Team and User Management APIs
Operations for listing, creating, deleting, and updating users and teams.
Overview
These APIs provide an interface for managing users and teams in Veza.
Get Teams
Retrieve a list of all teams. This endpoint allows filtering and sorting of the returned teams.
OK
Default error response
GET /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"values": [
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
],
"next_page_token": "text",
"has_more": true
}
Create Team
Create a new team, scoped to the specified provider IDs:
{
"name": "AWS Dev Team",
"policy_type": "PROVIDER_ID_SET",
"providers": [
{
"id": "10fc60da-9df6-4495-ae0f-abf92e0bd715",
}
],
"description": "Limited to aws_dev account",
"sso_alias": "AWS Dev Team"
}
The team policy_type
determines the scope of integrations for the team. The value can be UNBOUND
or PROVIDER_ID_SET
:
PROVIDER_ID_SET
: Users can only see data and manage integrations for the listedproviders
, specified byid
.UNBOUND
: Users can access all providers, similar to the root team. Users on this team will share a unique set of reports and saved queries.
OK
Default error response
POST /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 99
{
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}
Get Team
Fetch details of a specific team by providing the team ID.
OK
Default error response
GET /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}
Delete Team
Remove a team from the system using the team ID.
OK
Default error response
DELETE /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{}
Update Team
Update details of an existing team. The PUT method replaces the entire team entity, while PATCH allows for partial updates.
OK
Default error response
PUT /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 111
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}
OK
Default error response
PATCH /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 111
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}
Create User
Create a new user with details such as name, email, and team assignments.
A user object includes basic attributes and team and role assignments:
{
"name": "Demo User",
"email": "[email protected]",
"password": "password",
"team_roles": [
{
"team_id": "613df06e-9a40-4331-947c-5c327b54b228",
"role_id": "39b50a23-da71-4d02-8504-21038fe49a2f"
}
]
}
OK
Default error response
POST /api/v1/users HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 250
{
"name": "text",
"email": "text",
"password": "text",
"persona": 1,
"team_roles": [
{
"team_id": "text",
"role_id": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"given_name": "text",
"family_name": "text",
"display_name": "text"
}
{
"id": "text"
}
Update User
Change team roles or persona for an existing user. This endpoint supports partial updates.
OK
Default error response
PATCH /api/v1/users/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 473
{
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"role_id": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
]
}
{
"value": {
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-09-15T13:32:56.553Z",
"last_refresh_at": "2025-09-15T13:32:56.553Z",
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-09-15T13:32:56.553Z"
}
}
Get User
Retrieve details of a specific user by user ID. You can use "self" instead of an ID to retrieve current user details.
OK
Default error response
GET /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-09-15T13:32:56.553Z",
"last_refresh_at": "2025-09-15T13:32:56.553Z",
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-09-15T13:32:56.553Z"
}
Delete User
Delete a user from the system by ID.
OK
Default error response
DELETE /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-09-15T13:32:56.553Z",
"last_refresh_at": "2025-09-15T13:32:56.553Z",
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-09-15T13:32:56.553Z"
}
}
List Roles
Returns a paginated list of all roles available in the Veza, including role ID, name, and the associated permissions. Use this operation to get role IDs to assign team roles for users.
OK
Default error response
GET /api/v1/roles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"roles": [
{
"id": "text",
"name": "text",
"permissions": [
"text"
],
"is_available_in_root_team": true,
"is_available_in_non_root_team": true,
"description": "text"
}
],
"next_page_token": "text",
"has_more": true
}
Last updated
Was this helpful?