDIT","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the organization for which to delete the SAML identity provider.
Example: mycoveocloudorganizationg8tp8wu3

Responses

Show identity provider

Shows the SAML identity provider of an organization.
Required privilege: SAML identity provider - View

Privilege required

{"owner":"PLATFORM","targetDomain":"SAML_IDENTITY_PROVIDER","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the organization for which to show the identity provider.
Example: mycoveocloudorganizationg8tp8wu3

Responses

Create identity provider

Creates an identity provider for an organization.
Required privilege: SAML identity provider - Create

Privilege required

{"owner":"PLATFORM","targetDomain":"SAML_IDENTITY_PROVIDER","type":"CREATE","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Request Body schema: application/json
required

The SAML identity provider to create.

displayName
string

The display name of the SAML identity provider.
Example: Okta

entityId
string

The identity provider issuer URL.
See Configuring a Custom SAML Identity Provider.
Example: http://www.okta.com/7ujf6iuybnhvvb56

id
string

The unique identifier of the SAML identity provider.
Example: 3ghj20zal9vg20ud65dgrfkczi

Array of objects (IdAndDisplayNameModel) unique

The unique identifiers of the organizations by which the SAML identity provider is used.

postBindingEndpoint
string

The POST binding endpoint.
See Endpoints.
Example: https://dev-319980.oktapreview.com/app/exampledev319980_qa_1/7ujf6iuybnhvvb56/sso/saml

x509Certificate
string

The X.509 public certificate used to validate the assertion signature.

Responses

Request samples

Content type
application/json
{
  • "displayName": "string",
  • "entityId": "string",
  • "id": "string",
  • "organizationIds": [
    ],
  • "postBindingEndpoint": "string",
  • "x509Certificate": "string"
}

Update identity provider

Updates a SAML identity provider of an organization.
Required privilege: SAML identity provider - Edit

Privilege required

{"owner":"PLATFORM","targetDomain":"SAML_IDENTITY_PROVIDER","type":"EDIT","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Request Body schema: application/json
required

The JSON configuration to update the target SAML identity provider to.

displayName
string

The display name of the SAML identity provider.
Example: Okta

entityId
string

The identity provider issuer URL.
See Configuring a Custom SAML Identity Provider.
Example: http://www.okta.com/7ujf6iuybnhvvb56

id
string

The unique identifier of the SAML identity provider.
Example: 3ghj20zal9vg20ud65dgrfkczi

Array of objects (IdAndDisplayNameModel) unique

The unique identifiers of the organizations by which the SAML identity provider is used.

postBindingEndpoint
string

The POST binding endpoint.
See Endpoints.
Example: https://dev-319980.oktapreview.com/app/exampledev319980_qa_1/7ujf6iuybnhvvb56/sso/saml

x509Certificate
string

The X.509 public certificate used to validate the assertion signature.

Responses

Request samples

Content type
application/json
{
  • "displayName": "string",
  • "entityId": "string",
  • "id": "string",
  • "organizationIds": [
    ],
  • "postBindingEndpoint": "string",
  • "x509Certificate": "string"
}

List identity provider realms

Lists the realms of a SAML identity provider.

Privilege required

{"owner":"PLATFORM","targetDomain":"SAML_IDENTITY_PROVIDER","type":"VIEW","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the organization for which to list realms.
Example: mycoveocloudorganizationg8tp8wu3

Responses

Organization Api Keys Templates

List API key templates

Lists all the API keys templates in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"CREATE","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Get all api key templates' eligibility for the current user

Privilege required ``` {"owner":"PLATFORM","targetDomain":"API_KEY","type":"CREATE","targetId":"*"} ```
Authorizations:
oauth2
path Parameters
organizationId
required
string

Responses

Show API key template

Shows an API key template in an organization.

Privilege required

{"owner":"PLATFORM","targetDomain":"API_KEY","type":"CREATE","targetId":"*"}
Authorizations:
oauth2
path Parameters
organizationApiKeyTemplateId
required
string

The unique identifier of the API key template.

organizationId
required
string

The unique identifier of the target organization.
Example: mycoveocloudv2organizationg8tp8wu3

Responses

Platform Tokens

generatePlatformToken

Authorizations:
oauth2
path Parameters
organizationId
required
string
query Parameters
validityPeriod
string
Default: "PT24H"
Request Body schema: application/json
required
object (PlatformTokenPayloadBodyModel)
sub
string

Responses

Request samples

Content type
application/json
{
  • "body": {
    },
  • "sub": "string"
}

Privilege Evaluator

Evaluate a privilege request

Authorizations:
oauth2
Request Body schema: application/json
required

The privilege request to evaluate.

organizationId
string

The unique identifier of the organization in which the target privilege applies.

object (GlobalPrivilegeModel)

A global privilege.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "mycoveocloudv2organizationg8tp8wu3",
  • "requestedPrivilege": {
    }
}

Token Certificates

getPublicCertificates

Authorizations:
oauth2

Responses

Users

Show user

Shows a user.
Required privilege: Users - View

Authorizations:
oauth2
path Parameters
username
required
string

The username of the user to show.
Example: jsmith@email.com-google

Responses

Response samples

Content type
application/json
{
  • "additionalInformation": {
    },
  • "country": "UNDEFINED",
  • "credentialsExpired": true,
  • "displayName": "string",
  • "email": "string",
  • "emailAliases": [
    ],
  • "emailConfirmed": true,
  • "enabled": true,
  • "expired": true,
  • "firstName": "string",
  • "lastName": "string",
  • "lastUsedDate": "2019-08-24T14:15:22Z",
  • "locked": true,
  • "name": "string",
  • "provider": "SALESFORCE",
  • "providerUserId": "string",
  • "providerUsername": "string",
  • "realms": [
    ],
  • "samlIdentityProviderId": "string",
  • "socialUser": true,
  • "username": "string"
}

Update user additional information

Authorizations:
oauth2
path Parameters
username
required
string
Request Body schema: application/json
required
object

A collection of key-value pairs that can be used for custom features.
Example: {"lastWhatsNewSeen": "v2.5652.11"}
Default: {}

country
string
Enum: "UNDEFINED" "AC" "AD" "AE" "AF" … 267 more
credentialsExpired
boolean

Whether the user's credentials have expired.

displayName
string

The display name of the user.
Example: John Smith

email
string

The email address of the user.
Example:jsmith@email.com

emailAliases
Array of strings unique

The email aliases of the user.

emailConfirmed
boolean

Whether the user has confirmed their email.

enabled
boolean

Whether the user is enabled.

expired
boolean

Whether the user is expired.

firstName
string or null

The first name of the user.
Example: John

lastName
string or null

The last name of the user.
Example: Smith

lastUsedDate
string or null <date-time>

The last day the user has logged in into the platform

locked
boolean

Whether the user is locked.

name
string or null

The full name of the user.
Example: John Smith

provider
string or null
Enum: "SALESFORCE" "SALESFORCE_SANDBOX" "GOOGLE" "OFFICE365" "SAML" … 1 more

The provider of the user.

providerUserId
string

The unique identifier of the user for the provider.
Example: office365

providerUsername
string or null

The username of the user for the corresponding provider.
Example: jsmith@email.com

Array of objects (UserRealmModel)

The realms the user is a part of.

samlIdentityProviderId
string or null

The unique identifier of the SAML identity provider the user is a part of.
Example: myprovider

socialUser
boolean
username
string

The username of the user.
Example: jsmith@email.com-google

Responses

Request samples

Content type
application/json
{
  • "additionalInformation": {
    },
  • "country": "UNDEFINED",
  • "credentialsExpired": true,
  • "displayName": "string",
  • "email": "string",
  • "emailAliases": [
    ],
  • "emailConfirmed": true,
  • "enabled": true,
  • "expired": true,
  • "firstName": "string",
  • "lastName": "string",
  • "lastUsedDate": "2019-08-24T14:15:22Z",
  • "locked": true,
  • "name": "string",
  • "provider": "SALESFORCE",
  • "providerUserId": "string",
  • "providerUsername": "string",
  • "realms": [
    ],
  • "samlIdentityProviderId": "string",
  • "socialUser": true,
  • "username": "string"
}

List user realms

Lists the realms of a user.
Required privilege: Users - View

Authorizations:
oauth2
path Parameters
username
required
string

The username of the user for which to list realms.
Example: jsmith@email.com-google

Responses

Response samples

Content type
application/json
[
  • {
    }
]