Team and User Management APIs
Operations for listing, creating, deleting, and updating users and teams.
Last updated
Was this helpful?
Operations for listing, creating, deleting, and updating users and teams.
Last updated
Was this helpful?
Was this helpful?
These APIs provide an interface for managing users and teams in Veza.
Retrieve a list of all teams. This endpoint allows filtering and sorting of the returned teams.
OK
Default error response
GET /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"values": [
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-08-26T04:45:32.339Z",
"updated_at": "2025-08-26T04:45:32.339Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
],
"next_page_token": "text",
"has_more": true
}
Create a new team, scoped to the specified provider IDs:
{
"name": "AWS Dev Team",
"policy_type": "PROVIDER_ID_SET",
"providers": [
{
"id": "10fc60da-9df6-4495-ae0f-abf92e0bd715",
}
],
"description": "Limited to aws_dev account",
"sso_alias": "AWS Dev Team"
}
The team policy_type
determines the scope of integrations for the team. The value can be UNBOUND
or PROVIDER_ID_SET
:
PROVIDER_ID_SET
: Users can only see data and manage integrations for the listed providers
, specified by id
.
UNBOUND
: Users can access all providers, similar to the root team. Users on this team will share a unique set of reports and saved queries.
OK
Default error response
POST /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 99
{
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-08-26T04:45:32.339Z",
"updated_at": "2025-08-26T04:45:32.339Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}
Fetch details of a specific team by providing the team ID.
OK
Default error response
GET /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-08-26T04:45:32.339Z",
"updated_at": "2025-08-26T04:45:32.339Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}
Remove a team from the system using the team ID.
OK
Default error response
DELETE /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{}
Update details of an existing team. The PUT method replaces the entire team entity, while PATCH allows for partial updates.
OK
Default error response
PUT /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 111
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-08-26T04:45:32.339Z",
"updated_at": "2025-08-26T04:45:32.339Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}
OK
Default error response
PATCH /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 111
{
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text"
}
],
"description": "text",
"sso_alias": "text"
}
{
"value": {
"id": "text",
"name": "text",
"policy_type": 1,
"providers": [
{
"id": "text",
"name": "text",
"type": 1
}
],
"created_at": "2025-08-26T04:45:32.339Z",
"updated_at": "2025-08-26T04:45:32.339Z",
"description": "text",
"user_count": 1,
"sso_alias": "text"
}
}
Create a new user with details such as name, email, and team assignments.
A user object includes basic attributes and team and role assignments:
{
"name": "Demo User",
"email": "[email protected]",
"password": "password",
"team_roles": [
{
"team_id": "613df06e-9a40-4331-947c-5c327b54b228",
"role_id": "39b50a23-da71-4d02-8504-21038fe49a2f"
}
]
}
OK
Default error response
POST /api/v1/users HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 250
{
"name": "text",
"email": "text",
"password": "text",
"persona": 1,
"team_roles": [
{
"team_id": "text",
"role_id": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"given_name": "text",
"family_name": "text",
"display_name": "text"
}
{
"id": "text"
}
Change team roles or persona for an existing user. This endpoint supports partial updates.
OK
Default error response
PATCH /api/v1/users/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 473
{
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"role_id": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
]
}
{
"value": {
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-08-26T04:45:32.339Z",
"last_refresh_at": "2025-08-26T04:45:32.339Z",
"created_at": "2025-08-26T04:45:32.339Z",
"updated_at": "2025-08-26T04:45:32.339Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-08-26T04:45:32.339Z"
}
}
Retrieve details of a specific user by user ID. You can use "self" instead of an ID to retrieve current user details.
OK
Default error response
GET /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-08-26T04:45:32.339Z",
"last_refresh_at": "2025-08-26T04:45:32.339Z",
"created_at": "2025-08-26T04:45:32.339Z",
"updated_at": "2025-08-26T04:45:32.339Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-08-26T04:45:32.339Z"
}
Delete a user from the system by ID.
OK
Default error response
DELETE /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"display_name": "text",
"given_name": "text",
"family_name": "text",
"email": "text",
"enabled": true,
"last_login_at": "2025-08-26T04:45:32.339Z",
"last_refresh_at": "2025-08-26T04:45:32.339Z",
"created_at": "2025-08-26T04:45:32.339Z",
"updated_at": "2025-08-26T04:45:32.339Z",
"logins_lifetime": "text",
"auth_provider_type": 1,
"persona": 1,
"options": {
"can_change_password": true,
"has_mfa": true,
"can_change_roles": true,
"can_disable": true,
"can_delete": true,
"can_edit_name": true,
"can_extend_support": true,
"can_remove_from_teams": true
},
"team_roles": [
{
"team_id": "text",
"team_name": "text",
"role_id": "text",
"role_name": "text"
}
],
"digest_settings": [
{
"digest_id": "text",
"digest_name": "text",
"frequency": 1
}
],
"expires_at": "2025-08-26T04:45:32.339Z"
}
}
Returns a paginated list of all roles available in the Veza, including role ID, name, and the associated permissions. Use this operation to get role IDs to assign team roles for users.
OK
Default error response
GET /api/v1/roles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"roles": [
{
"id": "text",
"name": "text",
"permissions": [
"text"
],
"is_available_in_root_team": true,
"is_available_in_non_root_team": true,
"description": "text"
}
],
"next_page_token": "text",
"has_more": true
}