1 of 39

Access Reviews APIs

Methods for interacting with workflows and certifications

These endpoints enable listing workflows, listing certifications, getting certification results, and updating certifications. They can be used to programmatically retrieve workflow and certification details, and update certification rows with a decision or note, such as ticket number.

These endpoints also provide utility functionality, such as managing the reviewer deny list, populating results with webhook response info, and customizing quick filters, smart actions, and help pages.

Core Workflow Operations

APIs for Veza Access Reviews are subject to change, and as such are provided with the /preview API collection. Use the appropriate prefix when calling the API, for example, your-org.vezacloud.com/api/preview/.

Quick start

First, save your and Veza base URL as environment variables:

Get all workflows and IDs:

Use a workflow id to get active and pending certifications for that workflow:

The response will include certification details, including the certification ids.

Using a certification id, you can get results for the certification, including entity attributes:

Update a certification result row with a note:

Force Update Result

Update a single result with escalated privileges

ForceUpdateAwfResults allows administrators to modify results more than normally allowed, such as changing sign-off status, or changing a row's decision after a certification expires.

Method

syntax

The API token used for this request must be created for a user with the

Update Webhook Info

Update status info for custom webhooks

Updates webhook status and details for a certification result.

If you have configured a custom webhook to conduct automated access removal or another form of remediation, you can update Veza with the notification status.

Your application can use this endpoint to send a POST request updating the webhook state, visible to other reviewers from Veza's Certification UI.

This endpoint can also be called during the 7-day grace period after a certification completes or expires. Calls during the grace period require the admin, Access Reviews Admin, or operator role.

Method

syntax

Path parameters

certification_id - id of the certification containing the result to update.

Body

The request body must include the id of the result to update. Valid notification_status are:

PENDING
SUCCEED
FAILED

Webhook_info strings can contain up to 255 bytes.

Response

A successful response will be empty {}

Manage Reviewer Deny List

Prevent auto assignment for specific users

View or change the deny list for reviewer auto assignment.

Adding a user to the deny list will prevent that user from being auto assigned as a reviewer. That user will also be prevented from appearing in the drop-down menu when manually reassigning a user.

If a user's manager is on the deny list when auto assignment occurs, the certification will be assigned to the that manager's manager. If both the manager and the manager's manger are on the deny list, the result will be assigned to the workflow creator.

Get Deny List

Quick Filters

Customizing saved filters for certification reviewers.

List, create, and delete saved filters, globally or for a single workflow. Reviewers can pick from available quick filters under Certification Filters > Saved Filters.

Method

Syntax

Smart Action Definitions

Define filter-based actions that reviewers can apply to certifications results with a matching attribute or status.

Reviewers can view and apply custom actions from the Review interface by clicking Smart Action > Prepared Actions.

Review Completion Settings

Customize the requirements for completing a review.

An Admin or Operator user can complete a review by clicking the "Complete Review" button.

Once a review is marked as "completed," it becomes read-only and is no longer visible to reviewers. By default, a review can be completed when all rows have a signed-off decision.

This API allows you to modify this behavior, enabling a review to be completed at any time, or only when all rows are signed off with a non-rejected decision. The latter option is useful if your organization prefers to complete reviews only after all rejected access has been remediated.

Parameters

Review Auto-Complete Settings

Enable or disable automatic review completion once all rows have decisions.

Enable or disable the "auto-complete" feature. When auto-complete is enabled, a review will automatically be completed once all rows have a signed-off decision, or a non-rejected signed-off decision, depending on the "Completion Allowed Settings."

Parameters

Possible values are:

Self Review Prevention

Prevent users from being assigned as reviewers for rows that relate to their own access and permissions.

Enable or disable self-review prevention. When self-review prevention is enabled, users are prevented from being assigned as reviewers for rows that relate to their own access and permissions.

Parameters

The value can be either an integer or string:

Review UI Customizations

Customize notes behavior and UI elements for reviewers.

By default, when a reviewer approves a row, a "notes" pop-up appears, allowing the user to optionally add a note explaining their decision. When a reviewer rejects a row, the "notes" pop-up appears, and adding a note is required. This API allows you to customize this behavior. For example, you can choose to disable the pop-up when a row is approved and make the notes pop-up optional when a row is rejected.

Additionally, this API can enable the historical "Approve & Signoff" action in the reviewer experience when multiple rows are selected. Note: It is recommended that this feature remains disabled to ensure a more streamlined reviewer experience.

Parameters

accept_notes_behavior can be:

NOTES_BEHAVIOR_UNKNOWN = 0
NO_POP_UP = 1
POP_UP_OPTIONAL = 2

reject_notes_behavior can be:

NOTES_BEHAVIOR_UNKNOWN = 0
NO_POP_UP = 1
POP_UP_OPTIONAL = 2

approve_and_sign_off_button_behavior can be:

HIDE_OR_SHOW_BEHAVIOR_UNKNOWN = 0
SHOW = 1
HIDE = 2

diff_dropdown_behavior can be:

NORMAL = 1 (Enables all users to see decisions and access changes from previous reviews for the same configuration)
ALWAYS_HIDE_FOR_ACCESS_REVIEWER_ROLE = 2 (Prevents users with the "Access Reviewer" role from accessing this option)

Example

Get Review UI Customizations

Set Review UI Customizations

Expire Overdue Reviews

Auto-expire overdue reviews.

This setting is configurable on the Access Reviews > Settings page. Enable Auto-Expire overdue reviews to automatically expire reviews that aren't completed by the due date.

Enables or disable expiration of overdue reviews. By default, overdue reviews are not expired and remain available to reviewers. When expiration is enabled, the review will be "expired" when it becomes overdue. An expired review is read-only and is not shown to reviewers.

Parameters

Review Expiration Behavior

Configure what happens when reviews expire.

This setting is configurable on the Access Reviews > Settings page. Enable Reject incomplete rows to reject and sign off on undecided rows when a review expires.

This API allows you to change the behavior when a review expires (which can be enabled in Review Auto-Complete Settings). Depending on the behavior, incomplete rows can be auto-rejected when the review deadline passes.

Review expiration behavior can be configured globally, or for all reviews for a single Review Configuration, specified by workflow_id in the request.

Data Source Acknowledgement

Require data source status acknowledgement during review creation.

By default, when a review is created, a user can optionally view the status of the data sources involved in the review. This API allows the behavior to change, requiring that the data source status is shown to the user and acknowledged during review creation.

Acknowledgement settings apply only to manually created reviews in the Veza console and do not apply to on-demand, scheduled, or API-created reviews.

Parameters

Possible values are:

DATASOURCE_ACKNOWLEDGEMENT_UNKNOWN = 0
DATASOURCE_ACKNOWLEDGEMENT_NOT_SHOWN = 1
DATASOURCE_ACKNOWLEDGEMENT_REQUIRED = 2

Get Data Source Acknowledgement Setting

Set Data Source Acknowledgement Setting

Predefined Decision Notes

Add suggested notes for reviewer decisions.

Configure predefined notes as menu options when reviewers approve or reject rows. This feature can be configured globally for all reviews or specifically for individual review configurations. When configured for a specific review configuration (using workflow_id), those settings override any global predefined notes.

The predefined notes appear as selectable options in the notes dialog when making decisions, suggesting standardized responses alongside free-form text entry.

Parameters

The request body accepts:

Reviewer Export Settings

Control export permissions for reviewers.

Control whether reviewers can view and export access review data. This setting provides granular control over different export formats, allowing administrators to enable or disable CSV and PDF exports independently based on organizational security policies.

When enabled, reviewers can export review data in the allowed formats for offline analysis or reporting. When disabled, the corresponding export options are hidden from the reviewer interface, ensuring review data remains within the Veza platform.

The default setting disables both CSV and PDF exports for security. This setting can be configured globally for all reviews or for specific review configurations using the workflow_id parameter.

Parameters

The request body accepts:

allow_csv_exports (boolean) - Enable or disable CSV export functionality for reviewers
allow_pdf_exports (boolean) - Enable or disable PDF export functionality for reviewers
workflow_id (optional string) - Specific review configuration ID to override global settings

Example

Example request body:

Get Reviewer Export Settings

Retrieve the current reviewer export permission settings. Include the optional workflow_id query parameter to get settings for a specific review configuration.

Global Settings Request:

Configuration-Specific Request:

Example response:

Set Reviewer Export Settings

Update the reviewer export permission settings globally or for a specific review configuration.

Global Settings Request:

Configuration-Specific Request:

Example response:

Reviewer Reassignment Setting

Control whether assigned reviewers can reassign rows to other reviewers.

Controls whether users acting as assigned reviewers can reassign rows to other reviewers.

When enabled (the default), any user assigned as a reviewer on specific rows can reassign those rows.
When disabled, assigned reviewers cannot reassign rows.

Column Name Overrides

Customize column display names in the access review interface.

Use column name overrides to customize the display names of columns in the reviewer interface. For example, you can rename source.department to "Business Unit" or destination.name to "Application" to better match your organization's terminology.

Overrides can be configured globally (applying to all reviews) or scoped to a specific review configuration by providing a workflow_id. Workflow-specific overrides take precedence over global overrides.

Allowed roles: admin, access_reviews_admin, operator

Parameters

Name

Type

Required

Description

Get Column Name Overrides

GET /api/private/workflows/access/global_settings/column_name_overrides

Get Global Overrides

Get Workflow-Scoped Overrides

Example Response

Set Column Name Overrides

PATCH /api/private/workflows/access/global_settings/column_name_overrides

Example: Set Global Overrides

Example: Set Workflow-Scoped Overrides

Response

Clear Column Name Overrides

DELETE /api/private/workflows/access/global_settings/column_name_overrides

Remove column name overrides. Optionally specify field_names to clear specific overrides, or omit to clear all overrides for the given scope.

Clear All Global Overrides

Clear Specific Overrides

Response

Reviewer Bulk Actions Settings

Control which bulk actions are available to reviewers.

This setting provides granular control over bulk operations in Access Reviews. With it, administrators can selectively disable specific actions, based on organizational security policies and compliance requirements.

When a bulk action is enabled (all actions are enabled by default), reviewers choose the action to multiple rows at once using row selection, "Select All", or filter-based operations. When disabled, the specified action is hidden from the reviewer interface, for any operations affecting two or more rows.

Bulk action restrictions apply only to users with the reviewer role. Administrators and operators are not affected by these settings. Single-row operations (acting on one row at a time) are never restricted.

All fields default to true (all bulk actions allowed). This setting can be configured globally for all reviews, or for specific review configurations by workflow_id parameter.

The fallback precedence is:

configuration-specific setting → global setting → default (all enabled).

Parameters

The request body accepts:

allow_bulk_approve (boolean) - Enable or disable bulk approve for reviewers
allow_bulk_reject (boolean) - Enable or disable bulk reject for reviewers
allow_bulk_signoff (boolean) - Enable or disable bulk sign-off for reviewers

Examples

Example request body to disable bulk approve and reject globally while keeping other bulk actions enabled:

Example request body to disable all bulk actions for a specific review configuration:

Get Reviewer Bulk Actions Settings

Retrieve the current reviewer bulk actions settings. Include the optional workflow_id query parameter to get settings for a specific review configuration.

Global Settings Request:

Configuration-Specific Request:

Example response:

Set Reviewer Bulk Actions Settings

Update the reviewer bulk actions settings globally or for a specific review configuration.

Global Settings Request:

Configuration-Specific Request:

Example response:

{ "value": { "result_id": 0, "source": { "aliases": [], "created_at": "2023-05-03T14:25:43Z", "datasource_id": "datasource:google_cloud_workspace", "email_addresses": [ "[email protected]", "[email protected]", "[email protected]" ], "full_admin": false, "google_cloud_organization_name": "organizations/123456789012", "guest": false, "id": "datasource:112655590859538682841", "idp_unique_id": "[email protected]", "is_active": true, "last_login_at": "2023-05-10T15:25:04Z", "location_areas": [], "mfa_enabled": false, "name": "[email protected]", "organization_names": [], "provider_id": "datasource", "suspended": false, "type": "GoogleWorkspaceUser", "tags": [ { "key": "department", "type": "VEZA", "value": "engineering" } ] }, "destination": { "created_at": "2021-11-01T14:23:35Z", "datasource_id": "datasource:google_cloud_iam", "google_cloud_organization_name": "organizations/123456789012", "id": "projects/743979515322", "name": "Dev GCP Project", "parent_id": "organizations/123456789012", "project_id": "striped-graph-330814", "provider_id": "datasource", "type": "GoogleCloudProject", "updated_at": "2022-04-07T22:08:48Z" }, "accumulated_effective_permissions": [], "accumulated_raw_permissions": [ "bigquery.datasets.get", "bigquery.datasets.getIamPolicy", "bigquery.tables.get", "bigquery.tables.getIamPolicy", "bigquery.tables.list", "iam.roles.get", "iam.roles.list", "iam.serviceAccounts.create", "iam.serviceAccounts.list", "resourcemanager.folders.create", "resourcemanager.folders.delete", "resourcemanager.folders.get", "resourcemanager.folders.getIamPolicy", "resourcemanager.folders.list", "resourcemanager.folders.move", "resourcemanager.folders.setIamPolicy", "resourcemanager.folders.undelete", "resourcemanager.organizations.get", "resourcemanager.organizations.getIamPolicy", "resourcemanager.organizations.setIamPolicy", "resourcemanager.projects.create", "resourcemanager.projects.delete", "resourcemanager.projects.get", "resourcemanager.projects.getIamPolicy", "resourcemanager.projects.list", "resourcemanager.projects.move", "resourcemanager.projects.setIamPolicy", "resourcemanager.projects.update", "storage.buckets.create", "storage.buckets.createTagBinding", "storage.buckets.delete", "storage.buckets.deleteTagBinding", "storage.buckets.get", "storage.buckets.getIamPolicy", "storage.buckets.list", "storage.buckets.listTagBindings", "storage.buckets.setIamPolicy", "storage.buckets.update" ], "updated_at": null, "updated_by": null, "signed_off_at": null, "signed_off_by": null, "notification_response_infos": [], "notification_status": "UNKNOWN", "waypoint": { "id": "organizations/123456789012_policy_role_binding0", "name": "CookieAIDevServicePrincipalRole", "type": "GoogleCloudIamRoleBinding" }, "action_log_entries": [], "decision": "NONE", "notes": "", "reviewers": [ { "user_type": "localCookieUser", "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8", "email": "[email protected]", "name": "External User" } ], "signed_off_state": "NOT_SIGNED_OFF", "reviewer_assignment": null, "joined_nodes": { "idp": { "canonical_name": "Jane Doe", "department": "Engineering", "email": "[email protected]", "identity_type": "HUMAN", "is_active": true, "manager_email": "[email protected]", "name": "jdoe", "type": "OAA.custom_idp.IDPUser" } } } }

{ "values": [ { "certification_id": "b2562ef3-a4b3-4b30-8a45-1ba36f945d10", "workflow_id": "b9dc2586-5f30-4462-b6be-53f62debc40f", "query_used": { "raw_permissions": null, "effective_permissions": null, "source_node_types": { "nodes": [ { "node_type": "GoogleWorkspaceUser", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "required_intermediate_node_types": { "nodes": [], "nodes_operator": "AND" }, "avoided_intermediate_node_types": { "nodes": [], "nodes_operator": "AND" }, "destination_node_types": { "nodes": [ { "node_type": "GoogleCloudProject", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "no_relation": false, "snapshot_id": "1690354800", "waypoint_node_types": { "nodes": [ { "node_type": "GoogleCloudIamRoleBinding", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "path_summary_node_types": null, "node_relationship_type": "CONFIGURED", "include_all_source_tags_in_results": true, "include_all_destination_tags_in_results": false, "page_size": "0", "page_token": "" }, "name": "demo", "notes": "", "due_date": "2023-07-30T03:44:00Z", "reviewers": [], "state": "IN_PROGRESS", "snapshot_time": "2023-07-26T07:00:00Z", "started_at": "2023-07-27T03:44:27.260812616Z", "query_completed_at": "2023-07-27T03:44:31.410373279Z", "completed_at": null, "created_by": { "user_type": "localCookieUser", "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8", "email": "[email protected]", "name": "earlypreview-auth0" }, "completed_by": null, "results_updated_at": "2023-07-27T03:44:31.410373665Z", "results_updated_by": { "user_type": "localCookieUser", "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8", "email": "[email protected]", "name": "earlypreview-auth0" }, "updated_at": "2023-07-27T03:44:31.410413829Z", "updated_by": { "user_type": "localCookieUser", "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8", "email": "[email protected]", "name": "earlypreview-auth0" }, "error_reason": "", "expired_at": null, "version": 1, "total_result_count": 2433, "total_complete_count": 0, "total_rejected_count": 0, "total_accepted_count": 0, "total_fixed_count": 0 } ] }

Help Page Templates

Manage custom help pages for Veza Access Reviews.

Use these operations to add and manage help pages for access reviewers, and customize pop-up messages when a review starts, or when rows are signed off.

Operation

Method

Syntax

POST

{veza_url}/api/preview/awf/help_page_templates

Create help page

Add custom help messages for reviewers by providing the plain text template_body, name, and an existing workflow_id and usage where the template will apply. All reviews (certifications) for the configuration (workflow) will use the new template.

Template usage

The usage field determines how and when the help page will be visible to users. It must be one of the following values:

HELP_PAGE: Reviewers can access help pages from reviewer's interface by clicking the User Guide icon. The help page will also appear when viewing the review for the first time.
REVIEW_START: Opens when reviewers start a review.
SIGN_OFF

Only one help page can exist at a time for a given workflow and usage. You can manage global help pages by using 00000000-0000-0000-0000-000000000000 as the workflow_id. Global help pages for each usage will apply to all reviews for all configurations.

Template formatting

The template can use markdown and placeholders, for example:

See for more information about placeholders.

Example request:

List help pages

Get all configured help page templates.

Example response:

Get help page

Returns the current help page template for an existing workflow_id and usage.

The usage parameter must be specified. For the existing help page template, the usage value should be HELP_PAGE.
To retrieve the tenant-wide default template (if it was set), use an all-zero UUID (00000000-0000-0000-0000-000000000000) for the workflow_id.

Example request:

Get review help page

Returns the current template for a given certification id.

Example request:

Example response:

Delete help page

Permanently remove the help page template for a workflow_id and usage. It will no longer apply to reviews for using the configuration, specified by workflow_id.

The usage parameter must be specified. For the existing help page template, the usage value should be HELP_PAGE.
To clear the tenant-wide default template, use an all-zero UUID for the workflow_id: 00000000-0000-0000-0000-000000000000.

Example request:

Update help page

PUT {{veza_url}}/api/preview/awf/help_page_templates

Update the help page for the specified workflow_id and usage:

To add a tenant-wide default template, use an all-zero UUID for the workflow_id: 00000000-0000-0000-0000-000000000000.
Updating a template now uses a plain text template_body, instead of a base64-encoded string.

Example request:

{ "values": [ { "workflow_id": "b9dc2586-5f30-4462-b6be-53f62debc40f", "name": "demo", "description": "demo", "owner": { "user_type": "localCookieUser", "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8", "email": "[email protected]", "name": "earlypreview-auth0" }, "notes": "", "query": { "raw_permissions": null, "effective_permissions": null, "source_node_types": { "nodes": [ { "node_type": "GoogleWorkspaceUser", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "required_intermediate_node_types": { "nodes": [], "nodes_operator": "AND" }, "avoided_intermediate_node_types": { "nodes": [], "nodes_operator": "AND" }, "destination_node_types": { "nodes": [ { "node_type": "GoogleCloudProject", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "no_relation": false, "snapshot_id": "1690354800", "waypoint_node_types": { "nodes": [ { "node_type": "GoogleCloudIamRoleBinding", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "path_summary_node_types": null, "node_relationship_type": "CONFIGURED", "include_all_source_tags_in_results": true, "include_all_destination_tags_in_results": false, "page_size": "0", "page_token": "" }, "creator": { "user_type": "localCookieUser", "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8", "email": "[email protected]", "name": "earlypreview-auth0" }, "created_at": "2023-07-27T03:34:56.166550127Z" }, { "workflow_id": "baecbd47-bd3d-4d52-acb8-34840a8973b2", "name": "Azure PS", "description": "", "owner": { "user_type": "localCookieUser", "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8", "email": "[email protected]", "name": "earlypreview-auth0" }, "notes": "", "query": { "raw_permissions": null, "effective_permissions": null, "source_node_types": { "nodes": [ { "node_type": "Principal", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "required_intermediate_node_types": { "nodes": [], "nodes_operator": "AND" }, "avoided_intermediate_node_types": { "nodes": [], "nodes_operator": "AND" }, "destination_node_types": { "nodes": [ { "node_type": "AzureDataLakeFilesystem", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "no_relation": false, "snapshot_id": "1675900800", "waypoint_node_types": null, "path_summary_node_types": { "nodes": [ { "node_type": "AzureADGroup", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null }, { "node_type": "ActiveDirectoryGroup", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null }, { "node_type": "AzureRoleAssignment", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null }, { "node_type": "AzureAssignmentPermissions", "tags": [], "conditions": [], "condition_expression": null, "node_id": "", "excluded_tags": [], "count_conditions": [], "direct_relationship_only": false, "node_type_grouping_constraint": null } ], "nodes_operator": "AND" }, "node_relationship_type": "CONFIGURED", "include_all_source_tags_in_results": false, "include_all_destination_tags_in_results": false, "page_size": "0", "page_token": "" }, "creator": { "user_type": "localCookieUser", "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8", "email": "[email protected]", "name": "earlypreview-auth0" }, "created_at": "2023-02-09T03:07:24.458473708Z" } ] }

{ "values": [ { "id": "text", "description": "text", "name": "text", "workflow_id": "text", "filter": "text", "mutable_fields": { "decision": 1, "notes": "text", "updated_at": "2026-05-22T23:11:00.898Z", "updated_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "notification_infos": { "values": [ { "notification_type": 1, "webhook_type": 1, "status": 1, "error_message": "text", "updated_at": "2026-05-22T23:11:00.898Z", "snow_info": { "ticket_number": "text", "sys_id": "text" }, "webhook_info": { "info": "text" }, "jira_info": { "keys": [ "text" ] }, "slack_app_info": {} } ] }, "notification_status": 1, "reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "signed_off_state": 1, "signed_off_at": "2026-05-22T23:11:00.898Z", "signed_off_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "action_log": { "entries": [ { "action": 1, "user": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "time": "2026-05-22T23:11:00.898Z", "note": "text", "reviewer_detail": { "old_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "new_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ] }, "decision_detail": { "decision": 1, "note": "text" }, "decision_cleared_detail": { "previous_decision": 1, "original_decider": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "reason": 1 }, "revocation_request_detail": { "request_id": "text" }, "approval_level": 1 } ] }, "reviewer_assignment": { "users_manager": true, "resource_managers": true, "reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "fallback_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "reviewers_managers_for_approval_levels": [ 1 ] }, "automation_run_ids": [ "text" ], "decision_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "decision_at": "2026-05-22T23:11:00.898Z", "revoke_request_infos": [ { "id": "text", "state": 1, "error_message": "text" } ], "old_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "predefined_question_response": [ { "question_id": "text", "answer_id": "text", "answer_text": "text", "respondent_user": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "responded_at": "2026-05-22T23:11:00.898Z" } ], "is_assigned_to_current_user": true, "ai_suggestion": { "suggestion": 1, "reason_codes": [ "text" ], "cohort_id": "text", "cohort_index": 1 } }, "mutable_filter": "text", "apply_to_all_rows": true } ] }

POST /api/preview/awf/smart_action_definitions HTTP/1.1 Host: your-tenant.vezacloud.com Authorization: Bearer YOUR_SECRET_TOKEN Content-Type: application/json Accept: */* Content-Length: 2478 { "name": "text", "description": "text", "workflow_id": "text", "filter": "text", "mutable_fields": { "decision": 1, "notes": "text", "updated_at": "2026-05-22T23:11:00.898Z", "updated_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "notification_infos": { "values": [ { "notification_type": 1, "webhook_type": 1, "status": 1, "error_message": "text", "updated_at": "2026-05-22T23:11:00.898Z", "snow_info": { "ticket_number": "text", "sys_id": "text" }, "webhook_info": { "info": "text" }, "jira_info": { "keys": [ "text" ] }, "slack_app_info": {} } ] }, "notification_status": 1, "reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "signed_off_state": 1, "signed_off_at": "2026-05-22T23:11:00.898Z", "signed_off_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "action_log": { "entries": [ { "action": 1, "user": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "time": "2026-05-22T23:11:00.898Z", "note": "text", "reviewer_detail": { "old_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "new_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ] }, "decision_detail": { "decision": 1, "note": "text" }, "decision_cleared_detail": { "previous_decision": 1, "original_decider": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "reason": 1 }, "revocation_request_detail": { "request_id": "text" }, "approval_level": 1 } ] }, "reviewer_assignment": { "users_manager": true, "resource_managers": true, "reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "fallback_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "reviewers_managers_for_approval_levels": [ 1 ] }, "automation_run_ids": [ "text" ], "decision_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "decision_at": "2026-05-22T23:11:00.898Z", "revoke_request_infos": [ { "id": "text", "state": 1, "error_message": "text" } ], "old_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "predefined_question_response": [ { "question_id": "text", "answer_id": "text", "answer_text": "text" } ], "is_assigned_to_current_user": true, "ai_suggestion": { "suggestion": 1, "reason_codes": [ "text" ], "cohort_id": "text", "cohort_index": 1 } }, "mutable_filter": "text", "apply_to_all_rows": true }

PUT /api/preview/awf/smart_action_definitions HTTP/1.1 Host: your-tenant.vezacloud.com Authorization: Bearer YOUR_SECRET_TOKEN Content-Type: application/json Accept: */* Content-Length: 2500 { "value": { "id": "text", "description": "text", "name": "text", "workflow_id": "text", "filter": "text", "mutable_fields": { "decision": 1, "notes": "text", "updated_at": "2026-05-22T23:11:00.898Z", "updated_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "notification_infos": { "values": [ { "notification_type": 1, "webhook_type": 1, "status": 1, "error_message": "text", "updated_at": "2026-05-22T23:11:00.898Z", "snow_info": { "ticket_number": "text", "sys_id": "text" }, "webhook_info": { "info": "text" }, "jira_info": { "keys": [ "text" ] }, "slack_app_info": {} } ] }, "notification_status": 1, "reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "signed_off_state": 1, "signed_off_at": "2026-05-22T23:11:00.898Z", "signed_off_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "action_log": { "entries": [ { "action": 1, "user": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "time": "2026-05-22T23:11:00.898Z", "note": "text", "reviewer_detail": { "old_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "new_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ] }, "decision_detail": { "decision": 1, "note": "text" }, "decision_cleared_detail": { "previous_decision": 1, "original_decider": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "reason": 1 }, "revocation_request_detail": { "request_id": "text" }, "approval_level": 1 } ] }, "reviewer_assignment": { "users_manager": true, "resource_managers": true, "reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "fallback_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "reviewers_managers_for_approval_levels": [ 1 ] }, "automation_run_ids": [ "text" ], "decision_by": { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" }, "decision_at": "2026-05-22T23:11:00.898Z", "revoke_request_infos": [ { "id": "text", "state": 1, "error_message": "text" } ], "old_reviewers": [ { "user_type": "text", "id": "text", "email": "text", "name": "text", "alternate_email": "text" } ], "predefined_question_response": [ { "question_id": "text", "answer_id": "text", "answer_text": "text" } ], "is_assigned_to_current_user": true, "ai_suggestion": { "suggestion": 1, "reason_codes": [ "text" ], "cohort_id": "text", "cohort_index": 1 } }, "mutable_filter": "text", "apply_to_all_rows": true } }

{
    "values": [
        {
            "result_id": 0,
            "source": {
                "aliases": [],
                "created_at": "2023-05-03T14:25:43Z",
                "datasource_id": "datasource:google_cloud_workspace",
                "email_addresses": [
                    "[email protected]",
                    "[email protected]",
                    "[email protected]"
                ],
                "full_admin": false,
                "google_cloud_organization_name": "organizations/123456789012",
                "guest": false,
                "id": "datasource:112655590859538682841",
                "idp_unique_id": "[email protected]",
                "is_active": true,
                "last_login_at": "2023-05-10T15:25:04Z",
                "location_areas": [],
                "mfa_enabled": false,
                "name": "[email protected]",
                "organization_names": [],
                "provider_id": "datasource",
                "suspended": false,
                "type": "GoogleWorkspaceUser",
                "tags": [
                    {
                        "key": "department",
                        "type": "VEZA",
                        "value": "engineering"
                    }
                ]
            },
            "destination": {
                "created_at": "2021-11-01T14:23:35Z",
                "datasource_id": "datasource:google_cloud_iam",
                "google_cloud_organization_name": "organizations/123456789012",
                "id": "projects/743979515322",
                "name": "Dev GCP Project",
                "parent_id": "organizations/123456789012",
                "project_id": "striped-graph-330814",
                "provider_id": "datasource",
                "type": "GoogleCloudProject",
                "updated_at": "2022-04-07T22:08:48Z"
            },
            "accumulated_effective_permissions": [],
            "accumulated_raw_permissions": [
                "bigquery.datasets.get",
                "bigquery.datasets.getIamPolicy",
                "bigquery.tables.get",
                "bigquery.tables.getIamPolicy",
                "bigquery.tables.list",
                "iam.roles.get",
                "iam.roles.list",
                "iam.serviceAccounts.create",
                "iam.serviceAccounts.list",
                "resourcemanager.folders.create",
                "resourcemanager.folders.delete",
                "resourcemanager.folders.get",
                "resourcemanager.folders.getIamPolicy",
                "resourcemanager.folders.list",
                "resourcemanager.folders.move",
                "resourcemanager.folders.setIamPolicy",
                "resourcemanager.folders.undelete",
                "resourcemanager.organizations.get",
                "resourcemanager.organizations.getIamPolicy",
                "resourcemanager.organizations.setIamPolicy",
                "resourcemanager.projects.create",
                "resourcemanager.projects.delete",
                "resourcemanager.projects.get",
                "resourcemanager.projects.getIamPolicy",
                "resourcemanager.projects.list",
                "resourcemanager.projects.move",
                "resourcemanager.projects.setIamPolicy",
                "resourcemanager.projects.update",
                "storage.buckets.create",
                "storage.buckets.createTagBinding",
                "storage.buckets.delete",
                "storage.buckets.deleteTagBinding",
                "storage.buckets.get",
                "storage.buckets.getIamPolicy",
                "storage.buckets.list",
                "storage.buckets.listTagBindings",
                "storage.buckets.setIamPolicy",
                "storage.buckets.update"
            ],
            "updated_at": null,
            "updated_by": null,
            "signed_off_at": null,
            "signed_off_by": null,
            "notification_response_infos": [],
            "notification_status": "UNKNOWN",
            "waypoint": {
                "id": "organizations/123456789012_policy_role_binding0",
                "name": "CookieAIDevServicePrincipalRole",
                "type": "GoogleCloudIamRoleBinding"
            },
            "action_log_entries": [],
            "decision": "NONE",
            "notes": "",
            "reviewers": [
                {
                    "user_type": "localCookieUser",
                    "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8",
                    "email": "[email protected]",
                    "name": "External User"
                }
            ],
            "signed_off_state": "NOT_SIGNED_OFF",
            "reviewer_assignment": null,
            "joined_nodes": {
                "idp": {
                    "canonical_name": "Jane Doe",
                    "department": "Engineering",
                    "email": "[email protected]",
                    "identity_type": "HUMAN",
                    "is_active": true,
                    "manager_email": "[email protected]",
                    "name": "jdoe",
                    "type": "OAA.custom_idp.IDPUser"
                }
            }
        },
        {
            "result_id": 1,
            "source": {
                "aliases": [],
                "created_at": "2023-05-03T14:25:43Z",
                "datasource_id": "datasource:google_cloud_workspace",
                "email_addresses": [
                    "[email protected]",
                    "[email protected]",
                    "[email protected]"
                ],
                "full_admin": false,
                "google_cloud_organization_name": "organizations/123456789012",
                "guest": false,
                "id": "datasource:112655590859538682841",
                "idp_unique_id": "[email protected]",
                "is_active": true,
                "last_login_at": "2023-05-10T15:25:04Z",
                "location_areas": [],
                "mfa_enabled": false,
                "name": "[email protected]",
                "organization_names": [],
                "provider_id": "datasource",
                "suspended": false,
                "type": "GoogleWorkspaceUser"
            },
            "destination": {
                "created_at": "2021-11-01T14:23:35Z",
                "datasource_id": "datasource:google_cloud_iam",
                "google_cloud_organization_name": "organizations/123456789012",
                "id": "projects/743979515322",
                "name": "Dev GCP Project",
                "parent_id": "organizations/123456789012",
                "project_id": "striped-graph-330814",
                "provider_id": "datasource",
                "type": "GoogleCloudProject",
                "updated_at": "2022-04-07T22:08:48Z"
            },
            "accumulated_effective_permissions": [],
            "accumulated_raw_permissions": [
                "cloudkms.cryptoKeyVersions.create",
                "cloudkms.cryptoKeyVersions.destroy",
                "cloudkms.cryptoKeyVersions.get",
                "cloudkms.cryptoKeyVersions.list",
                "cloudkms.cryptoKeyVersions.restore",
                "cloudkms.cryptoKeyVersions.update",
                "cloudkms.cryptoKeyVersions.useToDecryptViaDelegation",
                "cloudkms.cryptoKeyVersions.useToEncryptViaDelegation",
                "cloudkms.cryptoKeys.create",
                "cloudkms.cryptoKeys.get",
                "cloudkms.cryptoKeys.getIamPolicy",
                "cloudkms.cryptoKeys.list",
                "cloudkms.cryptoKeys.setIamPolicy",
                "cloudkms.cryptoKeys.update",
                "cloudkms.keyRings.create",
                "cloudkms.keyRings.createTagBinding",
                "cloudkms.keyRings.deleteTagBinding",
                "cloudkms.keyRings.get",
                "cloudkms.keyRings.getIamPolicy",
                "cloudkms.keyRings.list",
                "cloudkms.keyRings.listTagBindings",
                "cloudkms.keyRings.setIamPolicy",
                "cloudkms.locations.get",
                "cloudkms.locations.list",
                "resourcemanager.projects.get"
            ],
            "updated_at": null,
            "updated_by": null,
            "signed_off_at": null,
            "signed_off_by": null,
            "notification_response_infos": [],
            "notification_status": "UNKNOWN",
            "waypoint": {
                "id": "organizations/123456789012_policy_role_binding11",
                "name": "cloudkms.admin",
                "type": "GoogleCloudIamRoleBinding"
            },
            "action_log_entries": [],
            "decision": "NONE",
            "notes": "",
            "reviewers": [
                {
                    "user_type": "localCookieUser",
                    "id": "e3ac5e6a-1946-4688-82a7-8a607133a1c8",
                    "email": "[email protected]",
                    "name": "External User"
                }
            ],
            "signed_off_state": "NOT_SIGNED_OFF",
            "reviewer_assignment": null
        }
    ],
    "next_page_token": "EAI=",
    "has_more": true,
    "has_previous": false
}

{ "nodes": [ { "properties": { "id": "arn:aws:iam::973979857296:role/FederatedS3", "name": "FederatedS3", "type": "AwsIamRole" }, "out_edges": [ { "destination_node_id": "arn:aws:iam::973979857296:role/FederatedS3::eperm::877042069677/S3Bucket/2ce2cbf45bcc5d748c800358d9932a251d670509" } ] }, { "properties": { "id": "0bba9374-d4f5-4c77-93d2-7dfde581fa8a", "name": "Abel_Maclead", "type": "AzureADUser" }, "out_edges": [ { "destination_node_id": "arn:aws:iam::973979857296:role/FederatedS3" } ] }, { "properties": { "id": "arn:aws:iam::973979857296:role/FederatedS3::eperm::877042069677/S3Bucket/2ce2cbf45bcc5d748c800358d9932a251d670509", "name": "Read", "type": "AwsIamEffectivePermission" }, "out_edges": [ { "destination_node_id": "arn:aws:s3:::cct-cct02-finance" } ] }, { "properties": { "id": "arn:aws:s3:::cct-cct02-finance", "name": "cct-cct02-finance", "type": "S3Bucket" }, "out_edges": [] } ], "accumulated_effective_permissions": [ "Read" ], "accumulated_raw_permissions": [ "s3:GetObject" ], "datasource_infos": [ { "datasource_id": "160e97cf-4b8a-4841-800b-49f8d6fa17ef", "external_id": "160e97cf-4b8a-4841-800b-49f8d6fa17ef", "name": "", "last_sync_time": "2022-09-12T22:15:34.874682421Z", "agent_type": "", "has_error": false, "is_deleted": false, "reason": "", "last_error_message": "", "has_warning": false }, { "datasource_id": "", "external_id": "", "name": "", "last_sync_time": "2022-09-12T22:09:47.245436023Z", "agent_type": "", "has_error": false, "is_deleted": false, "reason": "", "last_error_message": "", "has_warning": false } ] }

Workflow Parameters Reference

Workflows, certifications, and result details

This page describes common properties for listing workflows, certifications, and certification results:

Workflow Properties

When listing access workflows, all Veza Workflows are returned within a values array. Each has the properties:

Name

Type

Description

Certification Properties

returns all Certifications for a workflow, within a values array.

Note that to maintain certification integrity, some properties are immutable and can't be modified, while other values system-updated. Mutable fields such as "name," "notes," "reviewers" and "due date" can be changed by operators and admins using the Veza UI:

Name

Type

Description

See for more details on query construction.

Internal fields are updated by the workflow service to store important metadata:

Name

Type

Description

States can be:

CERT_STATE_SEARCHING // The query is still running
CERT_STATE_IN_PROGRESS // the certification is being reviewed
CERT_STATE_COMPLETED

Result Properties

include a numeric ID, the query details, and any decisions and notes. Each result includes entity details for the source -> destination nodes and the cumulative permissions under review:

Name

Type

Description

Valid decisions are:

RESULT_DECISION_NONE // No decision has been made
RESULT_DECISION_ACCEPTED // The access described in the result row is acceptable
RESULT_DECISION_REJECTED

Both the number or string value for the decision are allowed, for example "decision": 4 or "decision": RESULT_DECISION_FIXED.

The notes field will always contain the most recent note. Previous notes can be reviewed in the using the List Cert Results API.

ResultNode

Shows source, destination, or intermediate entity details for a query result:

Name

type

Description

WorkflowUser

Reviewer details, typically a Veza user account. If are configured, the user type and id refer to Veza graph entities:

Name

Type

Description

You can get details for a local Veza user from Administration > User Management. For graph entities (identities from an external identity provider), inspect the entity details using Access Search or the Entities page. will return all users for a given certification.

When assigning reviewers using preview Workflows APIs, requested users are validated before assigning them to a certification result, and not assigned when the user can’t be found. Assignee id and user_type are required to identify reviewers. name and email are optional but if provided must match the Veza user record.

ActionLog

Results contain a record of all prior actions on a certification result.

Name

Type

Description

Possible actions are:

NOTE_ADDED
REVIEWER_ASSIGNED
DECISION

The response will include the type, id, email, and name of the user who made the change:

ReviewerAssignmentInstructions

The reviewer_assignment specifies how reviewers should be assigned to rows, during initial certification create or when reviewers are re-assigned by smart action.

users_manager and resource_managers assigns reviewers based on Global IdP settings.

reviewers is a way to specify one or more reviewers to apply to every row. fallback_reviewers is one or more reviewers that to assign to rows if auto assign by user or resource manager fails for any reason

Automations API

Get, create, update, delete, and attach Intelligent Automations.

Use these operations to manage Access Review Automations and associate them with individual workflows.

Automations apply changes (such as approve, sign-off, add a note, or apply visual indicators) to Certification rows based on historical certification data, or a filter on the current results. They can run by default or on an opt-in basis when a certification is created.

Example Automations

{
  "id": "e48dd2c8-3633-463b-a477-0177a942b5a6",
  "name": "Highlight inactive sources",
  "description": "Highlight rows where the source account is inactive",
  "priority": 0,
  "attachment_behavior": {
    "attach_to_new_workflows": true,
    "opt_in": true
  },
  "criteria": {
    "filter": "source.is_active eq false",
    "mutable_filter": ""
  },
  "action": {
    "display_style": "HIGHLIGHT",
    "display_text": "Source account is inactive",
    "highlight_color": "#FF6B35"
  }
}

{
  "id": "f59ee3d9-4744-574c-b588-1288b0942c7c",
  "name": "Reject privileged account access",
  "description": "Suggest reject for admin or root accounts",
  "priority": 0,
  "attachment_behavior": {
    "attach_to_new_workflows": true,
    "opt_in": true
  },
  "criteria": {
    "filter": "(destination.name eq \"admin\") OR (source.name eq \"root\")",
    "mutable_filter": ""
  },
  "action": {
    "display_style": "SUGGEST_REJECT",
    "display_text": "Privileged account detected - review carefully"
  }
}

For more information about this feature see Intelligent Automations.

You will need an API token with root team or administrator permissions to manage Automations.

Key Concepts

When working with the Automations API, it is important to understand the relationship between three identifiers:

ID Type

Description

Scope

At an API level,

An Automation is a reusable rule that can be attached to one or more Workflows
A Workflow (review configuration) defines how reviews are created and can have multiple Certifications over time
A Certification is a single instance of a review where Automations run against the results

Error handling and conflicts

The following rules apply when an Automation run encounters an issue:

If Automation processing fails for any result, the Automation run stops and no further Automations are applied.
When Automations fail, the Certification is still considered complete and non-errored. The Automation run will have an error status and message.

Results are considered the same when the entities and relationships are exactly equal (including data source IDs). If a conflict occurs with Automations trying to change the same mutable field:

Each change must update the field to the same value. The action log entry will contain notes (if supplied) for each action.
Automations changing a field to differing values are unresolvable conflicts and skipped, but will not interrupt the Automation run.

Automation Object Schema

An Automation consists of attachment_behavior rules, filter criteria, and an action to apply:

Each Automation object has the fields:

id (String): Unique identifier for the Automation.
name (String): Name of the Automation.
description

`attachment_behavior` (Object)

Defines if the Automation is available for all workflows, and whether it is optional:

attach_to_new_workflows (Boolean): Indicates whether to automatically attach to new and existing workflows.
opt_in (Boolean): If true Operators can pick the automation when creating a Workflow. If false the automation is enabled by default.

`criteria` (Object)

Specifies filters for conditionally updating results:

filter (String): A SCIM filter specifying a source or destination attribute with support for complex expressions using AND, OR, and parentheses for grouping. Examples:
- Simple filter: source.is_active eq false
- Complex filter: (source.name sw "A" OR source.name sw "B") AND destination.is_active eq true

Similarly to Smart Actions, Automations can update results based on a source or destination attribute (such as activity status). Filters use the syntax source.attribute or destination.attribute.

Filtering by Joined Node Attributes

When an Access Review configuration includes , you can filter on enriched entity attributes in Automations. Reference joined nodes by their alias directly (e.g., idp.attribute), not using joined_nodes.idp.attribute.

For complete guidance on finding aliases, filter syntax, and examples, see .

Filtering by Mutable Fields

Mutable filters in Automations use the syntax previous.decision, previous.notes and previous.signed_off_state to refer to historical row data. The possible values are:

decision:
- "RESULT_DECISION_UNKNOWN"
- "RESULT_DECISION_NONE"

`action` (Object)

Action the Automation will apply to matching results:

decision (String): Decision code for the action.
signed_off_state (String): Sign off state code.
notes (String): Notes the automation will apply.

Note: When using display_style actions, you cannot set decision, signed_off_state, notes, or reviewer_assignment fields.

Possible decisions and numeric codes are:

UNKNOWN (0)
NONE (1)

Signed Off State can be:

UNKNOWN_SIGNED_OFF = 0;
NOT_SIGNED_OFF = 1;
SIGNED_OFF = 2;

`reviewer_assignment` (Object)

The preview API does not currently support Reviewer assignment.

Preview API Documentation

Use the endpoints documented below to create and manage automations:

List Automations

Endpoint: /api/preview/awf/automations
Method: GET
Description: Returns all Automations and configuration details.

Returns all in a values array.

Update Automation

Endpoint: /api/preview/awf/automations
Method: PUT
Description: Updates an existing Automation. The full Automation object is required.

Create Automation

Endpoint: /api/preview/awf/automations
Method: POST
Description: Creates a new Automation.

Get Automation

Endpoint: /api/preview/awf/automations/{id}
Method: GET
Description: Get details for a single Automation by ID.

Delete Automation

Endpoint: /api/preview/awf/automations/{id}
Method: DELETE
Description: Deletes a specific Automation by its ID.

Attach Automations

Endpoint: /api/preview/awf/automations:attach
Method: POST
Description: Enable an Automation for a specific workflow, or all workflows.

Attach one or all Automations to a single workflow by specifying the:

id (String): Single Automation ID.
workflow_id (String): ID of the workflow to associate Automations with.
all (boolean): If True

List attached Workflow Automations

Endpoint: /api/preview/awf/automations:attached/{workflow_id}
Method: GET
Description: Returns all Automations eligible to run on Certifications for a given Workflow id.

Detach Automations

Endpoint: /api/preview/awf/automations:detach
Method: POST
Description: Detach one or all Automations from an Access Review Workflow.

Access Reviews APIs

Core Workflow Operations

Quick start

Force Update Result

Update Webhook Info

Manage Reviewer Deny List

Get Deny List

Quick Filters

Smart Action Definitions

Review Completion Settings

Parameters

Review Auto-Complete Settings

Parameters

Self Review Prevention

Parameters

Review UI Customizations

Parameters

Example

Get Review UI Customizations

Set Review UI Customizations

Expire Overdue Reviews

Parameters

Review Expiration Behavior

Data Source Acknowledgement

Parameters

Get Data Source Acknowledgement Setting

Set Data Source Acknowledgement Setting

Predefined Decision Notes

Parameters

Reviewer Export Settings

Parameters

Example

Get Reviewer Export Settings

Set Reviewer Export Settings

Reviewer Reassignment Setting

Column Name Overrides

Parameters

Get Column Name Overrides

Get Global Overrides

Get Workflow-Scoped Overrides

Example Response

Set Column Name Overrides

Example: Set Global Overrides

Example: Set Workflow-Scoped Overrides

Response

Clear Column Name Overrides

Clear All Global Overrides

Clear Specific Overrides

Response

Access Reviews APIs

Core Workflow Operations

Quick start

Column Name Overrides

Parameters

Get Column Name Overrides

Get Global Overrides

Get Workflow-Scoped Overrides

Example Response

Set Column Name Overrides

Example: Set Global Overrides

Example: Set Workflow-Scoped Overrides

Response

Clear Column Name Overrides

Clear All Global Overrides

Clear Specific Overrides

Response

Expire Overdue Reviews

Parameters

Get Expire Overdue Reviews Setting

Set Expire Overdue Reviews Setting

Review UI Customizations

Parameters

Example

Get Review UI Customizations

Set Review UI Customizations

Data Source Acknowledgement

Parameters

Get Data Source Acknowledgement Setting

Set Data Source Acknowledgement Setting

Predefined Decision Notes