Team and User Management APIs

Operations for listing, creating, deleting, and updating users and teams.

Overview

These APIs provide an interface for managing users and teams in Veza.

Get Teams

Retrieve a list of all teams. This endpoint allows filtering and sorting of the returned teams.

get

Authorizations

Query parameters

filterstringOptional

order_bystringOptional

page_sizeinteger · int32Optional

page_tokenstringOptional

Responses

200

application/json

default

Default error response

application/json

get

GET /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*

{
  "values": [
    {
      "id": "text",
      "name": "text",
      "policy_type": 1,
      "providers": [
        {
          "id": "text",
          "name": "text",
          "type": 1
        }
      ],
      "created_at": "2025-08-26T04:45:32.339Z",
      "updated_at": "2025-08-26T04:45:32.339Z",
      "description": "text",
      "user_count": 1,
      "sso_alias": "text"
    }
  ],
  "next_page_token": "text",
  "has_more": true
}

Create Team

Create a new team, scoped to the specified provider IDs:

{
  "name": "AWS Dev Team",
  "policy_type": "PROVIDER_ID_SET",
  "providers": [
    {
      "id": "10fc60da-9df6-4495-ae0f-abf92e0bd715",
      }
    ],
  "description": "Limited to aws_dev account",
  "sso_alias": "AWS Dev Team"
  }

The team policy_type determines the scope of integrations for the team. The value can be UNBOUND or PROVIDER_ID_SET:

PROVIDER_ID_SET: Users can only see data and manage integrations for the listed providers, specified by id.
UNBOUND: Users can access all providers, similar to the root team. Users on this team will share a unique set of reports and saved queries.

post

Authorizations

Body

namestringOptional

policy_typeinteger · enumOptional

descriptionstringOptional

sso_aliasstringOptional

Responses

200

application/json

default

Default error response

application/json

post

POST /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 99

{
  "name": "text",
  "policy_type": 1,
  "providers": [
    {
      "id": "text"
    }
  ],
  "description": "text",
  "sso_alias": "text"
}

{
  "value": {
    "id": "text",
    "name": "text",
    "policy_type": 1,
    "providers": [
      {
        "id": "text",
        "name": "text",
        "type": 1
      }
    ],
    "created_at": "2025-08-26T04:45:32.339Z",
    "updated_at": "2025-08-26T04:45:32.339Z",
    "description": "text",
    "user_count": 1,
    "sso_alias": "text"
  }
}

Get Team

Fetch details of a specific team by providing the team ID.

get

Authorizations

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

GET /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*

{
  "value": {
    "id": "text",
    "name": "text",
    "policy_type": 1,
    "providers": [
      {
        "id": "text",
        "name": "text",
        "type": 1
      }
    ],
    "created_at": "2025-08-26T04:45:32.339Z",
    "updated_at": "2025-08-26T04:45:32.339Z",
    "description": "text",
    "user_count": 1,
    "sso_alias": "text"
  }
}

Delete Team

Remove a team from the system using the team ID.

delete

Authorizations

Path parameters

idstringRequired

Responses

200

application/json

Responseobject

default

Default error response

application/json

delete

DELETE /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*

{}

Update Team

Update details of an existing team. The PUT method replaces the entire team entity, while PATCH allows for partial updates.

put

Authorizations

Path parameters

value.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

namestringOptional

policy_typeinteger · enumOptional

created_atstring · date-timeRead-onlyOptional

updated_atstring · date-timeRead-onlyOptional

descriptionstringOptional

user_countinteger · int32Read-onlyOptional

sso_aliasstringOptional

Responses

200

application/json

default

Default error response

application/json

put

PUT /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 111

{
  "id": "text",
  "name": "text",
  "policy_type": 1,
  "providers": [
    {
      "id": "text"
    }
  ],
  "description": "text",
  "sso_alias": "text"
}

{
  "value": {
    "id": "text",
    "name": "text",
    "policy_type": 1,
    "providers": [
      {
        "id": "text",
        "name": "text",
        "type": 1
      }
    ],
    "created_at": "2025-08-26T04:45:32.339Z",
    "updated_at": "2025-08-26T04:45:32.339Z",
    "description": "text",
    "user_count": 1,
    "sso_alias": "text"
  }
}

patch

Authorizations

Path parameters

value.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

namestringOptional

policy_typeinteger · enumOptional

created_atstring · date-timeRead-onlyOptional

updated_atstring · date-timeRead-onlyOptional

descriptionstringOptional

user_countinteger · int32Read-onlyOptional

sso_aliasstringOptional

Responses

200

application/json

default

Default error response

application/json

patch

PATCH /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 111

{
  "id": "text",
  "name": "text",
  "policy_type": 1,
  "providers": [
    {
      "id": "text"
    }
  ],
  "description": "text",
  "sso_alias": "text"
}

{
  "value": {
    "id": "text",
    "name": "text",
    "policy_type": 1,
    "providers": [
      {
        "id": "text",
        "name": "text",
        "type": 1
      }
    ],
    "created_at": "2025-08-26T04:45:32.339Z",
    "updated_at": "2025-08-26T04:45:32.339Z",
    "description": "text",
    "user_count": 1,
    "sso_alias": "text"
  }
}

Create User

Create a new user with details such as name, email, and team assignments.

A user object includes basic attributes and team and role assignments:

{
  "name": "Demo User",
  "email": "[email protected]",
  "password": "password",
  "team_roles": [
    {
      "team_id": "613df06e-9a40-4331-947c-5c327b54b228",
      "role_id": "39b50a23-da71-4d02-8504-21038fe49a2f"
    }
  ]
}

post

Authorizations

Body

namestringOptional

emailstringOptional

passwordstringOptional

personainteger · enumOptional

given_namestringOptional

family_namestringOptional

display_namestringOptional

Responses

200

application/json

default

Default error response

application/json

post

POST /api/v1/users HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 250

{
  "name": "text",
  "email": "text",
  "password": "text",
  "persona": 1,
  "team_roles": [
    {
      "team_id": "text",
      "role_id": "text"
    }
  ],
  "digest_settings": [
    {
      "digest_id": "text",
      "digest_name": "text",
      "frequency": 1
    }
  ],
  "given_name": "text",
  "family_name": "text",
  "display_name": "text"
}

{
  "id": "text"
}

Update User

Change team roles or persona for an existing user. This endpoint supports partial updates.

patch

Authorizations

Path parameters

value.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

namestringOptional

display_namestringOptional

given_namestringOptional

family_namestringOptional

emailstringOptional

enabledbooleanOptional

last_login_atstring · date-timeRead-onlyOptional

last_refresh_atstring · date-timeRead-onlyOptional

created_atstring · date-timeRead-onlyOptional

updated_atstring · date-timeRead-onlyOptional

logins_lifetimestringRead-onlyOptional

auth_provider_typeinteger · enumOptional

personainteger · enumOptional

expires_atstring · date-timeRead-onlyOptional

Responses

200

application/json

default

Default error response

application/json

patch

PATCH /api/v1/users/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 473

{
  "id": "text",
  "name": "text",
  "display_name": "text",
  "given_name": "text",
  "family_name": "text",
  "email": "text",
  "enabled": true,
  "auth_provider_type": 1,
  "persona": 1,
  "options": {
    "can_change_password": true,
    "has_mfa": true,
    "can_change_roles": true,
    "can_disable": true,
    "can_delete": true,
    "can_edit_name": true,
    "can_extend_support": true,
    "can_remove_from_teams": true
  },
  "team_roles": [
    {
      "team_id": "text",
      "role_id": "text"
    }
  ],
  "digest_settings": [
    {
      "digest_id": "text",
      "digest_name": "text",
      "frequency": 1
    }
  ]
}

{
  "value": {
    "id": "text",
    "name": "text",
    "display_name": "text",
    "given_name": "text",
    "family_name": "text",
    "email": "text",
    "enabled": true,
    "last_login_at": "2025-08-26T04:45:32.339Z",
    "last_refresh_at": "2025-08-26T04:45:32.339Z",
    "created_at": "2025-08-26T04:45:32.339Z",
    "updated_at": "2025-08-26T04:45:32.339Z",
    "logins_lifetime": "text",
    "auth_provider_type": 1,
    "persona": 1,
    "options": {
      "can_change_password": true,
      "has_mfa": true,
      "can_change_roles": true,
      "can_disable": true,
      "can_delete": true,
      "can_edit_name": true,
      "can_extend_support": true,
      "can_remove_from_teams": true
    },
    "team_roles": [
      {
        "team_id": "text",
        "team_name": "text",
        "role_id": "text",
        "role_name": "text"
      }
    ],
    "digest_settings": [
      {
        "digest_id": "text",
        "digest_name": "text",
        "frequency": 1
      }
    ],
    "expires_at": "2025-08-26T04:45:32.339Z"
  }
}

Get User

Retrieve details of a specific user by user ID. You can use "self" instead of an ID to retrieve current user details.

get

Authorizations

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

GET /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*

{
  "id": "text",
  "name": "text",
  "display_name": "text",
  "given_name": "text",
  "family_name": "text",
  "email": "text",
  "enabled": true,
  "last_login_at": "2025-08-26T04:45:32.339Z",
  "last_refresh_at": "2025-08-26T04:45:32.339Z",
  "created_at": "2025-08-26T04:45:32.339Z",
  "updated_at": "2025-08-26T04:45:32.339Z",
  "logins_lifetime": "text",
  "auth_provider_type": 1,
  "persona": 1,
  "options": {
    "can_change_password": true,
    "has_mfa": true,
    "can_change_roles": true,
    "can_disable": true,
    "can_delete": true,
    "can_edit_name": true,
    "can_extend_support": true,
    "can_remove_from_teams": true
  },
  "team_roles": [
    {
      "team_id": "text",
      "team_name": "text",
      "role_id": "text",
      "role_name": "text"
    }
  ],
  "digest_settings": [
    {
      "digest_id": "text",
      "digest_name": "text",
      "frequency": 1
    }
  ],
  "expires_at": "2025-08-26T04:45:32.339Z"
}

Delete User

Delete a user from the system by ID.

delete

Authorizations

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

delete

DELETE /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*

{
  "value": {
    "id": "text",
    "name": "text",
    "display_name": "text",
    "given_name": "text",
    "family_name": "text",
    "email": "text",
    "enabled": true,
    "last_login_at": "2025-08-26T04:45:32.339Z",
    "last_refresh_at": "2025-08-26T04:45:32.339Z",
    "created_at": "2025-08-26T04:45:32.339Z",
    "updated_at": "2025-08-26T04:45:32.339Z",
    "logins_lifetime": "text",
    "auth_provider_type": 1,
    "persona": 1,
    "options": {
      "can_change_password": true,
      "has_mfa": true,
      "can_change_roles": true,
      "can_disable": true,
      "can_delete": true,
      "can_edit_name": true,
      "can_extend_support": true,
      "can_remove_from_teams": true
    },
    "team_roles": [
      {
        "team_id": "text",
        "team_name": "text",
        "role_id": "text",
        "role_name": "text"
      }
    ],
    "digest_settings": [
      {
        "digest_id": "text",
        "digest_name": "text",
        "frequency": 1
      }
    ],
    "expires_at": "2025-08-26T04:45:32.339Z"
  }
}

List Roles

Returns a paginated list of all roles available in the Veza, including role ID, name, and the associated permissions. Use this operation to get role IDs to assign team roles for users.

get

Authorizations

Query parameters

page_sizeinteger · int32Optional

page_tokenstringOptional

Responses

200

application/json

default

Default error response

application/json

get

GET /api/v1/roles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*

{
  "roles": [
    {
      "id": "text",
      "name": "text",
      "permissions": [
        "text"
      ],
      "is_available_in_root_team": true,
      "is_available_in_non_root_team": true,
      "description": "text"
    }
  ],
  "next_page_token": "text",
  "has_more": true
}

PreviousSystem Events NextTeam API Keys

Last updated 24 days ago

Was this helpful?

{ "values": [ { "id": "text", "name": "text", "policy_type": 1, "providers": [ { "id": "text", "name": "text", "type": 1 } ], "created_at": "2025-08-26T04:45:32.339Z", "updated_at": "2025-08-26T04:45:32.339Z", "description": "text", "user_count": 1, "sso_alias": "text" } ], "next_page_token": "text", "has_more": true }

{ "name": "AWS Dev Team", "policy_type": "PROVIDER_ID_SET", "providers": [ { "id": "10fc60da-9df6-4495-ae0f-abf92e0bd715", } ], "description": "Limited to aws_dev account", "sso_alias": "AWS Dev Team" }

POST /api/v1/teams HTTP/1.1 Host: your-tenant.cookiecloud.ai Authorization: Bearer JWT Content-Type: application/json Accept: */* Content-Length: 99 { "name": "text", "policy_type": 1, "providers": [ { "id": "text" } ], "description": "text", "sso_alias": "text" }

{ "value": { "id": "text", "name": "text", "policy_type": 1, "providers": [ { "id": "text", "name": "text", "type": 1 } ], "created_at": "2025-08-26T04:45:32.339Z", "updated_at": "2025-08-26T04:45:32.339Z", "description": "text", "user_count": 1, "sso_alias": "text" } }

PUT /api/v1/teams/{value.id} HTTP/1.1 Host: your-tenant.cookiecloud.ai Authorization: Bearer JWT Content-Type: application/json Accept: */* Content-Length: 111 { "id": "text", "name": "text", "policy_type": 1, "providers": [ { "id": "text" } ], "description": "text", "sso_alias": "text" }

PATCH /api/v1/teams/{value.id} HTTP/1.1 Host: your-tenant.cookiecloud.ai Authorization: Bearer JWT Content-Type: application/json Accept: */* Content-Length: 111 { "id": "text", "name": "text", "policy_type": 1, "providers": [ { "id": "text" } ], "description": "text", "sso_alias": "text" }

{ "name": "Demo User", "email": "[email protected]", "password": "password", "team_roles": [ { "team_id": "613df06e-9a40-4331-947c-5c327b54b228", "role_id": "39b50a23-da71-4d02-8504-21038fe49a2f" } ] }

POST /api/v1/users HTTP/1.1 Host: your-tenant.cookiecloud.ai Authorization: Bearer JWT Content-Type: application/json Accept: */* Content-Length: 250 { "name": "text", "email": "text", "password": "text", "persona": 1, "team_roles": [ { "team_id": "text", "role_id": "text" } ], "digest_settings": [ { "digest_id": "text", "digest_name": "text", "frequency": 1 } ], "given_name": "text", "family_name": "text", "display_name": "text" }

PATCH /api/v1/users/{value.id} HTTP/1.1 Host: your-tenant.cookiecloud.ai Authorization: Bearer JWT Content-Type: application/json Accept: */* Content-Length: 473 { "id": "text", "name": "text", "display_name": "text", "given_name": "text", "family_name": "text", "email": "text", "enabled": true, "auth_provider_type": 1, "persona": 1, "options": { "can_change_password": true, "has_mfa": true, "can_change_roles": true, "can_disable": true, "can_delete": true, "can_edit_name": true, "can_extend_support": true, "can_remove_from_teams": true }, "team_roles": [ { "team_id": "text", "role_id": "text" } ], "digest_settings": [ { "digest_id": "text", "digest_name": "text", "frequency": 1 } ] }

{ "value": { "id": "text", "name": "text", "display_name": "text", "given_name": "text", "family_name": "text", "email": "text", "enabled": true, "last_login_at": "2025-08-26T04:45:32.339Z", "last_refresh_at": "2025-08-26T04:45:32.339Z", "created_at": "2025-08-26T04:45:32.339Z", "updated_at": "2025-08-26T04:45:32.339Z", "logins_lifetime": "text", "auth_provider_type": 1, "persona": 1, "options": { "can_change_password": true, "has_mfa": true, "can_change_roles": true, "can_disable": true, "can_delete": true, "can_edit_name": true, "can_extend_support": true, "can_remove_from_teams": true }, "team_roles": [ { "team_id": "text", "team_name": "text", "role_id": "text", "role_name": "text" } ], "digest_settings": [ { "digest_id": "text", "digest_name": "text", "frequency": 1 } ], "expires_at": "2025-08-26T04:45:32.339Z" } }

{ "id": "text", "name": "text", "display_name": "text", "given_name": "text", "family_name": "text", "email": "text", "enabled": true, "last_login_at": "2025-08-26T04:45:32.339Z", "last_refresh_at": "2025-08-26T04:45:32.339Z", "created_at": "2025-08-26T04:45:32.339Z", "updated_at": "2025-08-26T04:45:32.339Z", "logins_lifetime": "text", "auth_provider_type": 1, "persona": 1, "options": { "can_change_password": true, "has_mfa": true, "can_change_roles": true, "can_disable": true, "can_delete": true, "can_edit_name": true, "can_extend_support": true, "can_remove_from_teams": true }, "team_roles": [ { "team_id": "text", "team_name": "text", "role_id": "text", "role_name": "text" } ], "digest_settings": [ { "digest_id": "text", "digest_name": "text", "frequency": 1 } ], "expires_at": "2025-08-26T04:45:32.339Z" }

{ "roles": [ { "id": "text", "name": "text", "permissions": [ "text" ], "is_available_in_root_team": true, "is_available_in_non_root_team": true, "description": "text" } ], "next_page_token": "text", "has_more": true }