Team and User Management APIs
Operations for listing, creating, deleting, and updating users and teams.
Overview
These APIs provide an interface for managing users and teams in Veza.
Get Teams
Retrieve a list of all teams. This endpoint allows filtering and sorting of the returned teams.
get
Authorizations
Query parameters
filterstringOptional
order_bystringOptional
page_sizeinteger · int32Optional
page_tokenstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"values": [
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
],
"next_page_token": "text",
"has_more": true
}Create Team
Create a new team, scoped to the specified provider IDs:
{
"name": "AWS Dev Team",
"policy_type": "PROVIDER_ID_SET",
"providers": [
{
"id": "10fc60da-9df6-4495-ae0f-abf92e0bd715",
}
],
"description": "Limited to aws_dev account",
"sso_alias": "AWS Dev Team"
}The team policy_type determines the scope of integrations for the team. The value can be UNBOUND or PROVIDER_ID_SET:
PROVIDER_ID_SET: Users can only see data and manage integrations for the listedproviders, specified byid.UNBOUND: Users can access all providers, similar to the root team. Users on this team will share a unique set of reports and saved queries.
post
Authorizations
Body
namestringOptional
policy_typeinteger · enumOptional
descriptionstringOptional
sso_aliasstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 99
{
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}Get Team
Fetch details of a specific team by providing the team ID.
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}Delete Team
Remove a team from the system using the team ID.
delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
default
Default error response
application/json
delete
DELETE /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{}Update Team
Update details of an existing team. The PUT method replaces the entire team entity, while PATCH allows for partial updates.
put
Authorizations
Path parameters
value.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
namestringOptional
policy_typeinteger · enumOptional
created_atstring · date-timeRead-onlyOptional
updated_atstring · date-timeRead-onlyOptional
descriptionstringOptional
user_countinteger · int32Read-onlyOptional
sso_aliasstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
put
PUT /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 111
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}patch
Authorizations
Path parameters
value.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
namestringOptional
policy_typeinteger · enumOptional
created_atstring · date-timeRead-onlyOptional
updated_atstring · date-timeRead-onlyOptional
descriptionstringOptional
user_countinteger · int32Read-onlyOptional
sso_aliasstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
patch
PATCH /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 111
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}Create User
Create a new user with details such as name, email, and team assignments.
A user object includes basic attributes and team and role assignments:
{
"name": "Demo User",
"email": "[email protected]",
"password": "password",
"team_roles": [
{
"team_id": "613df06e-9a40-4331-947c-5c327b54b228",
"role_id": "39b50a23-da71-4d02-8504-21038fe49a2f"
}
]
}post
Authorizations
Body
namestringOptional
emailstringOptional
passwordstringOptional
personainteger · enumOptional
given_namestringOptional
family_namestringOptional
display_namestringOptional
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/users HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 250
{
"name": "text",
"email": "text",
"password": "text",
"persona": 1,
"team_roles": [
{
"team_id": "text",
"role_id": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"given_name": "text",
"family_name": "text",
"display_name": "text"
}{
"id": "text"
}Update User
Change team roles or persona for an existing user. This endpoint supports partial updates.
patch
Authorizations
Path parameters
value.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
namestringOptional
display_namestringOptional
given_namestringOptional
family_namestringOptional
emailstringOptional
enabledbooleanOptional
last_login_atstring · date-timeRead-onlyOptional
last_refresh_atstring · date-timeRead-onlyOptional
created_atstring · date-timeRead-onlyOptional
updated_atstring · date-timeRead-onlyOptional
logins_lifetimestringRead-onlyOptional
auth_provider_typeinteger · enumOptional
personainteger · enumOptional
expires_atstring · date-timeRead-onlyOptional
Responses
200
OK
application/json
default
Default error response
application/json
patch
PATCH /api/v1/users/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 473
{
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"role_id": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
]
}{
"value": {
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-09-15T13:32:56.553Z",
"last_refresh_at": "2025-09-15T13:32:56.553Z",
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-09-15T13:32:56.553Z"
}
}Get User
Retrieve details of a specific user by user ID. You can use "self" instead of an ID to retrieve current user details.
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-09-15T13:32:56.553Z",
"last_refresh_at": "2025-09-15T13:32:56.553Z",
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-09-15T13:32:56.553Z"
}Delete User
Delete a user from the system by ID.
delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
delete
DELETE /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-09-15T13:32:56.553Z",
"last_refresh_at": "2025-09-15T13:32:56.553Z",
"created_at": "2025-09-15T13:32:56.553Z",
"updated_at": "2025-09-15T13:32:56.553Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-09-15T13:32:56.553Z"
}
}List Roles
Returns a paginated list of all roles available in the Veza, including role ID, name, and the associated permissions. Use this operation to get role IDs to assign team roles for users.
get
Authorizations
Query parameters
page_sizeinteger · int32Optional
page_tokenstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/roles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"roles": [
{
"id": "text",
"name": "text",
"permissions": [
"text"
],
"is_available_in_root_team": true,
"is_available_in_non_root_team": true,
"description": "text"
}
],
"next_page_token": "text",
"has_more": true
}Last updated
Was this helpful?