Documentation Index
Fetch the complete documentation index at: https://docs.apinizer.com/llms.txt
Use this file to discover all available pages before exploring further.
Endpoint
PUT /apiops/projects/{projectName}/credentials/{username}/access/
Authentication
Requires a Personal API Access Token.
Authorization: Bearer YOUR_TOKEN
Request
| Header | Value | Required |
|---|
| Authorization | Bearer | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| username | string | Yes | Username of the credential |
Request Body
Full JSON Body Example - Grant Access to Single API Proxy
{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
}
]
}
Full JSON Body Example - Grant Access to Multiple Resources
{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
},
{
"name": "PaymentAPI",
"type": "API_PROXY"
},
{
"name": "MyAPIGroup",
"type": "API_PROXY_GROUP"
}
]
}
Full JSON Body Example - Grant Access with Expiration
{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY",
"expireTime": "2024-12-31T23:59:59.000Z"
},
{
"name": "MyAPIGroup",
"type": "API_PROXY_GROUP",
"expireTime": "2025-06-30T23:59:59.000Z"
}
]
}
Request Body Fields
The request body is an object containing an array of access objects.
Access Object
| Field | Type | Required | Description |
|---|
| name | string | Yes | Name of the API Proxy or API Proxy Group |
| type | string | Yes | Type of access. See EnumAccessType |
| expireTime | string|null | No | Expiration time in ISO 8601 format (e.g., “2024-12-31T23:59:59.000Z”). If not provided or null, access does not expire |
EnumAccessType
API_PROXY - Grant access to a specific API ProxyAPI_PROXY_GROUP - Grant access to an API Proxy Group
Request Body Object
| Field | Type | Required | Description |
|---|
| credentialAccessList | array | Yes | Array of access objects |
Notes
- Request body must be an object with
credentialAccessList array (even for single access)
- Each access object must have
name and type
name must match an existing API Proxy or API Proxy Grouptype must be either API_PROXY or API_PROXY_GROUPexpireTime is optional. If provided, access expires at the specified time. Use ISO 8601 format (UTC)- Cannot grant access that already exists
- Access is automatically deployed to all environments
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"message": "Deployment completed successfully",
"environmentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployed successfully"
},
{
"environmentName": "staging",
"success": true,
"message": "Deployed successfully"
}
]
}
}
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "Credential access object name can not be empty!"
}
{
"error": "bad_request",
"error_description": "Credential access object type can not be empty!"
}
{
"error": "bad_request",
"error_description": "API Proxy (name:MyAPI) is not found or user does not have privilege to access it!"
}
{
"error": "bad_request",
"error_description": "Credential (username:api-user) has already access to API Proxy (name:MyAPI)!"
}
Common Causes
- Empty access object
- Missing
name or type field
- API Proxy or API Proxy Group does not exist
- Access already granted
- Invalid access type
Error Response (401 Unauthorized)
{
"error": "unauthorized_client",
"error_description": "Invalid token"
}
Error Response (404 Not Found)
{
"error": "not_found",
"error_description": "Project(MyProject) was not found or user does not have privilege to access it!"
}
cURL Example
Example 1: Grant Access to Single API Proxy
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
}
]
}'
Example 2: Grant Access to Multiple Resources
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
},
{
"name": "MyAPIGroup",
"type": "API_PROXY_GROUP"
}
]
}'
Example 3: Grant Access with Expiration
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY",
"expireTime": "2024-12-31T23:59:59.000Z"
}
]
}'
Notes and Warnings
-
Request Body Format:
- Request body must be an object with
credentialAccessList array
- Even for single access, use object format with array inside
-
Access Validation:
- API Proxy or API Proxy Group must exist
- Must be within the project scope
-
Duplicate Access:
- Cannot grant access that already exists
- Check existing access before granting
-
Automatic Deployment:
- Access is automatically deployed to all environments
- Deployment results are returned in the response
-
API Proxy Group:
- Granting access to API Proxy Group grants access to all APIs in the group
- More efficient than granting access to individual APIs
-
Expiration Time:
expireTime is optional and can be set per access entry- Use ISO 8601 format (UTC): “YYYY-MM-DDTHH:mm:ss.sssZ”
- If not provided or null, access does not expire
- Expired access is automatically revoked
- Each access entry can have its own expiration time
Permissions
- User must have
IDENTITY + MANAGE permission in the project
- For automatic deployment, user must also have
IDENTITY + DEPLOY_UNDEPLOY permission
