Ana içeriğe atla

Endpoint

PUT /apiops/projects/{projectName}/credentials/{username}/access/

Authentication

Requires a Personal API Access Token. 
Authorization: Bearer YOUR_TOKEN

Request

Headers

HeaderValueRequired
AuthorizationBearer Yes
Content-Typeapplication/jsonYes

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
usernamestringYesUsername of the credential

Request Body

Full JSON Body Example - Grant Access to Single API Proxy

{
  "credentialAccessList": [
    {
      "name": "MyAPI",
      "type": "API_PROXY"
    }
  ]
}

Full JSON Body Example - Grant Access to Multiple Resources

{
  "credentialAccessList": [
    {
      "name": "MyAPI",
      "type": "API_PROXY"
    },
    {
      "name": "PaymentAPI",
      "type": "API_PROXY"
    },
    {
      "name": "MyAPIGroup",
      "type": "API_PROXY_GROUP"
    }
  ]
}

Full JSON Body Example - Grant Access with Expiration

{
  "credentialAccessList": [
    {
      "name": "MyAPI",
      "type": "API_PROXY",
      "expireTime": "2024-12-31T23:59:59.000Z"
    },
    {
      "name": "MyAPIGroup",
      "type": "API_PROXY_GROUP",
      "expireTime": "2025-06-30T23:59:59.000Z"
    }
  ]
}

Request Body Fields

The request body is an object containing an array of access objects.

Access Object

FieldTypeRequiredDescription
namestringYesName of the API Proxy or API Proxy Group
typestringYesType of access. See EnumAccessType
expireTimestring|nullNoExpiration time in ISO 8601 format (e.g., “2024-12-31T23:59:59.000Z”). If not provided or null, access does not expire

EnumAccessType

  • API_PROXY - Grant access to a specific API Proxy
  • API_PROXY_GROUP - Grant access to an API Proxy Group

Request Body Object

FieldTypeRequiredDescription
credentialAccessListarrayYesArray of access objects

Notes

  • Request body must be an object with credentialAccessList array (even for single access)
  • Each access object must have name and type
  • name must match an existing API Proxy or API Proxy Group
  • type must be either API_PROXY or API_PROXY_GROUP
  • expireTime is optional. If provided, access expires at the specified time. Use ISO 8601 format (UTC)
  • Cannot grant access that already exists
  • Access is automatically deployed to all environments

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "message": "Deployment completed successfully",
    "environmentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployed successfully"
      },
      {
        "environmentName": "staging",
        "success": true,
        "message": "Deployed successfully"
      }
    ]
  }
}

Error Response (400 Bad Request)

{
  "error": "bad_request",
  "error_description": "Credential access object name can not be empty!"
}
or 
{
  "error": "bad_request",
  "error_description": "Credential access object type can not be empty!"
}
or 
{
  "error": "bad_request",
  "error_description": "API Proxy (name:MyAPI) is not found or user does not have privilege to access it!"
}
or 
{
  "error": "bad_request",
  "error_description": "Credential (username:api-user) has already access to API Proxy (name:MyAPI)!"
}

Common Causes

  • Empty access object
  • Missing name or type field
  • API Proxy or API Proxy Group does not exist
  • Access already granted
  • Invalid access type

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Invalid token"
}

Error Response (404 Not Found)

{
  "error": "not_found",
  "error_description": "Project(MyProject) was not found or user does not have privilege to access it!"
}

cURL Example

Example 1: Grant Access to Single API Proxy

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "credentialAccessList": [
      {
        "name": "MyAPI",
        "type": "API_PROXY"
      }
    ]
  }'

Example 2: Grant Access to Multiple Resources

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "credentialAccessList": [
      {
        "name": "MyAPI",
        "type": "API_PROXY"
      },
      {
        "name": "MyAPIGroup",
        "type": "API_PROXY_GROUP"
      }
    ]
  }'

Example 3: Grant Access with Expiration

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "credentialAccessList": [
      {
        "name": "MyAPI",
        "type": "API_PROXY",
        "expireTime": "2024-12-31T23:59:59.000Z"
      }
    ]
  }'

Notes and Warnings

  • Request Body Format:
    • Request body must be an object with credentialAccessList array
    • Even for single access, use object format with array inside
  • Access Validation:
    • API Proxy or API Proxy Group must exist
    • Must be within the project scope
  • Duplicate Access:
    • Cannot grant access that already exists
    • Check existing access before granting
  • Automatic Deployment:
    • Access is automatically deployed to all environments
    • Deployment results are returned in the response
  • API Proxy Group:
    • Granting access to API Proxy Group grants access to all APIs in the group
    • More efficient than granting access to individual APIs
  • Expiration Time:
    • expireTime is optional and can be set per access entry
    • Use ISO 8601 format (UTC): “YYYY-MM-DDTHH:mm:ss.sssZ”
    • If not provided or null, access does not expire
    • Expired access is automatically revoked
    • Each access entry can have its own expiration time

Permissions

  • User must have IDENTITY + MANAGE permission in the project
  • For automatic deployment, user must also have IDENTITY + DEPLOY_UNDEPLOY permission