Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
curl -X GET "$BASE_URL/api/v1/providers/types" \
-H "authorization: Bearer $VEZA_TOKEN"{
"provider_types": [
{
"type": "AWS",
"schema_integration_type": "aws",
"enabled": true,
"provider_ids": ["883dd869-8762-4187-8767-1c387de14b4b"]
},
{
"type": "GOOGLE_CLOUD",
"schema_integration_type": "google",
"enabled": false,
"provider_ids": []
}
],
"unregistered_custom_provider_types": []
}curl -X PUT \
"https://{tenant}.vezacloud.com/api/v1/providers/{id}:enable" \
-H "accept: application/json" \
-H "Authorization: Bearer {your_api_key}"curl -X PUT \
"https://{tenant}.vezacloud.com/api/v1/providers/{id}:disable" \
-H "accept: application/json" \
-H "Authorization: Bearer {your_api_key}"Veza API key for authentication. Generate keys in Administration > API Keys.
OK
The type of the serialized message.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers/549a4b5e-0328-4c87-a19d-ee8a2926d1aa" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "Workday Integration",
"provider_type": "WORKDAY",
"external_id": "https://wd5-impl-services1.workday.com/veza_preview",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"IDENTITY_SOURCE",
"ACCESS_TARGET"
]
}
}{
"value": {
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "SCIM Demo Server",
"provider_type": "SCIM",
"external_id": "https://scim.example.com",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"ACCESS_TARGET"
],
"available_actions": [
{
"action_type": "MANAGE_RELATIONSHIPS",
"description": "Add or remove user memberships in groups",
"supported_entity_types": ["User", "Group"],
"supported_relationship_types": ["MemberOf"]
}
],
"syncable_attributes": [
{
"entity_type": "User",
"attributes": [
{
"name": "userName",
"type": "string",
"required": true,
"description": "Primary identifier for the user"
},
{
"name": "displayName",
"type": "string",
"required": false,
"description": "Display name for the user"
},
{
"name": "emails",
"type": "array",
"required": false,
"description": "Email addresses associated with the user"
}
]
},
{
"entity_type": "Group",
"attributes": [
{
"name": "displayName",
"type": "string",
"required": true,
"description": "Display name for the group"
}
]
}
],
"grantable_entitlements": [
{
"entity_type": "Group",
"entitlement_type": "MemberOf",
"description": "Grant membership in the specified group"
}
]
}
}Lists all data sources that have enabled lifecycle management and their supported capabilities
Returns all provider types configured in the tenant, grouped by Veza-managed and user-defined custom types.
| Field | Description |
|---|---|
provider_types | Veza-managed provider types. Includes integrations such as AWS, AZURE, GOOGLE_CLOUD, OKTA, ACTIVE_DIRECTORY, GITHUB, SNOWFLAKE, SALESFORCE, KUBERNETES, and others. |
unregistered_custom_provider_types | OAA provider types present in the tenant that do not have a registered Veza configuration definition. Always have enabled: true. |
| Field | Description |
|---|---|
type | Provider type identifier (e.g., AWS, OKTA). |
schema_integration_type | The graph schema identifier for this provider type, used as the integration_type value in assessment query filters. Not always a direct transformation of type (e.g., GOOGLE_CLOUD → google, ONE_LOGIN → onelogin, MYSQL → my_sql). |
enabled | true if the tenant has at least one configured provider instance of this type. |
provider_ids | Deprecated. Use provider_details instead. |
provider_details | List of individual provider instances of this type. |
| Field | Description |
|---|---|
id | Provider ID. |
external_id | The provider's identifier in its source system, derived at creation time. Format varies by type: a flat ID for cloud and identity providers (e.g., AWS account ID, Azure tenant ID, Okta domain), or a structured composite for databases and infrastructure (e.g., oracle_db:host:1521/dbname, kubernetes:GKE::cluster:my-cluster). |
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PUT /api/v1/providers/{id}:enable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}PUT /api/v1/providers/{id}:disable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/datasources/lifecycle_managers/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"enabled": true,
"datasource": {},
"definition": {
"source_of_identity_definition": {
"entity_type": "text"
},
"actions": [
{
"type": 1,
"idempotent": true,
"input_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"output_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"definition": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
}
]
}
}
}Veza API key for authentication. Generate keys in Administration > API Keys.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers?page_size=10" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "Workday Integration",
"provider_type": "WORKDAY",
"external_id": "https://wd5-impl-services1.workday.com/veza_preview",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"IDENTITY_SOURCE",
"ACCESS_TARGET"
]
},
{
"id": "2b1c8d4e-5f2a-4b3c-9e7f-1d2e3f4a5b6c",
"name": "Active Directory",
"provider_type": "ACTIVE_DIRECTORY",
"external_id": "corp.example.com",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"ACCESS_TARGET"
]
}
],
"has_more": false,
"next_page_token": ""
}{
"values": [
{
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "SCIM Demo Server",
"provider_type": "SCIM",
"external_id": "https://scim.example.com",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"ACCESS_TARGET"
],
"available_actions": [
{
"action_type": "MANAGE_RELATIONSHIPS",
"description": "Add or remove user memberships in groups",
"supported_entity_types": ["User", "Group"],
"supported_relationship_types": ["MemberOf"]
}
],
"syncable_attributes": [
{
"entity_type": "User",
"attributes": [
{
"name": "userName",
"type": "string",
"required": true,
"description": "Primary identifier for the user"
},
{
"name": "displayName",
"type": "string",
"required": false,
"description": "Display name for the user"
},
{
"name": "emails",
"type": "array",
"required": false,
"description": "Email addresses associated with the user"
}
]
},
{
"entity_type": "Group",
"attributes": [
{
"name": "displayName",
"type": "string",
"required": true,
"description": "Display name for the group"
}
]
}
],
"grantable_entitlements": [
{
"entity_type": "Group",
"entitlement_type": "MemberOf",
"description": "Grant membership in the specified group"
}
]
}
],
"has_more": false,
"next_page_token": ""
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Provider type identifier (e.g., "AWS", "OKTA").
The corresponding integration_type for this provider type that appears in schema and can be used for assessment queries.
Whether this provider type is enabled.
DEPRECATED: use provider_details instead.
Provider ID.
External ID of the provider.
Provider type identifier (e.g., "AWS", "OKTA").
The corresponding integration_type for this provider type that appears in schema and can be used for assessment queries.
Whether this provider type is enabled.
DEPRECATED: use provider_details instead.
Provider ID.
External ID of the provider.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
GET /api/v1/providers/types HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"provider_types": [
{
"type": "text",
"schema_integration_type": "text",
"enabled": true,
"provider_details": [
{
"id": "text",
"external_id": "text"
}
]
}
],
"unregistered_custom_provider_types": [
{
"type": "text",
"schema_integration_type": "text",
"enabled": true,
"provider_details": [
{
"id": "text",
"external_id": "text"
}
]
}
]
}OK
The type of the serialized message.
The pagination token to retrieve the next page of results.
If true, more results are available.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
GET /api/v1/providers/datasources/lifecycle_managers HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
curl -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws"{
"values": [
{
"id": "12345678-1234-5678-9012-123456789012",
"name": "Production AWS Account",
"account_id": "123456789012",
"services": [],
"state": "ENABLED"
},
{
"id": "87654321-4321-8765-2109-876543210987",
"name": "Development AWS Account",
"account_id": "987654321098",
"services": ["S3", "RDS_POSTGRES", "LAMBDA"],
"state": "ENABLED"
}
]
}# Replace with your actual provider ID and desired services
curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"services":["S3","RDS_POSTGRES","LAMBDA","EC2","AWS_IAM"]}' \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_HERE"curl -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_HERE"# Example for multiple providers - replace with your actual IDs and services
DESIRED_SERVICES='["S3","RDS_POSTGRES","DYNAMODB","LAMBDA","EC2","AWS_IAM"]'
# Provider 1
curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"services\":$DESIRED_SERVICES}" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_1"
# Provider 2
curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"services\":$DESIRED_SERVICES}" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_2"#!/bin/bash
# Configuration - CUSTOMIZE THESE VALUES
VEZA_URL="https://yourcompany.cookiecloud.ai"
DESIRED_SERVICES='["S3","RDS_POSTGRES","DYNAMODB","LAMBDA","EC2","AWS_IAM"]'
echo "Starting bulk AWS provider services update..."
echo "Target services: $DESIRED_SERVICES"
echo ""
# Get all AWS provider IDs
provider_ids=$(curl -s -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws" | \
jq -r '.values[].id')
if [ -z "$provider_ids" ]; then
echo "Error: No AWS providers found or API call failed"
exit 1
fi
# Count providers
provider_count=$(echo "$provider_ids" | wc -l)
echo "Found $provider_count AWS providers to update"
echo ""
# Add confirmation prompt
read -p "Continue with bulk update? (y/N): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Update cancelled"
exit 0
fi
# Update each provider
echo "$provider_ids" | while read provider_id; do
if [ -n "$provider_id" ]; then
echo "Updating provider: $provider_id"
response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"services\":$DESIRED_SERVICES}" \
"$VEZA_URL/api/v1/providers/aws/$provider_id")
http_status=$(echo "$response" | grep "HTTP_STATUS" | cut -d: -f2)
if [ "$http_status" = "200" ]; then
echo "âś“ Successfully updated provider $provider_id"
else
echo "âś— Failed to update provider $provider_id (HTTP $http_status)"
echo "Response: $(echo "$response" | grep -v "HTTP_STATUS")"
fi
echo ""
fi
done
echo "Bulk update completed"# Check all providers
curl -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws" | \
jq '.values[] | {id: .id, name: .name, services: .services}'
# Check specific provider
curl -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID" | \
jq '{id: .id, name: .name, services: .services}'curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"services":[]}' \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID"# Example: Enable different set of services
NEW_SERVICES='["S3","LAMBDA","DYNAMODB","EC2"]'
curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"services\":$NEW_SERVICES}" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID"{
"values": [
{
"id": "text",
"enabled": true,
"datasource": {},
"definition": {
"source_of_identity_definition": {
"entity_type": "text"
},
"actions": [
{
"type": 1,
"idempotent": true,
"input_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"output_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"definition": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
}
]
}
}
],
"next_page_token": "text",
"has_more": true
}{
"services": [
"S3", "RDS_POSTGRES", "RDS_MYSQL", "RDS_ORACLE", "RDS",
"DYNAMODB", "REDSHIFT", "REDSHIFT_CLUSTER", "EC2", "LAMBDA",
"EKS", "ECR", "EMR", "AWS_IAM", "KMS", "SECRETS_MANAGER",
"COGNITO", "SSO", "ORGANIZATIONS", "NEPTUNE", "SYSTEMS_MANAGER",
"CERTIFICATE_MANAGER", "BEDROCK", "DOCUMENTDB"
]
}{
"services": [
"S3", "RDS_POSTGRES", "LAMBDA", "EC2", "AWS_IAM"
]
}GET /api/v1/providers/datasources/{id}/parse_statuscurl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27/parse_status" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"datasource_id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"status": "SUCCESS",
"last_parsed_at": "2022-01-13T20:53:29Z",
"parse_duration_seconds": 45,
"entities_processed": 1250,
"errors_count": 0,
"warnings_count": 2
}
}{
"value": {
"id": "019c4441-62c3-78f6-9dad-2b29b9b7ffee",
"name": "AWS NHIs by property",
"active": true,
"provider_ids": ["5443ea52-9dba-435e-8c6a-9035cc513bfa"],
"entity_type": "AwsIamUser",
"property_name": "enriched_owners",
"property_value": "{\"property_names_in_template\":[\"id\"],\"owners\":[{\"entity_id\":\"{{id}}\",\"entity_type\":\"OktaUser\"}]}",
"node_ids": [],
"query_id": "0198d3ff-b2f7-7b05-b3d3-14b3cfc35858",
"priority": 6
}
}GET /api/v1/providers/datasources/{id}curl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 (527398259632)",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"datasource_config": null,
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2021-10-26T07:10:38Z",
"synced_at": "2022-01-13T20:53:23Z",
"parsed_at": "2022-01-13T20:53:29Z"
}
}{
"queries": [
{
"id": "019d5767-2edf-7401-9c65-1d9c28f6b343",
"name": "AWS IAM users who can delete S3 buckets"
}
]
}PUT /api/v1/providers/datasources/{id}:disablecurl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27:disable" \
-H "authorization: Bearer $VEZA_TOKEN"{}Retrieve all custom (OAA) providers configured in the tenant. Custom providers represent integrations built using the Open Authorization API (OAA), including both Veza-managed connectors and customer-built integrations. Use the filter parameter to narrow results by name, state, or custom_template (e.g., filter=name eq "My App"). Set page_size to control results per page (default varies), and use page_token from the response to retrieve subsequent pages.
curl -X GET "$BASE_URL/api/v1/providers/custom" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"name": "my_custom_app",
"custom_template": "application",
"integration_type": "my_custom_app",
"data_sources": [],
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
]
}PUT /api/v1/providers/datasources/{id}:enablecurl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27:enable" \
-H "authorization: Bearer $VEZA_TOKEN"{}curl -X PUT "$BASE_URL/api/v1/enrichment/rules/{id}:toggle" \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"active": false}'GET /api/v1/providers/datasources/{id}/sync_statuscurl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27/sync_status" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"datasource_id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"status": "SUCCESS",
"last_synced_at": "2022-01-13T20:53:23Z",
"sync_duration_seconds": 120,
"records_extracted": 5000,
"errors_count": 0,
"next_scheduled_sync": "2022-01-14T08:00:00Z"
}
}Retrieve the internal configuration definitions for all available OAA provider types. Returns metadata about each provider type including configuration property definitions (names, types, and whether fields are optional or secret), provider icon and MIME type, custom templates available, provider categories (application, IdP, HRIS, etc.), lifecycle management support, and documentation URL. Use this to discover available provider types and their configuration schema before creating a new custom provider instance.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
List of OAA provider configuration definitions.
Canonical name identifying this provider type (e.g., "slack", "jira").
When set, this property is only shown/required when the named field equals the given value.
When true, the value of this property is cleared if its condition is not met.
When true, the value of the property cannot be changed once set
Base64-encoded icon image for UI display.
MIME type of the icon image (e.g., "image/png", "image/svg+xml").
OAA template types supported by this provider.
Categories this provider belongs to (application, IdP, HRIS, file system, etc.).
URL to the provider's documentation page on docs.veza.com.
Whether this provider supports lifecycle management (provisioning/deprovisioning) operations.
Timestamp when this provider configuration was registered.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Configure priority scheduling and extraction times for data sources
Assign, add, or remove owners across multiple entities in a single request
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
ID of the enrichment rule.
Name of the enrichment rule.
Description of the enrichment rule.
Whether the rule will be executed.
Provider IDs for which the rule will be executed.
Entity type on which the rule will be executed.
Property name whose value will be changed by enrichment.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Limitation: does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment types.
The query that is executed to obtain a list of entity IDs of the specified entity type.
The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.
If set, this separate query will be executed to find another entity that is related to the enriched entity, and the properties of the other entity can be referenced in the value for enriched_owners.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
GET /api/v1/enrichment/rules/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"active": true,
"provider_ids": [
"text"
],
"entity_type": "text",
"property_name": "text",
"property_value": null,
"node_ids": [
"text"
],
"query_id": "text",
"priority": 1,
"other_node_query_id": "text"
}
}{
"values": [
{
"provider_name": "text",
"properties": [
{
"name": "text",
"description": "text",
"type": 1,
"optional": true,
"secret": true,
"internal": true,
"oauth2_redirect_required": true,
"vault_sourced": true,
"enum_values": [
{
"value": "text",
"label": "text"
}
],
"lifecycle_management_only": true,
"condition_field": "text",
"condition_value": "text",
"clear_when_condition_not_met": true,
"write_once": true
}
],
"icon": "text",
"icon_mime_type": "text",
"custom_templates": [
"text"
],
"provider_categories": [
1
],
"documentation_url": "text",
"lifecycle_management_supported": true,
"created_at": "2026-04-23T05:20:41.722Z"
}
]
}GET /api/v1/providers/custom/configurations HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
# Configure Workday to extract weekdays at 6 AM Eastern
curl -X POST "$BASE_URL/api/private/providers/datasources/{workday_datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100,
"timezone": "America/New_York",
"scheduled_extraction_times": ["06:00:00"],
"scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
}'curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100,
"timezone": "America/Los_Angeles",
"scheduled_extraction_times": ["00:00:00", "12:00:00"],
"scheduled_days_of_week": ["SATURDAY", "SUNDAY"]
}'POST /api/private/providers/datasources/{datasource_id}/scheduling_configcurl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100,
"timezone": "America/New_York",
"scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
"scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
}'curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100
}'curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100,
"timezone": "America/Los_Angeles",
"scheduled_extraction_times": ["09:00:00", "21:00:00"],
"scheduled_days_of_week": ["SATURDAY", "SUNDAY"]
}'{
"value": {
"datasource_id": "019a0f2b-53cd-7c5d-904f-bf2588b876d5",
"priority": "100",
"datasource_name": "AWS S3 (527398259632)",
"datasource_type": "EXTRACTOR",
"timezone": "America/New_York",
"scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
"created_at": "2025-10-28T02:34:27.794138246Z",
"updated_at": "2025-10-31T19:42:43.705828675Z",
"scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
}
}{
"code": "INVALID_ARGUMENT",
"message": "invalid time format '09:15:00': only 00 and 30 minutes of the hour are supported",
"details": []
}{
"code": "INVALID_ARGUMENT",
"message": "Cannot create scheduling configuration. Limit of 100 configurations is reached.",
"details": []
}GET /api/private/providers/datasources/{datasource_id}/scheduling_configcurl -X GET "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"datasource_id": "0199827a-402d-7554-af7b-cb3489b68402",
"priority": "100",
"datasource_name": "AWS IAM Volatile (527398259632)",
"datasource_type": "EXTRACTOR",
"timezone": "America/New_York",
"scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
"created_at": "2025-10-10T12:52:11.659562336Z",
"updated_at": "2025-10-10T12:52:11.659562336Z",
"scheduled_days_of_week": ["MONDAY", "WEDNESDAY", "FRIDAY"]
}
}{
"code": "NOT_FOUND",
"message": "datasource_scheduling_config not found",
"details": []
}GET /api/private/providers/datasources/scheduling_configscurl -X GET "$BASE_URL/api/private/providers/datasources/scheduling_configs" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/private/providers/datasources/scheduling_configs?datasource_type=EXTRACTOR" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"datasource_id": "0199827a-3d32-7342-9ccd-2f928ccc6855",
"priority": "100",
"datasource_name": "AWS Cognito (527398259632)",
"datasource_type": "EXTRACTOR",
"timezone": "America/New_York",
"scheduled_extraction_times": ["00:00:00", "01:30:00", "03:00:00"],
"created_at": "1970-01-01T00:00:01.758832260Z",
"updated_at": "1970-01-01T00:00:01.758832260Z",
"scheduled_days_of_week": ["MONDAY", "WEDNESDAY", "FRIDAY"]
},
{
"datasource_id": "0199827a-402d-7554-af7b-cb3489b68402",
"priority": "100",
"datasource_name": "AWS IAM Volatile (527398259632)",
"datasource_type": "EXTRACTOR",
"timezone": "America/New_York",
"scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
"created_at": "2025-10-10T12:52:11.659562336Z",
"updated_at": "2025-10-10T12:52:11.659562336Z",
"scheduled_days_of_week": []
}
]
}DELETE /api/private/providers/datasources/{datasource_id}/scheduling_configcurl -X DELETE "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN"{}Veza API key for authentication. Generate keys in Administration > API Keys.
No longer used. The provider compatibility is validated only when creating or updating enrichment rules.
Queries returned should have source_type compatible with the entity_type specified here.
OK
ID of the assessment query.
Name of the assessment query.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
POST /api/v1/enrichment/rules/queries HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 22
{
"entity_type": "text"
}Veza API key for authentication. Generate keys in Administration > API Keys.
No longer used. Deletion is always forced.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
DELETE /api/v1/enrichment/rules/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
Veza API key for authentication. Generate keys in Administration > API Keys.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
OK
Paginated list of custom (OAA) providers.
Unique identifier for the provider instance.
External identifier for the provider, typically set by the integration that created it.
Display name of the provider.
The OAA template type used to create this provider (e.g., "application", "idp").
List of OAA template types associated with this provider instance (e.g., "application", "idp", "hris").
Current provider state.
Application type classifications for this provider.
Deprecated. Resource type classifications. Use application_types, idp_types, hris_types, or file_system_types instead.
Identity provider type classifications (if this provider represents an IdP).
File system type classifications (if this provider represents a file system).
HRIS system type classifications (if this provider represents an HR system).
Principal (identity) type classifications for this provider.
Whether provisioning (write-back) operations are enabled for this provider.
JSON string containing the provider's connection configuration parameters.
Identifier of the data plane that runs this provider's extraction. Empty for cloud-hosted extraction.
Current lifecycle management state for this provider (enum). Indicates whether provisioning and deprovisioning workflows are active.
Identifier of the team that owns this provider instance.
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
For external OAA, how to manage lifecycle management requests
Token to retrieve the next page of results. Empty when no more pages exist.
If true, additional pages of results are available.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
GET /api/v1/providers/custom HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
Veza API key for authentication. Generate keys in Administration > API Keys.
ID of the enrichment rule to be enabled or disabled.
The new active state. If true, the rule will be executed.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PUT /api/v1/enrichment/rules/{id}:toggle HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 27
{
"id": "text",
"active": true
}SHOW AwsIamUser
WHERE entity_id = "your-entity-id"curl -X POST "https://your-tenant.veza.com/api/v1/batch_set_owners" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"batches": [
{
"entity_type": "AwsIamUser",
"entity_ids": ["aws-iam-user-abc123"],
"assigned_owners": {
"owners": [
{
"entity_id": "okta-user-xyz789",
"entity_type": "OktaUser"
}
]
}
}
]
}'{
"batches": [
{
"entity_type": "AwsS3Bucket",
"entity_ids": ["bucket-1", "bucket-2", "bucket-3"],
"assigned_owners": {
"owners": [{"entity_id": "okta-user-xyz", "entity_type": "OktaUser"}]
}
}
]
}{
"batches": [
{
"entity_type": "VirtualMachine",
"entity_ids": ["vm-abc"],
"added_owners": [
{"external_id": "[email protected]", "entity_type": "OktaUser"}
]
}
]
}{
"batches": [
{
"entity_type": "AwsIamRole",
"entity_ids": ["role-xyz"],
"removed_owners_incremental": [
{"entity_id": "okta-user-former", "entity_type": "OktaUser"}
]
}
]
}{
"batches": [
{
"entity_type": "AwsIamUser",
"entity_ids": ["iam-user-1", "iam-user-2"],
"assigned_owners": {
"owners": [{"entity_id": "okta-user-xyz", "entity_type": "OktaUser"}]
}
},
{
"entity_type": "GithubRepo",
"entity_ids": ["repo-abc"],
"added_owners": [
{"external_id": "[email protected]", "entity_type": "OktaUser"}
]
}
]
}{
"code": "InvalidArgument",
"message": "Invalid Arguments",
"details": [{"field_violations": [{"field": "types", "description": "Must supply at least one valid type"}]}]
}{
"code": "InvalidArgument",
"details": [{"field_violations": [{"field": "entity_type", "description": "issue with entity {external_id}: owner not of an allowed type"}]}]
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "AWS EC2 Production Environment"
}'{
"value": {
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 Production Environment",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"datasource_config": null,
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2024-01-15T10:30:45Z",
"synced_at": "2022-01-13T20:53:23Z",
"parsed_at": "2022-01-13T20:53:29Z"
}
}curl "$BASE_URL/api/v1/enrichment/rules?page_size=3" \
-H "Authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "019c4441-62c3-78f6-9dad-2b29b9b7ffee",
"name": "AWS NHIs by property",
"active": true,
"provider_ids": ["5443ea52-9dba-435e-8c6a-9035cc513bfa"],
"entity_type": "AwsIamUser",
"property_name": "enriched_owners",
"property_value": "{\"property_names_in_template\":[\"id\"],\"owners\":[{\"entity_id\":\"{{id}}\",\"entity_type\":\"OktaUser\"}]}",
"node_ids": [],
"query_id": "0198d3ff-b2f7-7b05-b3d3-14b3cfc35858",
"priority": 6
}
],
"next_page_token": "<token>",
"has_more": true
}Returns all enrichment rules configured in the tenant. Enrichment rules automatically classify and tag entities in the Veza Authorization Graph based on saved query conditions. Use include_inactive_rules=true to include disabled rules in the response. Supports filter and order_by parameters for result filtering.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Paginated list of enrichment rules. Use page_token from the response to fetch subsequent pages when the total count exceeds page_size.
ID of the enrichment rule.
Name of the enrichment rule.
Description of the enrichment rule.
Whether the rule will be executed.
Provider IDs for which the rule will be executed.
Entity type on which the rule will be executed.
Property name whose value will be changed by enrichment.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Limitation: does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment types.
The query that is executed to obtain a list of entity IDs of the specified entity type.
The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.
If set, this separate query will be executed to find another entity that is related to the enriched entity, and the properties of the other entity can be referenced in the value for enriched_owners.
The pagination token to retrieve the next page of results.
If true, more results are available.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Operations for managing data sources including listing, updating, enabling, disabling, and status monitoring
{
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 (527398259632)",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"datasource_config": null,
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2021-10-26T07:10:38Z",
"sync_start": "2022-01-13T20:53:20Z",
"sync_end": "2022-01-13T20:53:23Z",
"sync_start_success": "2022-01-13T20:53:20Z",
"sync_end_success": "2022-01-13T20:53:23Z",
"parse_start": "2022-01-13T20:53:24Z",
"parse_end": "2022-01-13T20:53:29Z",
"parse_start_success": "2022-01-13T20:53:24Z",
"parse_end_success": "2022-01-13T20:53:29Z"
}Returns paginated active IdP users that can be assigned as entity owners
{
"queries": [
{
"id": "text",
"name": "text"
}
]
}{}{
"values": [
{
"id": "text",
"external_id": "text",
"name": "text",
"custom_template": "text",
"custom_templates": [
"text"
],
"state": 1,
"application_types": [
"text"
],
"idp_types": [
"text"
],
"file_system_types": [
"text"
],
"hris_types": [
"text"
],
"principal_types": [
"text"
],
"secret_store_types": [
"text"
],
"schema_definition_json": "text",
"provisioning": true,
"push_type": 1,
"rbac_id": "text",
"internal_app_name": "text",
"configuration_json": "text",
"data_plane_id": "text",
"lifecycle_management_state": 1,
"team_id": "text",
"csv_mapping_configuration": {
"template_type": "text",
"column_mappings": [
{
"column_name": "text",
"destination_type": "text",
"destination_property": "text",
"custom_property": {
"name": "text",
"type": 1,
"lcm_unique_identifier": true
},
"as_list": true,
"template": "text",
"property_type": 1,
"is_required": true
}
],
"application": {
"application_name": "text",
"application_type": "text",
"identity": [
"text"
],
"resource_type": "text",
"okta_app_id": "text"
},
"advanced": {
"list_delimiter": "text"
},
"idp": {
"idp_type": "text",
"domain": "text"
},
"hris": {
"hris_name": "text",
"hris_type": "text",
"hris_url": "text",
"hris_identity_mapping": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"hris_provisioning_source": true
},
"cmdb": {
"cmdb_instance_name": "text",
"cmdb_instance_type": "text",
"csc_global_config": {
"owner_id_column_name": "text",
"asset_id_column_name": "text",
"asset_type_column_name": "text",
"owner_node_type": "text",
"owner_id_property": "text",
"asset_connections": [
{
"asset_type_value": "text",
"asset_node_type": "text",
"asset_property_name": "text"
}
]
}
}
},
"secret_references": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"external_lifecycle_management_type": 1,
"cmdb_types": [
"text"
]
}
],
"next_page_token": "text",
"has_more": true
}{}GET /api/v1/providers/datasources/{id}/parse_status HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"job_status": {
"id": "text",
"status": "text"
}
}GET /api/v1/providers/datasources/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {}
}PUT /api/v1/providers/datasources/{id}:disable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}PUT /api/v1/providers/datasources/{id}:enable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/datasources/{id}/sync_status HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"job_status": {
"id": "text",
"status": "text"
}
}{
"values": [
{
"id": "text",
"name": "text",
"description": "text",
"active": true,
"provider_ids": [
"text"
],
"entity_type": "text",
"property_name": "text",
"property_value": null,
"node_ids": [
"text"
],
"query_id": "text",
"priority": 1,
"other_node_query_id": "text"
}
],
"next_page_token": "text",
"has_more": true
}GET /api/v1/enrichment/rules HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
Veza API key for authentication. Generate keys in Administration > API Keys.
When specified, only data sources matching the filter will be returned. Valid attributes: datasource_type Valid operators: EQ E.g. 'datasource_type eq "extractor"'
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
curl -X GET "$BASE_URL/api/v1/providers/datasources" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/v1/providers/datasources?filter=status+eq+\"SUCCESS\"" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/v1/providers/datasources?page_size=10&order_by=name" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 (527398259632)",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2021-10-26T07:10:38Z",
"synced_at": "2022-01-13T20:53:23Z",
"parsed_at": "2022-01-13T20:53:29Z"
}
],
"next_page_token": "ec67g",
"has_more": false
}PUT /api/v1/providers/datasources/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 27
{
"id": "text",
"name": "text"
}# Find datasources that support SYNC_IDENTITIES operations (action_type=1)
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?action_type=1" \
-H "authorization: Bearer $VEZA_TOKEN"# Find datasources that can manage User entities
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?entity_type=User" \
-H "authorization: Bearer $VEZA_TOKEN"# Find datasources that support SYNC_IDENTITIES operations on Users with MemberOf relationships
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?action_type=1&entity_type=User&relationship_type=MemberOf" \
-H "authorization: Bearer $VEZA_TOKEN"GET /api/v1/providers/datasources/lifecycle_managers:by_action_type{
"values": [
{
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "Workday Integration",
"provider_type": "WORKDAY",
"external_id": "https://wd5-impl-services1.workday.com/veza_preview",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"IDENTITY_SOURCE",
"ACCESS_TARGET"
]
}
],
"has_more": false,
"next_page_token": ""
}curl -X POST "https://your-tenant.veza.com/api/v1/list_available_owners" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"search_value": "alice",
"page_size": 25
}'{
"owners": [
{
"entity_id": "abc123",
"entity_type": "OktaUser",
"entity_name": "Alice Smith",
"external_id": "[email protected]"
}
],
"next_page_token": "eyJwYWdlIjoxfQ==",
"has_more": true
}# First page
curl -X POST ".../api/v1/list_available_owners" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"page_size": 100}'
# Subsequent pages — use next_page_token from prior response
curl -X POST ".../api/v1/list_available_owners" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"page_size": 100, "page_token": "eyJwYWdlIjoxfQ=="}'Operations for listing, adding, and modifying cloud provider configurations
{
"value": {}
}{
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789010",
"name": "AWS-Production",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"account_id": "123456789010",
"credentials_type": "ASSUME_CUSTOMER_ROLE",
"access_key_id": "AKIA6FRNZGGIOEBZ6BEA",
"assume_role_name": "VezaDiscoveryRole",
"assume_role_external_id": "veza-external-id",
"regions": [
"us-east-1",
"us-west-2",
"eu-west-1"
],
"db_user": "veza_user",
"services": [
"IAM",
"S3",
"RDS",
"REDSHIFT"
],
"s3_bucket_allow_list": ["prod-data-*"],
"s3_bucket_deny_list": ["temp-*", "test-*"],
"rds_database_allow_list": ["production"],
"rds_database_deny_list": ["temp"]
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "contoso.onmicrosoft.com",
"name": "Azure-Production",
"type": "AZURE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"tenant_id": "12345678-1234-1234-1234-123456789012",
"client_id": "87654321-4321-4321-4321-210987654321",
"services": [
"AZUREAD",
"SHAREPOINT",
"SQLSERVER"
],
"gather_guest_users": true,
"gather_disabled_users": false,
"gather_personal_sites": true,
"domains": ["contoso.com"],
"sql_server_database_allow_list": ["production"],
"sql_server_database_deny_list": ["temp"]
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "gcp-project-id",
"name": "GCP-Production",
"type": "GOOGLE_CLOUD",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"customer_id": "C01234567",
"workspace_email": "[email protected]",
"project_allow_list": ["prod-project-1", "prod-project-2"],
"project_deny_list": ["test-*"],
"domain_allow_list": ["company.com"],
"domain_deny_list": [],
"services": [
"IAM",
"STORAGE",
"COMPUTE",
"WORKSPACE",
"BIGQUERY"
],
"dataset_allow_list": ["analytics", "reporting"],
"dataset_deny_list": ["temp_*"]
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "xy12345.us-east-1",
"name": "Snowflake-Production",
"type": "SNOWFLAKE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"account_locator": "xy12345",
"region": "us-east-1",
"cloud": "aws",
"user": "veza_user",
"role": "VEZA_ROLE",
"warehouse": "COMPUTE_WH",
"database_allow_list": ["PROD_DB", "ANALYTICS_DB"],
"database_deny_list": ["TEMP_DB", "TEST_DB"]
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
External OAuth specific fields
Organization account filtering
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
External OAuth specific fields
Organization account filtering
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"id": "90112ed7-47e7-48e6-9f05-c02d19d7f137",
"vendor_id": "sqlserver.company.com",
"name": "SQL-Production",
"type": "SQL_SERVER",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"host": "sqlserver.company.com",
"port": 1433,
"username": "veza_user",
"database_allow_list": ["ProductionDB", "AnalyticsDB"],
"database_deny_list": ["TempDB", "TestDB"],
"schema_allow_list": ["dbo", "analytics"],
"schema_deny_list": ["temp"]
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "trino.company.com",
"name": "Trino-Production",
"type": "TRINO",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"host": "trino.company.com",
"port": 8080,
"username": "veza_user",
"aws_s3_object_config": {
"access_key": "AKIA...",
"region": "us-east-1",
"bucket": "trino-config",
"object": "access-control.properties",
"credentials_type": "STATIC",
"assume_role_name": "",
"account_id": ""
},
"ssl_certificate": "-----BEGIN CERTIFICATE-----\n..."
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"error": {
"code": "INVALID_CREDENTIALS",
"message": "The provided credentials are invalid or expired",
"details": "AWS STS AssumeRole failed with error: Access denied"
}
}curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "content-type: application/json" \
-d '{
"name": "Mark service accounts as NHI",
"provider_ids": ["<provider-id>"],
"entity_type": "OktaUser",
"query_id": "<saved-query-id>",
"enriched_property": "IDENTITY_TYPE",
"property_value": "NONHUMAN"
}'curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Assign owner from entity property",
"provider_ids": ["<provider-id>"],
"entity_type": "AwsIamUser",
"query_id": "<saved-query-id>",
"enriched_property": "ENRICHED_OWNERS",
"enriched_owners_value": {
"property_names_in_template": ["id"],
"owners": [
{
"entity_id": "{{id}}",
"entity_type": "OktaUser"
}
]
}
}'curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Tag production AWS roles",
"provider_ids": ["<provider-id>"],
"entity_type": "AwsIamRole",
"query_id": "<saved-query-id>",
"enriched_property": "VEZA_TAGS",
"tag_updates_value": {
"add_tags": [
{"key": "environment", "value": "production"}
],
"remove_tags": []
}
}'Creates a new enrichment rule that automatically applies attributes to entities matching a saved query. Supported rule types are: identify non-human identities (set identity_type to HUMAN or NONHUMAN), assign entity owners (static or dynamic ownership from entity properties), detect privileged accounts (set is_privileged to true), classify critical resources (set criticality_level to LOW, MEDIUM, HIGH, or CRITICAL), and assign Veza tags (add or remove tags on matched entities). The query_id must reference an existing saved assessment query.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
The generated ID of the newly created enrichment rule.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
GET /api/v1/providers/datasources HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
The type of the serialized message.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Request body for creating an enrichment rule. Required fields: name, provider_ids, entity_type. Set enriched_property to define the rule type (IDENTITY_TYPE, IS_PRIVILEGED, CRITICALITY_LEVEL, ENRICHED_OWNERS, or VEZA_TAGS). Use property_value for scalar values (e.g., "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL). Use enriched_owners_value for owner assignment rules, or tag_updates_value for tag rules. Use query_id to target entities matching a saved assessment query, or node_ids for static targeting.
Name of the enrichment rule. Must be unique across all rules.
Description of the enrichment rule.
Whether the rule will be executed.
Provider IDs for which the rule will be executed.
Entity type on which the rule will be executed. Must be a valid entity type that is supported by all specified providers.
Property name whose value will be changed by enrichment. Not recommended. Only valid if enriched_property = USE_PROPERTY_NAME; otherwise, the property name will be set according to enriched_property.
The scalar value to set for the enriched property. Examples: "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL. Not used when enriched_property is ENRICHED_OWNERS (use enriched_owners_value) or VEZA_TAGS (use tag_updates_value).
Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment.
The query that is executed to obtain a list of entity IDs of the specified entity type. It must exist before creating the enrichment rule and its source_type must match entity_type.
The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.
Can only be used with query_id. If set, this separate query will be executed to find another entity that is related to the enriched entity, and the properties of the other entity can be referenced in the value for ENRICHED_OWNERS.
The enrichment rule type (enum). Values: 0 = USE_PROPERTY_NAME (custom property_name required), 1 = IDENTITY_TYPE (set identity_type to HUMAN or NONHUMAN via property_value), 2 = IS_PRIVILEGED (set is_privileged, use property_value "true"), 3 = CRITICALITY_LEVEL (set criticality_level via property_value: LOW, MEDIUM, HIGH, or CRITICAL), 4 = ENRICHED_OWNERS (assign ownership, use enriched_owners_value instead of property_value), 5 = VEZA_TAGS (add or remove tags, use tag_updates_value instead of property_value).
{
"datasource_list": [
{
"external_datasource_id": "text",
"external_provider_id": "text",
"datasource_type": "text",
"extraction_start": "2026-04-23T05:20:41.722Z",
"extraction_end": "2026-04-23T05:20:41.722Z",
"datasource_name": "text",
"is_deleted": true,
"datasource_id": "text",
"has_warning": true
}
],
"snapshot_not_found": true,
"pagination_context": "text",
"has_more": true
}{
"values": [
{
"id": "text",
"enabled": true,
"datasource": {},
"definition": {
"source_of_identity_definition": {
"entity_type": "text"
},
"actions": [
{
"type": 1,
"idempotent": true,
"input_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"output_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"definition": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
}
]
}
}
]
}GET /api/v1/providers/datasources/lifecycle_managers:by_action_type HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"id": "text"
}POST /api/v1/enrichment/rules HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 390
{
"name": "text",
"description": "text",
"active": true,
"provider_ids": [
"text"
],
"entity_type": "text",
"property_name": "text",
"property_value": null,
"node_ids": [
"text"
],
"query_id": "text",
"priority": 1,
"other_node_query_id": "text",
"enriched_property": 1,
"enriched_owners_value": {
"property_names_in_template": [
"text"
],
"owners": [
{
"team": "text"
}
]
},
"tag_updates_value": {
"add_tags": [
{}
],
"remove_tags": [
{}
]
}
}GET /api/v1/providers/aws HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"rbac_id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true,
"gather_all_iam_policies": true,
"documentdb_user": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
]
}OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
POST /api/v1/providers/aws HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1589
{
"name": "text",
"account_id": "text",
"regions": [
"text"
],
"data_plane_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"secret_key": "text",
"assume_role_name": "text",
"assume_role_external_id": "text",
"db_user": "text",
"rds_postgres_user": "text",
"rds_mysql_user": "text",
"rds_oracle_user": "text",
"rds_oracle_password": "text",
"redshift_user": "text",
"services": [
1
],
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"rds_db_level_only": true,
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"provisioning_scim_token": "text",
"gather_all_iam_policies": true,
"documentdb_user": "text",
"documentdb_password": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}GET /api/v1/providers/aws/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"rbac_id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true,
"gather_all_iam_policies": true,
"documentdb_user": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PATCH /api/v1/providers/aws/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1587
{
"id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"secret_key": "text",
"assume_role_name": "text",
"assume_role_external_id": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"rds_oracle_password": "text",
"services": [
1
],
"data_plane_id": "text",
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_rds_oracle_system_schemas": true,
"gather_postgresql_system_schemas": true,
"rds_db_level_only": true,
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"provisioning_scim_token": "text",
"gather_all_iam_policies": true,
"documentdb_user": "text",
"documentdb_password": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}DELETE /api/v1/providers/aws/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/aws:trustpolicy HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"trust_policy_json": "text"
}GET /api/v1/providers/aws/{id}:checkpolicy HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"requires_update": true,
"aws_account_id": "text",
"current_policy": "text",
"required_policy": "text",
"required_actions": [
"text"
],
"overprivileged_actions": [
"text"
]
}GET /api/v1/providers/azure HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"rbac_id": "text",
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"lifecycle_management_state": 1,
"secret_references": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
]
}
]
}Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
POST /api/v1/providers/azure HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 2060
{
"name": "text",
"tenant_id": "text",
"client_id": "text",
"client_secret": "text",
"data_plane_id": "text",
"auth_certificate": "text",
"auth_certificate_password": "text",
"services": [
1
],
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"gather_postgresql_system_schemas": true,
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"secret_references": [
{
"secret_id": "text",
"vault_id": "text"
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
]
}GET /api/v1/providers/azure/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"rbac_id": "text",
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"lifecycle_management_state": 1,
"secret_references": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
]
}
}Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PATCH /api/v1/providers/azure/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 2058
{
"id": "text",
"tenant_id": "text",
"client_id": "text",
"client_secret": "text",
"auth_certificate": "text",
"auth_certificate_password": "text",
"services": [
1
],
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"gather_postgresql_system_schemas": true,
"skip_mailbox_folders": true,
"data_plane_id": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"secret_references": [
{
"secret_id": "text",
"vault_id": "text"
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
]
}DELETE /api/v1/providers/azure/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/google_cloud HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
]
}OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
POST /api/v1/providers/google_cloud HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1039
{
"name": "text",
"credentials_json": "text",
"data_plane_id": "text",
"workspace_email": "text",
"customer_id": "text",
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"services": [
1
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"oauth_config": "text",
"oauth_token": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}GET /api/v1/providers/google_cloud/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PATCH /api/v1/providers/google_cloud/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1037
{
"id": "text",
"credentials_json": "text",
"workspace_email": "text",
"customer_id": "text",
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"services": [
1
],
"data_plane_id": "text",
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"oauth_config": "text",
"oauth_token": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}DELETE /api/v1/providers/google_cloud/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/snowflake HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"organization_account": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}
]
}External OAuth specific fields
Organization account filtering
OK
External OAuth specific fields
Organization account filtering
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
POST /api/v1/providers/snowflake HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1108
{
"name": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"password": "text",
"role": "text",
"warehouse": "text",
"data_plane_id": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"alternative_database_name": "text",
"authentication_method": 1,
"private_key": "text",
"private_key_password": "text",
"extract_tags": true,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"export_private_key": "text",
"export_private_key_password": "text",
"export_password": "text",
"provisioning": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"organization_account": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}GET /api/v1/providers/snowflake/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"organization_account": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}
}External OAuth specific fields
Organization account filtering
OK
External OAuth specific fields
Organization account filtering
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PATCH /api/v1/providers/snowflake/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1106
{
"id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"password": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"alternative_database_name": "text",
"authentication_method": 1,
"private_key": "text",
"private_key_password": "text",
"extract_tags": true,
"data_plane_id": "text",
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"export_private_key": "text",
"export_private_key_password": "text",
"export_password": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_projection_policies": true,
"organization_account": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"provisioning": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_network_policies": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}DELETE /api/v1/providers/snowflake/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/sqlserver HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true
}
]
}OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
POST /api/v1/providers/sqlserver HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 294
{
"name": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"data_plane_id": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true
}GET /api/v1/providers/sqlserver/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true
}OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PATCH /api/v1/providers/sqlserver/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 292
{
"id": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true,
"data_plane_id": "text"
}DELETE /api/v1/providers/sqlserver/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/trino HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
]
}OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
POST /api/v1/providers/trino HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 506
{
"name": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"data_plane_id": "text",
"aws_s3_object_config": {
"access_key": "text",
"secret_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"assume_role_external_id": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}GET /api/v1/providers/trino/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PATCH /api/v1/providers/trino/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 504
{
"id": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"aws_s3_object_config": {
"access_key": "text",
"secret_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"assume_role_external_id": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"data_plane_id": "text"
}DELETE /api/v1/providers/trino/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"rbac_id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true,
"gather_all_iam_policies": true,
"documentdb_user": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"rbac_id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true,
"gather_all_iam_policies": true,
"documentdb_user": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"rbac_id": "text",
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"lifecycle_management_state": 1,
"secret_references": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
]
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"rbac_id": "text",
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"lifecycle_management_state": 1,
"secret_references": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
]
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"organization_account": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-04-23T05:20:41.722Z",
"synced_at": "2026-04-23T05:20:41.722Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"organization_account": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}
}{
"id": "text"
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}Unified API for managing all provider configurations
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET \
"https://{tenant}.vezacloud.com/api/v1/providers?page_size=10&filter=state+eq+'ENABLED'" \
-H "Authorization: Bearer {your_api_key}" \
-H "Accept: application/json"{
"values": [
{
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789012",
"name": "AWS-Production",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"external_id": "501779813173",
"team_id": "team-uuid-here",
"team_name": "Platform Team",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-08-26T14:22:00Z",
"created_by": "user-uuid",
"updated_by": "user-uuid",
"owners": ["user-uuid-1", "group-uuid-1"],
"labels": ["production", "critical"],
"vendor": {},
"lifecycle_management_state": "NOT_CONFIGURED",
"provisioning": false
},
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "contoso.onmicrosoft.com",
"name": "Azure-Production",
"type": "AZURE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"external_id": "veza-ext-def456",
"team_id": "team-uuid-here",
"team_name": "Platform Team",
"created_at": "2024-02-01T09:15:00Z",
"updated_at": "2024-08-26T13:45:00Z",
"owners": [],
"labels": ["production"],
"vendor": {},
"lifecycle_management_state": "NOT_CONFIGURED",
"provisioning": false
}
],
"next_page_token": "eyJvZmZzZXQiOjEwfQ=="
}curl -X PUT \
"https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
-H "Authorization: Bearer {your_api_key}" \
-H "Content-Type: application/json" \
-d '{
"value": {
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"name": "AWS-Production-Updated",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"owners": ["user-uuid-1", "group-uuid-1"],
"labels": ["production", "critical", "pci"]
}
}'{
"value": {
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789012",
"name": "AWS-Production-Updated",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "PENDING",
"external_id": "501779813173",
"team_id": "team-uuid-here",
"team_name": "Platform Team",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-08-26T15:30:00Z",
"created_by": "user-uuid",
"updated_by": "user-uuid",
"owners": ["user-uuid-1", "group-uuid-1"],
"labels": ["production", "critical", "pci"],
"vendor": {},
"lifecycle_management_state": "NOT_CONFIGURED",
"provisioning": false
}
}curl -X PATCH \
"https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
-H "Authorization: Bearer {your_api_key}" \
-H "Content-Type: application/json" \
-d '{
"value": {
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"name": "AWS-Production-Renamed",
"labels": ["production", "updated"]
},
"update_mask": "name,labels"
}'{
"value": {
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789012",
"name": "AWS-Production-Renamed",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "PENDING",
"external_id": "501779813173",
"team_id": "team-uuid-here",
"team_name": "Platform Team",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-08-26T15:45:00Z",
"owners": ["user-uuid-1", "group-uuid-1"],
"labels": ["production", "updated"],
"vendor": {},
"lifecycle_management_state": "NOT_CONFIGURED",
"provisioning": false
}
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X DELETE \
"https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
-H "Authorization: Bearer {your_api_key}"{}GET /api/v1/providers HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"external_id": "text",
"type": "text"
}
],
"next_page_token": "text"
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PUT /api/v1/providers/{value.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 48
{
"id": "text",
"external_id": "text",
"type": "text"
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PATCH /api/v1/providers/{value.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 48
{
"id": "text",
"external_id": "text",
"type": "text"
}DELETE /api/v1/providers/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}{
"value": {
"id": "text",
"external_id": "text",
"type": "text"
}
}{
"value": {
"id": "text",
"external_id": "text",
"type": "text"
}
}API endpoints for configuring Okta and OneLogin
providers/activedirectoryproviders/oktaproviders/onelogin{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}curl --location --request GET '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN'{
"values": [
{
"id": "interation-GUID",
"vendor_id": "domain.controller.FQDN",
"name": "ad_cct01",
"type": "ACTIVE_DIRECTORY",
"state": "ENABLED",
"data_plane_id": "insight-point-GUID",
"status": "SUCCESS",
"host": "domain.controller.FQDN",
"port": 636,
"username": "read.only",
"domains": [
"corp.cookie.ai"
],
"ad_fqdn": "cct01-ad-01.corp.cookie.ai",
"identity_mapping_configuration": null
}
]
}curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}'curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}'curl --location --request DELETE '/api/v1/providers/activedirectory/{{provider_id}}' \
--header 'Authorization: Bearer TOKEN'curl --location --request PATCH '/api/v1/providers/azure/{{provider_id}}' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"port": 636
}'{
"id": "string",
"domain": "string",
"region": "string",
"token": "string",
"gather_all_applications": true,
"domain_allow_list": [
"string"
],
"domain_deny_list": [
"string"
],
"app_allow_list": [
"string"
],
"app_deny_list": [
"string"
]
}{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
]
}{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
]
}{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
}{}{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
}{
"name": "string",
"domain": "string",
"region": "string",
"client_id": "string",
"client_secret": "string",
"data_plane_id": "string"
}{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
]
}{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
}{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
}{}{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
]
}