Team and User Management APIs

Operations for listing, creating, deleting, and updating users and teams.

Overview

These APIs provide an interface for managing users and teams in Veza.

Get Teams

Retrieve a list of all teams. This endpoint allows filtering and sorting of the returned teams.

get

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Query parameters

filterstringOptional

order_bystringOptional

page_sizeinteger · int32Optional

page_tokenstringOptional

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/teams

GET /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "name": "text",
      "policy_type": 1,
      "providers": [
        {
          "id": "text",
          "name": "text",
          "type": 1
        }
      ],
      "created_at": "2026-01-07T19:47:04.491Z",
      "updated_at": "2026-01-07T19:47:04.491Z",
      "description": "text",
      "user_count": 1,
      "sso_alias": "text",
      "provider_types": [
        1
      ]
    }
  ],
  "next_page_token": "text",
  "has_more": true
}

Create Team

Create a new team, scoped to the specified provider IDs:

{
  "name": "AWS Dev Team",
  "policy_type": "PROVIDER_ID_SET",
  "providers": [
    {
      "id": "10fc60da-9df6-4495-ae0f-abf92e0bd715",
      }
    ],
  "description": "Limited to aws_dev account",
  "sso_alias": "AWS Dev Team"
  }

The team policy_type determines the scope of integrations for the team. The value can be UNBOUND or PROVIDER_ID_SET:

PROVIDER_ID_SET: Users can only see data and manage integrations for the listed providers, specified by id.
UNBOUND: Users can access all providers, similar to the root team. Users on this team will share a unique set of reports and saved queries.

post

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Body

namestringOptional

policy_typeinteger · enumOptional

descriptionstringOptional

sso_aliasstringOptional

provider_typesinteger · enum[]Optional

Responses

200

application/json

default

Default error response

application/json

post

/api/v1/teams

POST /api/v1/teams HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 120

{
  "name": "text",
  "policy_type": 1,
  "providers": [
    {
      "id": "text"
    }
  ],
  "description": "text",
  "sso_alias": "text",
  "provider_types": [
    1
  ]
}

{
  "value": {
    "id": "text",
    "name": "text",
    "policy_type": 1,
    "providers": [
      {
        "id": "text",
        "name": "text",
        "type": 1
      }
    ],
    "created_at": "2026-01-07T19:47:04.491Z",
    "updated_at": "2026-01-07T19:47:04.491Z",
    "description": "text",
    "user_count": 1,
    "sso_alias": "text",
    "provider_types": [
      1
    ]
  }
}

Get Team

Fetch details of a specific team by providing the team ID.

get

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/teams/{id}

GET /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "name": "text",
    "policy_type": 1,
    "providers": [
      {
        "id": "text",
        "name": "text",
        "type": 1
      }
    ],
    "created_at": "2026-01-07T19:47:04.491Z",
    "updated_at": "2026-01-07T19:47:04.491Z",
    "description": "text",
    "user_count": 1,
    "sso_alias": "text",
    "provider_types": [
      1
    ]
  }
}

Delete Team

Remove a team from the system using the team ID.

delete

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

idstringRequired

Responses

200

application/json

Responseobject

default

Default error response

application/json

delete

/api/v1/teams/{id}

DELETE /api/v1/teams/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Update Team

Update details of an existing team. The PUT method replaces the entire team entity, while PATCH allows for partial updates.

put

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

value.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

namestringOptional

policy_typeinteger · enumOptional

created_atstring · date-timeRead-onlyOptional

updated_atstring · date-timeRead-onlyOptional

descriptionstringOptional

user_countinteger · int32Read-onlyOptional

sso_aliasstringOptional

provider_typesinteger · enum[]Optional

Responses

200

application/json

default

Default error response

application/json

put

/api/v1/teams/{value.id}

PUT /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 132

{
  "id": "text",
  "name": "text",
  "policy_type": 1,
  "providers": [
    {
      "id": "text"
    }
  ],
  "description": "text",
  "sso_alias": "text",
  "provider_types": [
    1
  ]
}

{
  "value": {
    "id": "text",
    "name": "text",
    "policy_type": 1,
    "providers": [
      {
        "id": "text",
        "name": "text",
        "type": 1
      }
    ],
    "created_at": "2026-01-07T19:47:04.491Z",
    "updated_at": "2026-01-07T19:47:04.491Z",
    "description": "text",
    "user_count": 1,
    "sso_alias": "text",
    "provider_types": [
      1
    ]
  }
}

patch

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

value.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

namestringOptional

policy_typeinteger · enumOptional

created_atstring · date-timeRead-onlyOptional

updated_atstring · date-timeRead-onlyOptional

descriptionstringOptional

user_countinteger · int32Read-onlyOptional

sso_aliasstringOptional

provider_typesinteger · enum[]Optional

Responses

200

application/json

default

Default error response

application/json

patch

/api/v1/teams/{value.id}

PATCH /api/v1/teams/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 132

{
  "id": "text",
  "name": "text",
  "policy_type": 1,
  "providers": [
    {
      "id": "text"
    }
  ],
  "description": "text",
  "sso_alias": "text",
  "provider_types": [
    1
  ]
}

{
  "value": {
    "id": "text",
    "name": "text",
    "policy_type": 1,
    "providers": [
      {
        "id": "text",
        "name": "text",
        "type": 1
      }
    ],
    "created_at": "2026-01-07T19:47:04.491Z",
    "updated_at": "2026-01-07T19:47:04.491Z",
    "description": "text",
    "user_count": 1,
    "sso_alias": "text",
    "provider_types": [
      1
    ]
  }
}

Create User

Create a new user with details such as name, email, and team assignments.

A user object includes basic attributes and team and role assignments:

{
  "name": "Demo User",
  "email": "[email protected]",
  "password": "password",
  "team_roles": [
    {
      "team_id": "613df06e-9a40-4331-947c-5c327b54b228",
      "role_id": "39b50a23-da71-4d02-8504-21038fe49a2f"
    }
  ]
}

post

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Body

namestringOptional

emailstringOptional

passwordstringOptional

personainteger · enumOptional

given_namestringOptional

family_namestringOptional

display_namestringOptional

Responses

200

application/json

default

Default error response

application/json

post

/api/v1/users

POST /api/v1/users HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 250

{
  "name": "text",
  "email": "text",
  "password": "text",
  "persona": 1,
  "team_roles": [
    {
      "team_id": "text",
      "role_id": "text"
    }
  ],
  "digest_settings": [
    {
      "digest_id": "text",
      "digest_name": "text",
      "frequency": 1
    }
  ],
  "given_name": "text",
  "family_name": "text",
  "display_name": "text"
}

{
  "id": "text"
}

Update User

Change team roles or persona for an existing user. This endpoint supports partial updates.

patch

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

value.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

namestringOptional

display_namestringOptional

given_namestringOptional

family_namestringOptional

emailstringOptional

enabledbooleanOptional

last_login_atstring · date-timeRead-onlyOptional

last_refresh_atstring · date-timeRead-onlyOptional

created_atstring · date-timeRead-onlyOptional

updated_atstring · date-timeRead-onlyOptional

logins_lifetimestringRead-onlyOptional

auth_provider_typeinteger · enumOptional

auth_provider_idstringOptional

personainteger · enumOptional

expires_atstring · date-timeRead-onlyOptional

Responses

200

application/json

default

Default error response

application/json

patch

/api/v1/users/{value.id}

PATCH /api/v1/users/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 499

{
  "id": "text",
  "name": "text",
  "display_name": "text",
  "given_name": "text",
  "family_name": "text",
  "email": "text",
  "enabled": true,
  "auth_provider_type": 1,
  "auth_provider_id": "text",
  "persona": 1,
  "options": {
    "can_change_password": true,
    "has_mfa": true,
    "can_change_roles": true,
    "can_disable": true,
    "can_delete": true,
    "can_edit_name": true,
    "can_extend_support": true,
    "can_remove_from_teams": true
  },
  "team_roles": [
    {
      "team_id": "text",
      "role_id": "text"
    }
  ],
  "digest_settings": [
    {
      "digest_id": "text",
      "digest_name": "text",
      "frequency": 1
    }
  ]
}

{
  "value": {
    "id": "text",
    "name": "text",
    "display_name": "text",
    "given_name": "text",
    "family_name": "text",
    "email": "text",
    "enabled": true,
    "last_login_at": "2026-01-07T19:47:04.491Z",
    "last_refresh_at": "2026-01-07T19:47:04.491Z",
    "created_at": "2026-01-07T19:47:04.491Z",
    "updated_at": "2026-01-07T19:47:04.491Z",
    "logins_lifetime": "text",
    "auth_provider_type": 1,
    "auth_provider_id": "text",
    "persona": 1,
    "options": {
      "can_change_password": true,
      "has_mfa": true,
      "can_change_roles": true,
      "can_disable": true,
      "can_delete": true,
      "can_edit_name": true,
      "can_extend_support": true,
      "can_remove_from_teams": true
    },
    "team_roles": [
      {
        "team_id": "text",
        "team_name": "text",
        "role_id": "text",
        "role_name": "text"
      }
    ],
    "digest_settings": [
      {
        "digest_id": "text",
        "digest_name": "text",
        "frequency": 1
      }
    ],
    "expires_at": "2026-01-07T19:47:04.491Z"
  }
}

Get User

Retrieve details of a specific user by user ID. You can use "self" instead of an ID to retrieve current user details.

get

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/users/{id}

GET /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "id": "text",
  "name": "text",
  "display_name": "text",
  "given_name": "text",
  "family_name": "text",
  "email": "text",
  "enabled": true,
  "last_login_at": "2026-01-07T19:47:04.491Z",
  "last_refresh_at": "2026-01-07T19:47:04.491Z",
  "created_at": "2026-01-07T19:47:04.491Z",
  "updated_at": "2026-01-07T19:47:04.491Z",
  "logins_lifetime": "text",
  "auth_provider_type": 1,
  "auth_provider_id": "text",
  "persona": 1,
  "options": {
    "can_change_password": true,
    "has_mfa": true,
    "can_change_roles": true,
    "can_disable": true,
    "can_delete": true,
    "can_edit_name": true,
    "can_extend_support": true,
    "can_remove_from_teams": true
  },
  "team_roles": [
    {
      "team_id": "text",
      "team_name": "text",
      "role_id": "text",
      "role_name": "text"
    }
  ],
  "digest_settings": [
    {
      "digest_id": "text",
      "digest_name": "text",
      "frequency": 1
    }
  ],
  "expires_at": "2026-01-07T19:47:04.491Z"
}

Delete User

Delete a user from the system by ID.

delete

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

delete

/api/v1/users/{id}

DELETE /api/v1/users/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "name": "text",
    "display_name": "text",
    "given_name": "text",
    "family_name": "text",
    "email": "text",
    "enabled": true,
    "last_login_at": "2026-01-07T19:47:04.491Z",
    "last_refresh_at": "2026-01-07T19:47:04.491Z",
    "created_at": "2026-01-07T19:47:04.491Z",
    "updated_at": "2026-01-07T19:47:04.491Z",
    "logins_lifetime": "text",
    "auth_provider_type": 1,
    "auth_provider_id": "text",
    "persona": 1,
    "options": {
      "can_change_password": true,
      "has_mfa": true,
      "can_change_roles": true,
      "can_disable": true,
      "can_delete": true,
      "can_edit_name": true,
      "can_extend_support": true,
      "can_remove_from_teams": true
    },
    "team_roles": [
      {
        "team_id": "text",
        "team_name": "text",
        "role_id": "text",
        "role_name": "text"
      }
    ],
    "digest_settings": [
      {
        "digest_id": "text",
        "digest_name": "text",
        "frequency": 1
      }
    ],
    "expires_at": "2026-01-07T19:47:04.491Z"
  }
}

List Roles

Returns a paginated list of all roles available in the Veza, including role ID, name, and the associated permissions. Use this operation to get role IDs to assign team roles for users.

get

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Query parameters

page_sizeinteger · int32Optional

page_tokenstringOptional

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/roles

GET /api/v1/roles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "roles": [
    {
      "id": "text",
      "name": "text",
      "permissions": [
        "text"
      ],
      "is_available_in_root_team": true,
      "is_available_in_non_root_team": true,
      "description": "text"
    }
  ],
  "next_page_token": "text",
  "has_more": true
}

PreviousSystem Events NextTeam API Keys

Last updated 5 months ago

Was this helpful?