Create Policy Identity Access Request

Create access requests for identities managed by LCM policies

Overview

Creates an access request for an identity managed by a Lifecycle Management Policy. Use this to grant additional entitlements beyond birthright access.

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

policy_idstringRequired

idstringRequired

Body

policy_idstringOptional

idstringOptional

request_typeinteger · enumOptional

reasonstringOptional

datasource_idstringOptional

target_entity_typestringOptional

target_entity_idsstring[]Optional

access_profile_idstringOptional

jit_duration_in_secondsinteger · int32Optional

explanationstringOptional

sync_identity_actionstringOptional

tracking_notification_typeinteger · enumOptional

tracking_notification_idstringOptional

catalog_definition_idstringOptional

Optional, ID of the catalog definition this request is associated with

Responses

200

application/json

default

Default error response

application/json

post

/api/private/lifecycle_management/policies/{policy_id}/identities/{id}:access_request

POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:access_request HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 429

{
  "policy_id": "text",
  "id": "text",
  "request_type": 1,
  "reason": "text",
  "datasource_id": "text",
  "target_entity_type": "text",
  "target_entity_ids": [
    "text"
  ],
  "access_profile_id": "text",
  "jit_duration_in_seconds": 1,
  "explanation": "text",
  "sync_identity_action": "text",
  "tracking_notification_type": 1,
  "tracking_notification_id": "text",
  "catalog_definition_id": "text",
  "catalog_definition_config": {
    "@type": "text",
    "ANY_ADDITIONAL_PROPERTY": "anything"
  }
}

{
  "value": {},
  "plans": [
    {
      "id": "text",
      "state": 1,
      "request_type": 1,
      "request_source": 1,
      "plan_source": 1,
      "plan_source_id": "text",
      "plan_jobs": [
        {
          "job_id": "text",
          "data_source": {
            "id": "text",
            "external_id": "text",
            "agent_type": "text",
            "data_provider_id": "text",
            "data_source_config": {
              "@type": "text",
              "ANY_ADDITIONAL_PROPERTY": "anything"
            },
            "data_provider_type": 1,
            "data_provider_secret_refs": [
              {
                "id": "text",
                "secret_id": "text",
                "vault_id": "text",
                "vault": {
                  "id": "text",
                  "name": "text",
                  "vault_provider": "text",
                  "insight_point_id": "text",
                  "deleted": true
                }
              }
            ]
          },
          "input_entities": [
            {
              "entity_type": "text",
              "entity_id": "text",
              "attributes": {
                "ANY_ADDITIONAL_PROPERTY": "text"
              },
              "assigned_to_entity_type": "text",
              "assigned_to_entity_id": "text",
              "entity_name": "text",
              "error_message": "text",
              "unique_identifiers": [
                "text"
              ],
              "datasource_id": "text"
            }
          ],
          "action_type": 1,
          "action_config": {
            "@type": "text",
            "ANY_ADDITIONAL_PROPERTY": "anything"
          },
          "action_job_id": "text",
          "action_name": "text",
          "identity_id": "text",
          "stop_on_error": true,
          "ttl": "text"
        }
      ],
      "error_message": "text",
      "request_source_id": "text",
      "jit_duration_in_seconds": 1,
      "jit_revoke_at": "2026-02-06T20:04:59.243Z",
      "jit_revoke_jobs": [
        {
          "job_id": "text",
          "data_source": {
            "id": "text",
            "external_id": "text",
            "agent_type": "text",
            "data_provider_id": "text",
            "data_source_config": {
              "@type": "text",
              "ANY_ADDITIONAL_PROPERTY": "anything"
            },
            "data_provider_type": 1,
            "data_provider_secret_refs": [
              {
                "id": "text",
                "secret_id": "text",
                "vault_id": "text",
                "vault": {
                  "id": "text",
                  "name": "text",
                  "vault_provider": "text",
                  "insight_point_id": "text",
                  "deleted": true
                }
              }
            ]
          },
          "input_entities": [
            {
              "entity_type": "text",
              "entity_id": "text",
              "attributes": {
                "ANY_ADDITIONAL_PROPERTY": "text"
              },
              "assigned_to_entity_type": "text",
              "assigned_to_entity_id": "text",
              "entity_name": "text",
              "error_message": "text",
              "unique_identifiers": [
                "text"
              ],
              "datasource_id": "text"
            }
          ],
          "action_type": 1,
          "action_config": {
            "@type": "text",
            "ANY_ADDITIONAL_PROPERTY": "anything"
          },
          "action_job_id": "text",
          "action_name": "text",
          "identity_id": "text",
          "stop_on_error": true,
          "ttl": "text"
        }
      ],
      "created_at": "2026-02-06T20:04:59.243Z",
      "started_at": "2026-02-06T20:04:59.243Z",
      "completed_at": "2026-02-06T20:04:59.243Z",
      "identity_id": "text",
      "jit_revoke_completed_at": "2026-02-06T20:04:59.243Z"
    }
  ]
}

Examples

Grant Additional Group Access

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "policy-abc-123",
    "id": "identity-xyz-789",
    "request_type": "GRANT",
    "reason": "User needs temporary project access",
    "datasource_id": "lcm-datasource-id",
    "target_entity_type": "ActiveDirectoryGroup",
    "target_entity_ids": [
      "active_directory:domain:example.com:group:project-team-alpha"
    ]
  }'

Response

{
  "value": {
    "id": "0198cfb5-1234-5678-9abc-def012345678",
    "reason": "User needs temporary project access", 
    "datasource_id": "lcm-datasource-id",
    "assignee_entity_type": "ActiveDirectoryUser",
    "assignee_entity_id": "active_directory:domain:example.com:user:jdoe",
    "target_entity_type": "ActiveDirectoryGroup",
    "target_entity_ids": ["active_directory:domain:example.com:group:project-team-alpha"],
    "request_source": "ACCESS_REQUEST",
    "state": "INITIAL",
    "request_type": "GRANT",
    "identity_id": "identity-xyz-789",
    "assignee_entity_name": "John Doe",
    "target_entity_names": ["Project Team Alpha"],
    "created_by": "user-123",
    "created_at": "2025-08-22T10:30:00Z"
  },
  "plans": [
    {
      "id": "plan-def-456",
      "state": "INITIAL",
      "request_type": "GRANT"
    }
  ]
}

Grant Multiple Groups

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "policy-abc-123",
    "id": "identity-xyz-789",
    "request_type": "GRANT",
    "reason": "User promoted to team lead",
    "datasource_id": "lcm-datasource-id",
    "target_entity_type": "ActiveDirectoryGroup",
    "target_entity_ids": [
      "active_directory:domain:example.com:group:team-leads",
      "active_directory:domain:example.com:group:project-approvers"
    ]
  }'

Revoke Access

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "policy-abc-123",
    "id": "identity-xyz-789",
    "request_type": "REVOKE",
    "reason": "User role changed",
    "datasource_id": "lcm-datasource-id",
    "target_entity_type": "ActiveDirectoryGroup",
    "target_entity_ids": [
      "active_directory:domain:example.com:group:project-team-alpha"
    ]
  }'

PreviousCreate Access Request Policy NextAccess Reviews APIs

Last updated 6 days ago

Was this helpful?

{ "value": {}, "plans": [ { "id": "text", "state": 1, "request_type": 1, "request_source": 1, "plan_source": 1, "plan_source_id": "text", "plan_jobs": [ { "job_id": "text", "data_source": { "id": "text", "external_id": "text", "agent_type": "text", "data_provider_id": "text", "data_source_config": { "@type": "text", "ANY_ADDITIONAL_PROPERTY": "anything" }, "data_provider_type": 1, "data_provider_secret_refs": [ { "id": "text", "secret_id": "text", "vault_id": "text", "vault": { "id": "text", "name": "text", "vault_provider": "text", "insight_point_id": "text", "deleted": true } } ] }, "input_entities": [ { "entity_type": "text", "entity_id": "text", "attributes": { "ANY_ADDITIONAL_PROPERTY": "text" }, "assigned_to_entity_type": "text", "assigned_to_entity_id": "text", "entity_name": "text", "error_message": "text", "unique_identifiers": [ "text" ], "datasource_id": "text" } ], "action_type": 1, "action_config": { "@type": "text", "ANY_ADDITIONAL_PROPERTY": "anything" }, "action_job_id": "text", "action_name": "text", "identity_id": "text", "stop_on_error": true, "ttl": "text" } ], "error_message": "text", "request_source_id": "text", "jit_duration_in_seconds": 1, "jit_revoke_at": "2026-02-06T20:04:59.243Z", "jit_revoke_jobs": [ { "job_id": "text", "data_source": { "id": "text", "external_id": "text", "agent_type": "text", "data_provider_id": "text", "data_source_config": { "@type": "text", "ANY_ADDITIONAL_PROPERTY": "anything" }, "data_provider_type": 1, "data_provider_secret_refs": [ { "id": "text", "secret_id": "text", "vault_id": "text", "vault": { "id": "text", "name": "text", "vault_provider": "text", "insight_point_id": "text", "deleted": true } } ] }, "input_entities": [ { "entity_type": "text", "entity_id": "text", "attributes": { "ANY_ADDITIONAL_PROPERTY": "text" }, "assigned_to_entity_type": "text", "assigned_to_entity_id": "text", "entity_name": "text", "error_message": "text", "unique_identifiers": [ "text" ], "datasource_id": "text" } ], "action_type": 1, "action_config": { "@type": "text", "ANY_ADDITIONAL_PROPERTY": "anything" }, "action_job_id": "text", "action_name": "text", "identity_id": "text", "stop_on_error": true, "ttl": "text" } ], "created_at": "2026-02-06T20:04:59.243Z", "started_at": "2026-02-06T20:04:59.243Z", "completed_at": "2026-02-06T20:04:59.243Z", "identity_id": "text", "jit_revoke_completed_at": "2026-02-06T20:04:59.243Z" } ] }

hashtagOverview

hashtagExamples

hashtagGrant Additional Group Access

hashtagResponse

hashtagGrant Multiple Groups

hashtagRevoke Access