Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
API operations for enabling and disabling provider connections
curl -X PUT \
"https://{tenant}.vezacloud.com/api/v1/providers/{id}:enable" \
-H "accept: application/json" \
-H "Authorization: Bearer {your_api_key}"curl -X PUT \
"https://{tenant}.vezacloud.com/api/v1/providers/{id}:disable" \
-H "accept: application/json" \
-H "Authorization: Bearer {your_api_key}"curl -X POST "$BASE_URL/api/v1/providers/datasources:list" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"ids": [
"6961b032-3fd7-4baa-a230-146d1b70ec27",
"cd0cf102-e86c-4599-9cbe-64d2c6b83236"
]
}'curl -X POST "$BASE_URL/api/v1/providers/datasources:list" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"external_ids": ["aws-prod-ec2", "aws-prod-iam"]
}'curl -X POST "$BASE_URL/api/v1/providers/datasources:list" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"ids": ["6961b032-3fd7-4baa-a230-146d1b70ec27"],
"filter": "status eq \"SUCCESS\"",
"order_by": "name",
"page_size": 10
}'{
"values": [
{
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 (527398259632)",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2021-10-26T07:10:38Z",
"synced_at": "2022-01-13T20:53:23Z",
"parsed_at": "2022-01-13T20:53:29Z"
}
],
"next_page_token": "",
"has_more": false
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
(not GET) so the ids/external_ids lists travel in the request body instead
of the query string, enabling batch fetch by id without a URL-length limit.
Veza API key for authentication. Generate keys in Administration > API Keys.
DataSourcesListRequest is the POST/body counterpart of ListDataSourcesRequest.
It exists because the SCIM filter string only supports single-value EQ and
has no IN operator, so there is no way to fetch a known set of data sources by
id (or external id) in one call via ListDataSources. The ids/external_ids
typed lists map to a native SQL IN, while filter/order_by/pagination keep
the same semantics as ListDataSources. All conditions are combined with AND.
Fetch the data sources with these ids. Maps to id IN (...).
Unknown ids are silently omitted from the response (not an error).
Fetch the data sources with these external ids. Maps to external_id IN (...).
Unknown external ids are silently omitted from the response (not an error).
SCIM filter, same syntax/attributes as ListDataSourcesRequest.filter.
Sort order, same syntax as ListDataSourcesRequest.order_by.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
OK
The pagination token to retrieve the next page of results.
If true, more results are available.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"values": [
{}
],
"next_page_token": "text",
"has_more": true
}POST /api/v1/providers/datasources:list HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 108
{
"ids": [
"text"
],
"external_ids": [
"text"
],
"filter": "text",
"order_by": "text",
"page_size": 1,
"page_token": "text"
}PUT /api/v1/providers/{id}:enable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
PUT /api/v1/providers/{id}:disable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}{}Programmatic configuration of providers and data sources
Retrieve the internal configuration definitions for all available OAA provider types. Returns metadata about each provider type including configuration property definitions (names, types, and whether fields are optional or secret), provider icon and MIME type, custom templates available, provider categories (application, IdP, HRIS, etc.), lifecycle management support, and documentation URL. Use this to discover available provider types and their configuration schema before creating a new custom provider instance.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
List of OAA provider configuration definitions.
Canonical name identifying this provider type (e.g., "slack", "jira").
When set, this property is only shown/required when the named field equals the given value.
When true, the value of this property is cleared if its condition is not met.
When true, the value of the property cannot be changed once set
Optional human-friendly display label for the field. When empty, the UI falls back to a
title-cased version of name (so existing connectors are unaffected).
Base64-encoded icon image for UI display.
MIME type of the icon image (e.g., "image/png", "image/svg+xml").
OAA template types supported by this provider.
Categories this provider belongs to (application, IdP, HRIS, file system, etc.).
URL to the provider's documentation page on docs.veza.com.
Whether this provider supports lifecycle management (provisioning/deprovisioning) operations.
Timestamp when this provider configuration was registered.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET "$BASE_URL/api/v1/providers/custom/configurations" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"id": "019c4441-62c3-78f6-9dad-2b29b9b7ffee",
"name": "AWS NHIs by property",
"active": true,
"provider_ids": ["5443ea52-9dba-435e-8c6a-9035cc513bfa"],
"entity_type": "AwsIamUser",
"property_name": "enriched_owners",
"property_value": "{\"property_names_in_template\":[\"id\"],\"owners\":[{\"entity_id\":\"{{id}}\",\"entity_type\":\"OktaUser\"}]}",
"node_ids": [],
"query_id": "0198d3ff-b2f7-7b05-b3d3-14b3cfc35858",
"priority": 6
}
}Update the name for a given data source ID
GET /api/v1/providers/custom/configurations HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
PUT /api/v1/providers/datasources/{id}Veza API key for authentication. Generate keys in Administration > API Keys.
curl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "AWS EC2 Production Environment"
}'{
"value": {
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 Production Environment",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"datasource_config": null,
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2024-01-15T10:30:45Z",
"synced_at": "2022-01-13T20:53:23Z",
"parsed_at": "2022-01-13T20:53:29Z"
}
}Returns all enrichment rules configured in the tenant. Enrichment rules automatically classify and tag entities in the Veza Authorization Graph based on saved query conditions. Use include_inactive_rules=true to include disabled rules in the response. Supports filter and order_by parameters for result filtering.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Paginated list of enrichment rules. Use page_token from the response to fetch subsequent pages when the total count exceeds page_size.
ID of the enrichment rule.
Name of the enrichment rule.
Description of the enrichment rule.
Whether the rule will be executed.
Provider IDs for which the rule will be executed.
Entity type on which the rule will be executed.
Property name whose value will be changed by enrichment.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Limitation: does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment types.
The query that is executed to obtain a list of entity IDs of the specified entity type.
The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.
If set, this separate query will be executed to find another entity that is related to the enriched entity, and the properties of the other entity can be referenced in the value for enriched_owners.
Name of the query belonging to 'query_id'.
Name of the query belonging to 'other_node_query_id'.
The resolved entity type of the other node. Typically the destination type on 'other_node_query_id'.
The pagination token to retrieve the next page of results.
If true, more results are available.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl "$BASE_URL/api/v1/enrichment/rules?page_size=3" \
-H "Authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "019c4441-62c3-78f6-9dad-2b29b9b7ffee",
"name": "AWS NHIs by property",
"active": true,
"provider_ids": ["5443ea52-9dba-435e-8c6a-9035cc513bfa"],
"entity_type": "AwsIamUser",
"property_name": "enriched_owners",
"property_value": "{\"property_names_in_template\":[\"id\"],\"owners\":[{\"entity_id\":\"{{id}}\",\"entity_type\":\"OktaUser\"}]}",
"node_ids": [],
"query_id": "0198d3ff-b2f7-7b05-b3d3-14b3cfc35858",
"priority": 6
}
],
"next_page_token": "<token>",
"has_more": true
}Returns the entities that would be affected by an enrichment rule, along with their current and projected property values. Accepts a full CreateEnrichmentRuleRequest plus optional preview_query and preview_other_node_query overrides for previewing query changes without saving. The response is paginated; use page_token to fetch subsequent pages. The preview reflects the current state of the Access Graph and does not trigger extraction or persist any changes.
Veza API key for authentication. Generate keys in Administration > API Keys.
Request body for previewing an enrichment rule. The request field carries the full CreateEnrichmentRuleRequest defining the rule. preview_query and preview_other_node_query are optional overrides for previewing query changes without saving the underlying saved queries. page_size and page_token control pagination of the preview result set.
Name of the enrichment rule. Must be unique across all rules.
Description of the enrichment rule.
Whether the rule will be executed.
Provider IDs for which the rule will be executed.
Entity type on which the rule will be executed. Must be a valid entity type that is supported by all specified providers.
Property name whose value will be changed by enrichment. Not recommended. Only valid if enriched_property = USE_PROPERTY_NAME; otherwise, the property name will be set according to enriched_property.
The scalar value to set for the enriched property. Examples: "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL. Not used when enriched_property is ENRICHED_OWNERS (use enriched_owners_value) or VEZA_TAGS (use tag_updates_value).
Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment.
The query that is executed to obtain a list of entity IDs of the specified entity type. It must exist before creating the enrichment rule and its source_type must match entity_type.
The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.
Optional. The ID of a saved assessment query used to resolve the owner from a related entity instead of the enriched entity itself. Two query types are accepted: a path query that traverses from the enriched entity to a related entity holding the owner ID (or that is the owner), or a query for CustomCMDBConfigurationItem whose owner_node_id and owner_external_id properties point to the resolved owner. Use Get valid other-node queries to discover compatible queries. Requires query_id to also be set.
The enrichment rule type (enum). Values: 0 = USE_PROPERTY_NAME (custom property_name required), 1 = IDENTITY_TYPE (set identity_type to HUMAN or NONHUMAN via property_value), 2 = IS_PRIVILEGED (set is_privileged, use property_value "true"), 3 = CRITICALITY_LEVEL (set criticality_level via property_value: LOW, MEDIUM, HIGH, or CRITICAL), 4 = ENRICHED_OWNERS (assign ownership, use enriched_owners_value instead of property_value), 5 = VEZA_TAGS (add or remove tags, use tag_updates_value instead of property_value).
The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.
Optional snapshot ID to query against a specific point-in-time data snapshot.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.
These fields control whether or not tags will be included in source and/or destination results
Allows FE to Alert BE if permissions are being displayed to the user
Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.
The threshold percentage below which an access path is considered an outlier.
Adds associated risks to node and path results.
Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.
This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The properties that should be unpivoted in the results producing multiple rows per node/path To be able to unpivot a property, it must be a list/array type property. If multiple properties are used result will be Cartesian product(all unpivot combinations for node). If property does not exist on a node, and it is a valid property, we will just add that node as is. Syntax to specify properties is the full path to the property using dot notation and using properties json names. Both values and pathValues can be unpivoted:
Valid values for unpivoting: properties.<property_name>, unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, raw_permissions, effective_permissions, access_stats.concrete_permissions, access_stats.canonical_permissions, filtered_raw_permissions, corresponding_effective_permissions, additional_node_properties.default_cohort_role_users_in_cohort, additional_node_properties.default_cohort_role_all_common_roles
Valid pathValues for unpivoting: unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>, abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions Examples for Unpivoting values:
Single field: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}} ]}
Single field with missing unpivot property: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"permissions": "abc"]}} ]} After unpivot -> Single node with id 1 (no email_addresses property to unpivot): result_values: {Values: [ {id:"1","properties"{"permissions":"abc"}}, ]}
Multiple fields - Cartesian Product: unpivot_properties: ["properties.email_addresses", "raw_permissions"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}, "raw_permissions":["perm1","perm2"]} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm2"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm2"}, ]}
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: Additional key-value properties that will be projected onto all results (nodes and paths) generated by this query spec. This is particularly useful for union queries where each spec can have its own properties to help correlate results back to their originating spec.
Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.
The threshold percentage below which an access path is considered an outlier.
Adds associated risks to node and path results.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.
Optional snapshot ID to query against a specific point-in-time data snapshot.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.
These fields control whether or not tags will be included in source and/or destination results
Allows FE to Alert BE if permissions are being displayed to the user
Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.
The threshold percentage below which an access path is considered an outlier.
Adds associated risks to node and path results.
Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.
This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The properties that should be unpivoted in the results producing multiple rows per node/path To be able to unpivot a property, it must be a list/array type property. If multiple properties are used result will be Cartesian product(all unpivot combinations for node). If property does not exist on a node, and it is a valid property, we will just add that node as is. Syntax to specify properties is the full path to the property using dot notation and using properties json names. Both values and pathValues can be unpivoted:
Valid values for unpivoting: properties.<property_name>, unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, raw_permissions, effective_permissions, access_stats.concrete_permissions, access_stats.canonical_permissions, filtered_raw_permissions, corresponding_effective_permissions, additional_node_properties.default_cohort_role_users_in_cohort, additional_node_properties.default_cohort_role_all_common_roles
Valid pathValues for unpivoting: unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>, abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions Examples for Unpivoting values:
Single field: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}} ]}
Single field with missing unpivot property: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"permissions": "abc"]}} ]} After unpivot -> Single node with id 1 (no email_addresses property to unpivot): result_values: {Values: [ {id:"1","properties"{"permissions":"abc"}}, ]}
Multiple fields - Cartesian Product: unpivot_properties: ["properties.email_addresses", "raw_permissions"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}, "raw_permissions":["perm1","perm2"]} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm2"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm2"}, ]}
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: Additional key-value properties that will be projected onto all results (nodes and paths) generated by this query spec. This is particularly useful for union queries where each spec can have its own properties to help correlate results back to their originating spec.
Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.
The threshold percentage below which an access path is considered an outlier.
Adds associated risks to node and path results.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
Page size of the preview.
Page token of the preview.
OK
Paginated list of entities that would be affected by the previewed enrichment rule, with their current and projected property values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group. abstract_permissions and concrete permission for source to destination pairs without path summary accumulate permissions from all paths from source to destination for source to destination pairs with path summary they accumulate permissions per each unique path summary abstract permissions are only accumulated in case of an EFFECTIVE_ACCESS NodeRelationshipType
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.
The token to retrieve the next page of results.
If true, more results are available.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"queries": [
{
"id": "019d5767-2edf-7401-9c65-1d9c28f6b343",
"name": "AWS IAM users who can delete S3 buckets"
}
]
}Returns saved assessment queries compatible with the given entity_type. Use this endpoint to discover valid query_id values before creating an enrichment rule. The entity_type must match across all provider_ids specified in the rule.
Veza API key for authentication. Generate keys in Administration > API Keys.
No longer used. The provider compatibility is validated only when creating or updating enrichment rules.
Queries returned should have source_type compatible with the entity_type specified here.
OK
ID of the assessment query.
Name of the assessment query.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET "$BASE_URL/api/v1/providers/types" \
-H "authorization: Bearer $VEZA_TOKEN"{
"provider_types": [
{
"type": "AWS",
"schema_integration_type": "aws",
"enabled": true,
"provider_ids": ["883dd869-8762-4187-8767-1c387de14b4b"]
},
{
"type": "GOOGLE_CLOUD",
"schema_integration_type": "google",
"enabled": false,
"provider_ids": []
}
],
"unregistered_custom_provider_types": []
}Returns all provider types configured in the tenant, grouped by Veza-managed and user-defined custom types.
| Field | Description |
|---|---|
provider_types | Veza-managed provider types. Includes integrations such as AWS, AZURE, GOOGLE_CLOUD, OKTA, ACTIVE_DIRECTORY, GITHUB, SNOWFLAKE, SALESFORCE, KUBERNETES, and others. |
unregistered_custom_provider_types | OAA provider types present in the tenant that do not have a registered Veza configuration definition. Always have enabled: true. |
| Field | Description |
|---|---|
type | Provider type identifier (e.g., AWS, OKTA). |
schema_integration_type | The graph schema identifier for this provider type, used as the integration_type value in assessment query filters. Not always a direct transformation of type (e.g., GOOGLE_CLOUD → google, ONE_LOGIN → onelogin, MYSQL → my_sql). |
enabled | true if the tenant has at least one configured provider instance of this type. |
provider_ids | Deprecated. Use provider_details instead. |
provider_details | List of individual provider instances of this type. |
| Field | Description |
|---|---|
id | Provider ID. |
external_id | The provider's identifier in its source system, derived at creation time. Format varies by type: a flat ID for cloud and identity providers (e.g., AWS account ID, Azure tenant ID, Okta domain), or a structured composite for databases and infrastructure (e.g., oracle_db:host:1521/dbname, kubernetes:GKE::cluster:my-cluster). |
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Provider type identifier (e.g., "AWS", "OKTA").
The corresponding integration_type for this provider type that appears in schema and can be used for assessment queries.
Whether this provider type is enabled.
DEPRECATED: use provider_details instead.
Provider ID.
External ID of the provider.
Provider type identifier (e.g., "AWS", "OKTA").
The corresponding integration_type for this provider type that appears in schema and can be used for assessment queries.
Whether this provider type is enabled.
DEPRECATED: use provider_details instead.
Provider ID.
External ID of the provider.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27:disable" \
-H "authorization: Bearer $VEZA_TOKEN"{}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27:enable" \
-H "authorization: Bearer $VEZA_TOKEN"{}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 (527398259632)",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"datasource_config": null,
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2021-10-26T07:10:38Z",
"synced_at": "2022-01-13T20:53:23Z",
"parsed_at": "2022-01-13T20:53:29Z"
}
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X PUT "$BASE_URL/api/v1/enrichment/rules/{id}:toggle" \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"active": false}'Enables or disables an existing enrichment rule by setting active to true or false. This is the only public API endpoint for changing a rule's enabled state. Disabled rules are not evaluated during metadata extraction.
Veza API key for authentication. Generate keys in Administration > API Keys.
ID of the enrichment rule to be enabled or disabled.
The new active state. If true, the rule will be executed.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27/sync_status" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"datasource_id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"status": "SUCCESS",
"last_synced_at": "2022-01-13T20:53:23Z",
"sync_duration_seconds": 120,
"records_extracted": 5000,
"errors_count": 0,
"next_scheduled_sync": "2022-01-14T08:00:00Z"
}
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27/parse_status" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"datasource_id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"status": "SUCCESS",
"last_parsed_at": "2022-01-13T20:53:29Z",
"parse_duration_seconds": 45,
"entities_processed": 1250,
"errors_count": 0,
"warnings_count": 2
}
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Returns the total count of entities that would be affected by an enrichment rule. Accepts the same request body as Preview enrichment rule. Use this to estimate the scope of a rule before creating it without paginating through full entity results.
Veza API key for authentication. Generate keys in Administration > API Keys.
Request body for previewing an enrichment rule. The request field carries the full CreateEnrichmentRuleRequest defining the rule. preview_query and preview_other_node_query are optional overrides for previewing query changes without saving the underlying saved queries. page_size and page_token control pagination of the preview result set.
Name of the enrichment rule. Must be unique across all rules.
Description of the enrichment rule.
Whether the rule will be executed.
Provider IDs for which the rule will be executed.
Entity type on which the rule will be executed. Must be a valid entity type that is supported by all specified providers.
Property name whose value will be changed by enrichment. Not recommended. Only valid if enriched_property = USE_PROPERTY_NAME; otherwise, the property name will be set according to enriched_property.
The scalar value to set for the enriched property. Examples: "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL. Not used when enriched_property is ENRICHED_OWNERS (use enriched_owners_value) or VEZA_TAGS (use tag_updates_value).
Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment.
The query that is executed to obtain a list of entity IDs of the specified entity type. It must exist before creating the enrichment rule and its source_type must match entity_type.
The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.
Optional. The ID of a saved assessment query used to resolve the owner from a related entity instead of the enriched entity itself. Two query types are accepted: a path query that traverses from the enriched entity to a related entity holding the owner ID (or that is the owner), or a query for CustomCMDBConfigurationItem whose owner_node_id and owner_external_id properties point to the resolved owner. Use Get valid other-node queries to discover compatible queries. Requires query_id to also be set.
The enrichment rule type (enum). Values: 0 = USE_PROPERTY_NAME (custom property_name required), 1 = IDENTITY_TYPE (set identity_type to HUMAN or NONHUMAN via property_value), 2 = IS_PRIVILEGED (set is_privileged, use property_value "true"), 3 = CRITICALITY_LEVEL (set criticality_level via property_value: LOW, MEDIUM, HIGH, or CRITICAL), 4 = ENRICHED_OWNERS (assign ownership, use enriched_owners_value instead of property_value), 5 = VEZA_TAGS (add or remove tags, use tag_updates_value instead of property_value).
The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.
Optional snapshot ID to query against a specific point-in-time data snapshot.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.
These fields control whether or not tags will be included in source and/or destination results
Allows FE to Alert BE if permissions are being displayed to the user
Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.
The threshold percentage below which an access path is considered an outlier.
Adds associated risks to node and path results.
Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.
This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The properties that should be unpivoted in the results producing multiple rows per node/path To be able to unpivot a property, it must be a list/array type property. If multiple properties are used result will be Cartesian product(all unpivot combinations for node). If property does not exist on a node, and it is a valid property, we will just add that node as is. Syntax to specify properties is the full path to the property using dot notation and using properties json names. Both values and pathValues can be unpivoted:
Valid values for unpivoting: properties.<property_name>, unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, raw_permissions, effective_permissions, access_stats.concrete_permissions, access_stats.canonical_permissions, filtered_raw_permissions, corresponding_effective_permissions, additional_node_properties.default_cohort_role_users_in_cohort, additional_node_properties.default_cohort_role_all_common_roles
Valid pathValues for unpivoting: unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>, abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions Examples for Unpivoting values:
Single field: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}} ]}
Single field with missing unpivot property: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"permissions": "abc"]}} ]} After unpivot -> Single node with id 1 (no email_addresses property to unpivot): result_values: {Values: [ {id:"1","properties"{"permissions":"abc"}}, ]}
Multiple fields - Cartesian Product: unpivot_properties: ["properties.email_addresses", "raw_permissions"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}, "raw_permissions":["perm1","perm2"]} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm2"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm2"}, ]}
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: Additional key-value properties that will be projected onto all results (nodes and paths) generated by this query spec. This is particularly useful for union queries where each spec can have its own properties to help correlate results back to their originating spec.
Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.
The threshold percentage below which an access path is considered an outlier.
Adds associated risks to node and path results.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.
Optional snapshot ID to query against a specific point-in-time data snapshot.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.
These fields control whether or not tags will be included in source and/or destination results
Allows FE to Alert BE if permissions are being displayed to the user
Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.
The threshold percentage below which an access path is considered an outlier.
Adds associated risks to node and path results.
Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.
This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The properties that should be unpivoted in the results producing multiple rows per node/path To be able to unpivot a property, it must be a list/array type property. If multiple properties are used result will be Cartesian product(all unpivot combinations for node). If property does not exist on a node, and it is a valid property, we will just add that node as is. Syntax to specify properties is the full path to the property using dot notation and using properties json names. Both values and pathValues can be unpivoted:
Valid values for unpivoting: properties.<property_name>, unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, raw_permissions, effective_permissions, access_stats.concrete_permissions, access_stats.canonical_permissions, filtered_raw_permissions, corresponding_effective_permissions, additional_node_properties.default_cohort_role_users_in_cohort, additional_node_properties.default_cohort_role_all_common_roles
Valid pathValues for unpivoting: unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>, abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions Examples for Unpivoting values:
Single field: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}} ]}
Single field with missing unpivot property: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"permissions": "abc"]}} ]} After unpivot -> Single node with id 1 (no email_addresses property to unpivot): result_values: {Values: [ {id:"1","properties"{"permissions":"abc"}}, ]}
Multiple fields - Cartesian Product: unpivot_properties: ["properties.email_addresses", "raw_permissions"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}, "raw_permissions":["perm1","perm2"]} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm2"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm2"}, ]}
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
Boolean operator for combining multiple node specs.
0Possible values: Additional key-value properties that will be projected onto all results (nodes and paths) generated by this query spec. This is particularly useful for union queries where each spec can have its own properties to help correlate results back to their originating spec.
Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.
0Possible values: The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).
emailRepresents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
If true, negates the condition (e.g., fn=EQ with not=true means "not equals").
falseIf value_property_name is set, the value will be retrieved from the property instead of using value above
Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.
Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.
Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.
Boolean operator for combining conditions in the expression.
0Possible values: Boolean operator for combining conditions in the expression.
0Possible values: When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.
The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.
The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.
The threshold percentage below which an access path is considered an outlier.
Adds associated risks to node and path results.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
Page size of the preview.
Page token of the preview.
OK
Total count of entities that would be affected by the previewed enrichment rule.
The total count of nodes that would be enriched by this rule.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Permanently deletes an enrichment rule. Entities previously enriched by this rule retain their current attributes; deletion stops future enrichment from this rule but does not roll back previously applied classifications.
Veza API key for authentication. Generate keys in Administration > API Keys.
No longer used. Deletion is always forced.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Returns the configuration and status of a single enrichment rule by ID.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
ID of the enrichment rule.
Name of the enrichment rule.
Description of the enrichment rule.
Whether the rule will be executed.
Provider IDs for which the rule will be executed.
Entity type on which the rule will be executed.
Property name whose value will be changed by enrichment.
Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.
Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Limitation: does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment types.
The query that is executed to obtain a list of entity IDs of the specified entity type.
The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.
If set, this separate query will be executed to find another entity that is related to the enriched entity, and the properties of the other entity can be referenced in the value for enriched_owners.
Name of the query belonging to 'query_id'.
Name of the query belonging to 'other_node_query_id'.
The resolved entity type of the other node. Typically the destination type on 'other_node_query_id'.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Retrieve all custom (OAA) providers configured in the tenant. Custom providers represent integrations built using the Open Authorization API (OAA), including both Veza-managed connectors and customer-built integrations. Use the filter parameter to narrow results by name, state, or custom_template (e.g., filter=name eq "My App"). Set page_size to control results per page (default varies), and use page_token from the response to retrieve subsequent pages.
Veza API key for authentication. Generate keys in Administration > API Keys.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
OK
Paginated list of custom (OAA) providers.
Unique identifier for the provider instance.
External identifier for the provider, typically set by the integration that created it.
Display name of the provider.
The OAA template type used to create this provider (e.g., "application", "idp").
List of OAA template types associated with this provider instance (e.g., "application", "idp", "hris").
Current provider state.
Application type classifications for this provider.
Deprecated. Resource type classifications. Use application_types, idp_types, hris_types, or file_system_types instead.
Identity provider type classifications (if this provider represents an IdP).
File system type classifications (if this provider represents a file system).
HRIS system type classifications (if this provider represents an HR system).
Principal (identity) type classifications for this provider.
Whether provisioning (write-back) operations are enabled for this provider.
JSON string containing the provider's connection configuration parameters.
Identifier of the data plane that runs this provider's extraction. Empty for cloud-hosted extraction.
Current lifecycle management state for this provider (enum). Indicates whether provisioning and deprovisioning workflows are active.
Identifier of the team that owns this provider instance.
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
For external OAA, how to manage lifecycle management requests
Token to retrieve the next page of results. Empty when no more pages exist.
If true, additional pages of results are available.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Retrieve details for a specific lifecycle management datasource
Retrieve all data sources with optional filtering and pagination
API reference for managing Veza enrichment rules
{
"values": [
{
"provider_name": "text",
"properties": [
{
"name": "text",
"description": "text",
"type": 1,
"optional": true,
"secret": true,
"internal": true,
"oauth2_redirect_required": true,
"vault_sourced": true,
"enum_values": [
{
"value": "text",
"label": "text"
}
],
"lifecycle_management_only": true,
"condition_field": "text",
"condition_value": "text",
"clear_when_condition_not_met": true,
"write_once": true,
"label": "text"
}
],
"icon": "text",
"icon_mime_type": "text",
"custom_templates": [
"text"
],
"provider_categories": [
1
],
"documentation_url": "text",
"lifecycle_management_supported": true,
"created_at": "2026-07-19T12:46:46.939Z"
}
]
}{
"queries": [
{
"id": "text",
"name": "text"
}
]
}POST /api/v1/enrichment/rules/queries HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 22
{
"entity_type": "text"
}{}DELETE /api/v1/enrichment/rules/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
PUT /api/v1/providers/datasources/{id}:disable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}PUT /api/v1/providers/datasources/{id}:enable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/datasources/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {}
}{}PUT /api/v1/enrichment/rules/{id}:toggle HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 27
{
"id": "text",
"active": true
}GET /api/v1/providers/datasources/{id}/sync_status HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"job_status": {
"id": "text",
"status": "text"
}
}GET /api/v1/providers/datasources/{id}/parse_status HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"job_status": {
"id": "text",
"status": "text"
}
}GET /api/v1/enrichment/rules/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"active": true,
"provider_ids": [
"text"
],
"entity_type": "text",
"property_name": "text",
"property_value": null,
"node_ids": [
"text"
],
"query_id": "text",
"priority": 1,
"other_node_query_id": "text",
"informative_fields": {
"query_name": "text",
"other_node_query_name": "text",
"other_node_type": "text"
}
}
}{
"values": [
{
"id": "text",
"external_id": "text",
"name": "text",
"custom_template": "text",
"custom_templates": [
"text"
],
"state": 1,
"application_types": [
"text"
],
"idp_types": [
"text"
],
"file_system_types": [
"text"
],
"hris_types": [
"text"
],
"principal_types": [
"text"
],
"secret_store_types": [
"text"
],
"schema_definition_json": "text",
"provisioning": true,
"push_type": 1,
"rbac_id": "text",
"internal_app_name": "text",
"configuration_json": "text",
"data_plane_id": "text",
"lifecycle_management_state": 1,
"team_id": "text",
"csv_mapping_configuration": {
"template_type": "text",
"column_mappings": [
{
"column_name": "text",
"destination_type": "text",
"destination_property": "text",
"custom_property": {
"name": "text",
"type": 1,
"lcm_unique_identifier": true
},
"as_list": true,
"template": "text",
"property_type": 1,
"is_required": true
}
],
"application": {
"application_name": "text",
"application_type": "text",
"identity": [
"text"
],
"resource_type": "text",
"okta_app_id": "text"
},
"advanced": {
"list_delimiter": "text"
},
"idp": {
"idp_type": "text",
"domain": "text"
},
"hris": {
"hris_name": "text",
"hris_type": "text",
"hris_url": "text",
"hris_identity_mapping": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
},
"hris_provisioning_source": true
},
"cmdb": {
"cmdb_instance_name": "text",
"cmdb_instance_type": "text",
"csc_global_config": {
"owner_id_column_name": "text",
"asset_id_column_name": "text",
"asset_type_column_name": "text",
"owner_node_type": "text",
"owner_id_property": "text",
"asset_connections": [
{
"asset_type_value": "text",
"asset_node_type": "text",
"asset_property_name": "text"
}
]
}
}
},
"secret_references": [
{
"id": "text",
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"external_lifecycle_management_type": 1,
"cmdb_types": [
"text"
],
"notification_preferences": {
"enabled": true,
"subscribed_events": [
1
],
"notify_integration_owner": true,
"additional_recipients": [
"text"
],
"delivery_methods": [
{
"type": 1,
"id": "text"
}
]
}
}
],
"next_page_token": "text",
"has_more": true
}GET /api/v1/providers/custom HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"preview_result": {
"values": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": "[Circular Reference]",
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
}
],
"path_values": [
{
"source": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": "[Circular Reference]",
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
},
"abstract_permissions": [
"text"
],
"concrete_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": "[Circular Reference]",
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
},
"path_summary_nodes": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": "[Circular Reference]",
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
}
],
"results_truncated": true,
"filtered_concrete_permissions": [
"text"
],
"corresponding_abstract_permissions": [
"text"
],
"filtered_concrete_permission_groups": [
{
"permissions": [
"text"
]
}
],
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": "[Circular Reference]",
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
}
},
"additional_path_properties": {
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
],
"access_path_risk_score": 1
},
"waypoint": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-07-19T12:46:46.939Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-07-19T12:46:46.939Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-07-19T12:46:46.939Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": "[Circular Reference]",
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
},
"additional_spec_properties": {}
}
],
"approx_total_source_nodes_count": "text",
"next_page_token": "text",
"has_more": true
}
}POST /api/v1/enrichment/rules_preview HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 18614
{
"request": {
"name": "text",
"description": "text",
"active": true,
"provider_ids": [
"text"
],
"entity_type": "text",
"property_name": "text",
"property_value": null,
"node_ids": [
"text"
],
"query_id": "text",
"priority": 1,
"other_node_query_id": "text",
"enriched_property": 1,
"enriched_owners_value": {
"property_names_in_template": [
"text"
],
"owners": [
{
"team": "text"
}
]
},
"tag_updates_value": {
"add_tags": [
{}
],
"remove_tags": [
{}
]
}
},
"preview_query": {
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"snapshot_id": "text",
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2026-07-19T12:46:46.939Z",
"target": 1,
"relative_timevar_value": "text",
"not": true
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": [
{
"node_types": "[Circular Reference]",
"required_intermediate_node_types": "[Circular Reference]",
"avoided_intermediate_node_types": "[Circular Reference]",
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1,
"path_type": 1
}
],
"child_expressions": [
{
"specs": "[Circular Reference]",
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"and_op_type": 1
}
],
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"all_entity_condition": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
{
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 0,
"not": true
}
],
"operator": 0,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"result_value_type": 1,
"include_all_source_tags_in_results": true,
"include_all_destination_tags_in_results": true,
"additional_columns_to_get": [
1
],
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": "[Circular Reference]",
"as": "text"
}
],
"outlier_detection": {
"type": 1,
"manager_centric_config": {
"grouping_properties": [
{
"property_name": "text",
"node_type": "text",
"target": 1,
"joined_node_alias": "text"
}
],
"threshold": 1
}
},
"include_associated_risks": true,
"risks_filter": "text"
},
"include_sub_permissions": true,
"include_permissions_summary": true,
"waypoint_nodes": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"unpivot_properties": [
"text"
],
"union_specs": [
{
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2026-07-19T12:46:46.939Z",
"target": 1,
"relative_timevar_value": "text",
"not": true
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": "[Circular Reference]",
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"all_entity_condition": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
{
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 0,
"not": true
}
],
"operator": 0,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"waypoint_nodes": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"additional_spec_properties": {},
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": "[Circular Reference]",
"as": "text"
}
],
"outlier_detection": {
"type": 1,
"manager_centric_config": {
"grouping_properties": [
{
"property_name": "text",
"node_type": "text",
"target": 1,
"joined_node_alias": "text"
}
],
"threshold": 1
}
},
"include_associated_risks": true,
"risks_filter": "text"
}
}
],
"page_size": "text",
"page_token": "text"
},
"preview_other_node_query": {
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"snapshot_id": "text",
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2026-07-19T12:46:46.939Z",
"target": 1,
"relative_timevar_value": "text",
"not": true
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": [
{
"node_types": "[Circular Reference]",
"required_intermediate_node_types": "[Circular Reference]",
"avoided_intermediate_node_types": "[Circular Reference]",
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1,
"path_type": 1
}
],
"child_expressions": [
{
"specs": "[Circular Reference]",
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"and_op_type": 1
}
],
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"all_entity_condition": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
{
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 0,
"not": true
}
],
"operator": 0,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"result_value_type": 1,
"include_all_source_tags_in_results": true,
"include_all_destination_tags_in_results": true,
"additional_columns_to_get": [
1
],
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": "[Circular Reference]",
"as": "text"
}
],
"outlier_detection": {
"type": 1,
"manager_centric_config": {
"grouping_properties": [
{
"property_name": "text",
"node_type": "text",
"target": 1,
"joined_node_alias": "text"
}
],
"threshold": 1
}
},
"include_associated_risks": true,
"risks_filter": "text"
},
"include_sub_permissions": true,
"include_permissions_summary": true,
"waypoint_nodes": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"unpivot_properties": [
"text"
],
"union_specs": [
{
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2026-07-19T12:46:46.939Z",
"target": 1,
"relative_timevar_value": "text",
"not": true
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": "[Circular Reference]",
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"all_entity_condition": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
{
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 0,
"not": true
}
],
"operator": 0,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"waypoint_nodes": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"additional_spec_properties": {},
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": "[Circular Reference]",
"as": "text"
}
],
"outlier_detection": {
"type": 1,
"manager_centric_config": {
"grouping_properties": [
{
"property_name": "text",
"node_type": "text",
"target": 1,
"joined_node_alias": "text"
}
],
"threshold": 1
}
},
"include_associated_risks": true,
"risks_filter": "text"
}
}
],
"page_size": "text",
"page_token": "text"
},
"page_size": "text",
"page_token": "text"
}{
"provider_types": [
{
"type": "text",
"schema_integration_type": "text",
"enabled": true,
"provider_details": [
{
"id": "text",
"external_id": "text"
}
]
}
],
"unregistered_custom_provider_types": [
{
"type": "text",
"schema_integration_type": "text",
"enabled": true,
"provider_details": [
{
"id": "text",
"external_id": "text"
}
]
}
]
}GET /api/v1/providers/types HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"count": "text"
}POST /api/v1/enrichment/rules_preview_count HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 18614
{
"request": {
"name": "text",
"description": "text",
"active": true,
"provider_ids": [
"text"
],
"entity_type": "text",
"property_name": "text",
"property_value": null,
"node_ids": [
"text"
],
"query_id": "text",
"priority": 1,
"other_node_query_id": "text",
"enriched_property": 1,
"enriched_owners_value": {
"property_names_in_template": [
"text"
],
"owners": [
{
"team": "text"
}
]
},
"tag_updates_value": {
"add_tags": [
{}
],
"remove_tags": [
{}
]
}
},
"preview_query": {
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"snapshot_id": "text",
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2026-07-19T12:46:46.939Z",
"target": 1,
"relative_timevar_value": "text",
"not": true
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": [
{
"node_types": "[Circular Reference]",
"required_intermediate_node_types": "[Circular Reference]",
"avoided_intermediate_node_types": "[Circular Reference]",
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1,
"path_type": 1
}
],
"child_expressions": [
{
"specs": "[Circular Reference]",
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"and_op_type": 1
}
],
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"all_entity_condition": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
{
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 0,
"not": true
}
],
"operator": 0,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"result_value_type": 1,
"include_all_source_tags_in_results": true,
"include_all_destination_tags_in_results": true,
"additional_columns_to_get": [
1
],
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": "[Circular Reference]",
"as": "text"
}
],
"outlier_detection": {
"type": 1,
"manager_centric_config": {
"grouping_properties": [
{
"property_name": "text",
"node_type": "text",
"target": 1,
"joined_node_alias": "text"
}
],
"threshold": 1
}
},
"include_associated_risks": true,
"risks_filter": "text"
},
"include_sub_permissions": true,
"include_permissions_summary": true,
"waypoint_nodes": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"unpivot_properties": [
"text"
],
"union_specs": [
{
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2026-07-19T12:46:46.939Z",
"target": 1,
"relative_timevar_value": "text",
"not": true
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": "[Circular Reference]",
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"all_entity_condition": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
{
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 0,
"not": true
}
],
"operator": 0,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"waypoint_nodes": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"additional_spec_properties": {},
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": "[Circular Reference]",
"as": "text"
}
],
"outlier_detection": {
"type": 1,
"manager_centric_config": {
"grouping_properties": [
{
"property_name": "text",
"node_type": "text",
"target": 1,
"joined_node_alias": "text"
}
],
"threshold": 1
}
},
"include_associated_risks": true,
"risks_filter": "text"
}
}
],
"page_size": "text",
"page_token": "text"
},
"preview_other_node_query": {
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"snapshot_id": "text",
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2026-07-19T12:46:46.939Z",
"target": 1,
"relative_timevar_value": "text",
"not": true
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": [
{
"node_types": "[Circular Reference]",
"required_intermediate_node_types": "[Circular Reference]",
"avoided_intermediate_node_types": "[Circular Reference]",
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1,
"path_type": 1
}
],
"child_expressions": [
{
"specs": "[Circular Reference]",
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"and_op_type": 1
}
],
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"all_entity_condition": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
{
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 0,
"not": true
}
],
"operator": 0,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"result_value_type": 1,
"include_all_source_tags_in_results": true,
"include_all_destination_tags_in_results": true,
"additional_columns_to_get": [
1
],
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": "[Circular Reference]",
"as": "text"
}
],
"outlier_detection": {
"type": 1,
"manager_centric_config": {
"grouping_properties": [
{
"property_name": "text",
"node_type": "text",
"target": 1,
"joined_node_alias": "text"
}
],
"threshold": 1
}
},
"include_associated_risks": true,
"risks_filter": "text"
},
"include_sub_permissions": true,
"include_permissions_summary": true,
"waypoint_nodes": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"unpivot_properties": [
"text"
],
"union_specs": [
{
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2026-07-19T12:46:46.939Z",
"target": 1,
"relative_timevar_value": "text",
"not": true
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": "[Circular Reference]",
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"all_entity_condition": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
{
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 0,
"not": true
}
],
"operator": 0,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"waypoint_nodes": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 0,
"property": "email",
"value": null,
"not": false,
"value_property_name": "text",
"value_property_from_other_node": true,
"source_property": "text"
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true,
"fn": 1,
"source_query_id": "text",
"source_tag_key": "text"
}
],
"child_expressions": "[Circular Reference]",
"operator": 0,
"not": true
},
"node_id": "text",
"count_condition_expression": "[Circular Reference]",
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 0
},
"additional_spec_properties": {},
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": "[Circular Reference]",
"as": "text"
}
],
"outlier_detection": {
"type": 1,
"manager_centric_config": {
"grouping_properties": [
{
"property_name": "text",
"node_type": "text",
"target": 1,
"joined_node_alias": "text"
}
],
"threshold": 1
}
},
"include_associated_risks": true,
"risks_filter": "text"
}
}
],
"page_size": "text",
"page_token": "text"
},
"page_size": "text",
"page_token": "text"
}IMPORTANT: keep mutable fields in sync with PatchDataSourceRequest. When adding a new mutable datasource field, add it to both messages.
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PUT /api/v1/providers/datasources/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 133
{
"id": "text",
"name": "text",
"secret_references": [
{
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text"
}
]
}GET /api/v1/enrichment/rules HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "Workday Integration",
"provider_type": "WORKDAY",
"external_id": "https://wd5-impl-services1.workday.com/veza_preview",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"IDENTITY_SOURCE",
"ACCESS_TARGET"
]
}
}{
"value": {
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "SCIM Demo Server",
"provider_type": "SCIM",
"external_id": "https://scim.example.com",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"ACCESS_TARGET"
],
"available_actions": [
{
"action_type": "MANAGE_RELATIONSHIPS",
"description": "Add or remove user memberships in groups",
"supported_entity_types": ["User", "Group"],
"supported_relationship_types": ["MemberOf"]
}
],
"syncable_attributes": [
{
"entity_type": "User",
"attributes": [
{
"name": "userName",
"type": "string",
"required": true,
"description": "Primary identifier for the user"
},
{
"name": "displayName",
"type": "string",
"required": false,
"description": "Display name for the user"
},
{
"name": "emails",
"type": "array",
"required": false,
"description": "Email addresses associated with the user"
}
]
},
{
"entity_type": "Group",
"attributes": [
{
"name": "displayName",
"type": "string",
"required": true,
"description": "Display name for the group"
}
]
}
],
"grantable_entitlements": [
{
"entity_type": "Group",
"entitlement_type": "MemberOf",
"description": "Grant membership in the specified group"
}
]
}
}GET /api/v1/providers/datasources/lifecycle_managers/{id}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
The type of the serialized message.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers/549a4b5e-0328-4c87-a19d-ee8a2926d1aa" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/v1/providers/datasources" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/v1/providers/datasources?filter=status+eq+\"SUCCESS\"" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/v1/providers/datasources?page_size=10&order_by=name" \
-H "authorization: Bearer $VEZA_TOKEN"GET /api/v1/providers/datasourcesVeza API key for authentication. Generate keys in Administration > API Keys.
When specified, only data sources matching the filter will be returned. Valid attributes: datasource_type Valid operators: EQ E.g. 'datasource_type eq "extractor"'
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
{
"values": [
{
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 (527398259632)",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2021-10-26T07:10:38Z",
"synced_at": "2022-01-13T20:53:23Z",
"parsed_at": "2022-01-13T20:53:29Z"
}
],
"next_page_token": "ec67g",
"has_more": false
}Returns saved assessment queries that can be used as the Owner Query (other_node_query_id) for dynamic owner resolution in Entity Owner enrichment rules. Two query types are returned: path queries that traverse from the enriched entity to a related entity holding the owner identifier, and CMDB queries that return CustomCMDBConfigurationItem nodes whose owner_node_id and owner_external_id properties point to the resolved owner. Use the returned property_names to populate property_names_in_template on CreateEnrichmentRule.
Veza API key for authentication. Generate keys in Administration > API Keys.
{
"queries": [
{
"id": "019d5767-2edf-7401-9c65-1d9c28f6b343",
"name": "AWS IAM users linked to Okta",
"other_node_type": "OktaUser",
"property_names": ["id", "email", "employee_id", "department"]
}
]
}{
"queries": [
{
"id": "019d5767-2edf-7401-9c65-1d9c28f6b343",
"name": "Service accounts to CMDB config items",
"other_node_type": "CustomCMDBConfigurationItem",
"property_names": ["owner_node_id", "owner_external_id"]
}
]
}Operations for managing data sources including listing, updating, enabling, disabling, and status monitoring
{
"id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
"name": "AWS EC2 (527398259632)",
"datasource_type": "EXTRACTOR",
"agent_type": "AWS_EC2",
"status": "SUCCESS",
"provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
"path": "AWS/ec2",
"state": "ENABLED",
"effective_state": "ENABLED",
"datasource_config": null,
"created_at": "2021-10-26T07:10:38Z",
"updated_at": "2021-10-26T07:10:38Z",
"sync_start": "2022-01-13T20:53:20Z",
"sync_end": "2022-01-13T20:53:23Z",
"sync_start_success": "2022-01-13T20:53:20Z",
"sync_end_success": "2022-01-13T20:53:23Z",
"parse_start": "2022-01-13T20:53:24Z",
"parse_end": "2022-01-13T20:53:29Z",
"parse_start_success": "2022-01-13T20:53:24Z",
"parse_end_success": "2022-01-13T20:53:29Z"
}GET /api/v1/providers/datasources/lifecycle_managers/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"enabled": true,
"datasource": {},
"definition": {
"source_of_identity_definition": {
"entity_type": "text"
},
"actions": [
{
"type": 1,
"idempotent": true,
"input_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"output_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"definition": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
}
]
}
}
}{
"value": {}
}{
"values": [
{
"id": "text",
"name": "text",
"description": "text",
"active": true,
"provider_ids": [
"text"
],
"entity_type": "text",
"property_name": "text",
"property_value": null,
"node_ids": [
"text"
],
"query_id": "text",
"priority": 1,
"other_node_query_id": "text",
"informative_fields": {
"query_name": "text",
"other_node_query_name": "text",
"other_node_type": "text"
}
}
],
"next_page_token": "text",
"has_more": true
}# Find datasources that support SYNC_IDENTITIES operations (action_type=1)
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?action_type=1" \
-H "authorization: Bearer $VEZA_TOKEN"# Find datasources that can manage User entities
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?entity_type=User" \
-H "authorization: Bearer $VEZA_TOKEN"# Find datasources that support SYNC_IDENTITIES operations on Users with MemberOf relationships
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?action_type=1&entity_type=User&relationship_type=MemberOf" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "Workday Integration",
"provider_type": "WORKDAY",
"external_id": "https://wd5-impl-services1.workday.com/veza_preview",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"IDENTITY_SOURCE",
"ACCESS_TARGET"
]
}
],
"has_more": false,
"next_page_token": ""
}Veza API key for authentication. Generate keys in Administration > API Keys.
Optional filter to narrow by the entity type of the action.
For MANAGE_RELATIONSHIPS this is the assignee entity type
(AssigneeEntityTypes). For REMOVE_DIRECT_ACCESS this is the assignee
side of an AllowedPair. For other actions it matches the action's
primary entity type from GetInfoForActionProtoMessage.
Optional filter to narrow by the relationship/target side of the action.
For MANAGE_RELATIONSHIPS this matches AvailableEntityTypes. For
REMOVE_DIRECT_ACCESS this matches the target side of an AllowedPair;
when both entity_type and relationship_type are supplied they must
match the same AllowedPair entry. Ignored for other actions.
OK
The type of the serialized message.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
GET /api/v1/providers/datasources HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
Request body for discovering valid other-node queries. Specify the entity_type being enriched (the same entity_type passed to CreateEnrichmentRule) and set enriched_property to "ENRICHED_OWNERS" (the API also accepts the integer enum value 4). The endpoint rejects requests where entity_type is CustomCMDBConfigurationItem.
Node type of the enriched entity.
Enriched property of the enrichment rule.
OK
List of saved assessment queries compatible with the requested entity_type for use as other_node_query_id in an enrichment rule.
ID of the assessment query.
Name of the assessment query.
Node type of the other entity that the query targets.
Properties of the other entity that can be referenced in the enrichment rule value template.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
POST /api/v1/enrichment/rules/other_node_queries HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 44
{
"entity_type": "text",
"enriched_property": 1
}Lists all data sources that have enabled lifecycle management and their supported capabilities
{
"datasource_list": [
{
"external_datasource_id": "text",
"external_provider_id": "text",
"datasource_type": "text",
"extraction_start": "2026-07-19T12:46:46.939Z",
"extraction_end": "2026-07-19T12:46:46.939Z",
"datasource_name": "text",
"is_deleted": true,
"datasource_id": "text",
"has_warning": true
}
],
"snapshot_not_found": true,
"pagination_context": "text",
"has_more": true
}{
"queries": [
{
"id": "text",
"name": "text",
"other_node_type": "text",
"property_names": [
"text"
]
}
]
}{
"values": [
{
"id": "text",
"enabled": true,
"datasource": {},
"definition": {
"source_of_identity_definition": {
"entity_type": "text"
},
"actions": [
{
"type": 1,
"idempotent": true,
"input_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"output_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"definition": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
}
]
}
}
]
}GET /api/v1/providers/datasources/lifecycle_managers:by_action_type HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
owner_node_idowner_node_idowner_external_idproperty_names_in_templatecurl -X POST "$BASE_URL/api/v1/enrichment/rules" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "content-type: application/json" \
-d '{
"name": "Mark service accounts as NHI",
"provider_ids": ["<provider-id>"],
"entity_type": "OktaUser",
"query_id": "<saved-query-id>",
"enriched_property": "IDENTITY_TYPE",
"property_value": "NONHUMAN"
}'curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Assign owner from entity property",
"provider_ids": ["<provider-id>"],
"entity_type": "AwsIamUser",
"query_id": "<saved-query-id>",
"enriched_property": "ENRICHED_OWNERS",
"enriched_owners_value": {
"property_names_in_template": ["id"],
"owners": [
{
"entity_id": "{{id}}",
"entity_type": "OktaUser"
}
]
}
}'curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Assign owner from linked IdP user",
"provider_ids": ["<provider-id>"],
"entity_type": "AwsIamUser",
"query_id": "<saved-query-id>",
"other_node_query_id": "<traversal-query-id>",
"enriched_property": "ENRICHED_OWNERS",
"enriched_owners_value": {
"property_names_in_template": ["id"],
"owners": [
{
"entity_id": "{{id}}",
"entity_type": "OktaUser"
}
]
}
}'curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Assign owner from CMDB config item",
"provider_ids": ["<provider-id>"],
"entity_type": "AwsIamUser",
"query_id": "<saved-query-id>",
"other_node_query_id": "<cmdb-query-id>",
"enriched_property": "ENRICHED_OWNERS",
"enriched_owners_value": {
"property_names_in_template": ["owner_node_id"],
"owners": [
{
"entity_id": "{{owner_node_id}}",
"entity_type": "OktaUser"
}
]
}
}'curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Tag production AWS roles",
"provider_ids": ["<provider-id>"],
"entity_type": "AwsIamRole",
"query_id": "<saved-query-id>",
"enriched_property": "VEZA_TAGS",
"tag_updates_value": {
"add_tags": [
{"key": "environment", "value": "production"}
],
"remove_tags": []
}
}'Creates a new enrichment rule that automatically applies attributes to entities matching a saved query. Supported rule types are: identify non-human identities (set identity_type to HUMAN or NONHUMAN), assign entity owners (static or dynamic ownership from entity properties), detect privileged accounts (set is_privileged to true), classify critical resources (set criticality_level to LOW, MEDIUM, HIGH, or CRITICAL), and assign Veza tags (add or remove tags on matched entities). The query_id must reference an existing saved assessment query.
Veza API key for authentication. Generate keys in Administration > API Keys.
Request body for creating an enrichment rule. Required fields: name, provider_ids, entity_type. Set enriched_property to define the rule type (IDENTITY_TYPE, IS_PRIVILEGED, CRITICALITY_LEVEL, ENRICHED_OWNERS, or VEZA_TAGS). Use property_value for scalar values (e.g., "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL). Use enriched_owners_value for owner assignment rules, or tag_updates_value for tag rules. Use query_id to target entities matching a saved assessment query, or node_ids for static targeting.
Name of the enrichment rule. Must be unique across all rules.
Description of the enrichment rule.
Whether the rule will be executed.
Provider IDs for which the rule will be executed.
Entity type on which the rule will be executed. Must be a valid entity type that is supported by all specified providers.
Property name whose value will be changed by enrichment. Not recommended. Only valid if enriched_property = USE_PROPERTY_NAME; otherwise, the property name will be set according to enriched_property.
The scalar value to set for the enriched property. Examples: "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL. Not used when enriched_property is ENRICHED_OWNERS (use enriched_owners_value) or VEZA_TAGS (use tag_updates_value).
Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment.
The query that is executed to obtain a list of entity IDs of the specified entity type. It must exist before creating the enrichment rule and its source_type must match entity_type.
The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.
Optional. The ID of a saved assessment query used to resolve the owner from a related entity instead of the enriched entity itself. Two query types are accepted: a path query that traverses from the enriched entity to a related entity holding the owner ID (or that is the owner), or a query for CustomCMDBConfigurationItem whose owner_node_id and owner_external_id properties point to the resolved owner. Use Get valid other-node queries to discover compatible queries. Requires query_id to also be set.
The enrichment rule type (enum). Values: 0 = USE_PROPERTY_NAME (custom property_name required), 1 = IDENTITY_TYPE (set identity_type to HUMAN or NONHUMAN via property_value), 2 = IS_PRIVILEGED (set is_privileged, use property_value "true"), 3 = CRITICALITY_LEVEL (set criticality_level via property_value: LOW, MEDIUM, HIGH, or CRITICAL), 4 = ENRICHED_OWNERS (assign ownership, use enriched_owners_value instead of property_value), 5 = VEZA_TAGS (add or remove tags, use tag_updates_value instead of property_value).
OK
The generated ID of the newly created enrichment rule.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers?page_size=10" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "Workday Integration",
"provider_type": "WORKDAY",
"external_id": "https://wd5-impl-services1.workday.com/veza_preview",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"IDENTITY_SOURCE",
"ACCESS_TARGET"
]
},
{
"id": "2b1c8d4e-5f2a-4b3c-9e7f-1d2e3f4a5b6c",
"name": "Active Directory",
"provider_type": "ACTIVE_DIRECTORY",
"external_id": "corp.example.com",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"ACCESS_TARGET"
]
}
],
"has_more": false,
"next_page_token": ""
}{
"values": [
{
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "SCIM Demo Server",
"provider_type": "SCIM",
"external_id": "https://scim.example.com",
"lifecycle_management_enabled": true,
"supported_capabilities": [
"ACCESS_TARGET"
],
"available_actions": [
{
"action_type": "MANAGE_RELATIONSHIPS",
"description": "Add or remove user memberships in groups",
"supported_entity_types": ["User", "Group"],
"supported_relationship_types": ["MemberOf"]
}
],
"syncable_attributes": [
{
"entity_type": "User",
"attributes": [
{
"name": "userName",
"type": "string",
"required": true,
"description": "Primary identifier for the user"
},
{
"name": "displayName",
"type": "string",
"required": false,
"description": "Display name for the user"
},
{
"name": "emails",
"type": "array",
"required": false,
"description": "Email addresses associated with the user"
}
]
},
{
"entity_type": "Group",
"attributes": [
{
"name": "displayName",
"type": "string",
"required": true,
"description": "Display name for the group"
}
]
}
],
"grantable_entitlements": [
{
"entity_type": "Group",
"entitlement_type": "MemberOf",
"description": "Grant membership in the specified group"
}
]
}
],
"has_more": false,
"next_page_token": ""
}GET /api/v1/providers/datasources/lifecycle_managersReturns paginated active IdP users that can be assigned as entity owners
curl -X POST "https://your-tenant.veza.com/api/v1/list_available_owners" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"search_value": "alice",
"page_size": 25
}'{
"owners": [
{
"entity_id": "abc123",
"entity_type": "OktaUser",
"entity_name": "Alice Smith",
"external_id": "alice@example.com"
}
],
"next_page_token": "eyJwYWdlIjoxfQ==",
"has_more": true
}Owner objects in a batch_set_owners request{
"id": "text"
}POST /api/v1/enrichment/rules HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 390
{
"name": "text",
"description": "text",
"active": true,
"provider_ids": [
"text"
],
"entity_type": "text",
"property_name": "text",
"property_value": null,
"node_ids": [
"text"
],
"query_id": "text",
"priority": 1,
"other_node_query_id": "text",
"enriched_property": 1,
"enriched_owners_value": {
"property_names_in_template": [
"text"
],
"owners": [
{
"team": "text"
}
]
},
"tag_updates_value": {
"add_tags": [
{}
],
"remove_tags": [
{}
]
}
}# First page
curl -X POST ".../api/v1/list_available_owners" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"page_size": 100}'
# Subsequent pages — use next_page_token from prior response
curl -X POST ".../api/v1/list_available_owners" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"page_size": 100, "page_token": "eyJwYWdlIjoxfQ=="}'Veza API key for authentication. Generate keys in Administration > API Keys.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
OK
The type of the serialized message.
The pagination token to retrieve the next page of results.
If true, more results are available.
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"values": [
{
"id": "text",
"enabled": true,
"datasource": {},
"definition": {
"source_of_identity_definition": {
"entity_type": "text"
},
"actions": [
{
"type": 1,
"idempotent": true,
"input_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"output_entity_types": [
{
"name": "text",
"description": "text",
"available_entity_types": [
"text"
]
}
],
"definition": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
}
]
}
}
],
"next_page_token": "text",
"has_more": true
}GET /api/v1/providers/datasources/lifecycle_managers HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
Configure priority scheduling and extraction times for data sources
curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100,
"timezone": "America/New_York",
"scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
"scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
}'curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100
}'curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100,
"timezone": "America/Los_Angeles",
"scheduled_extraction_times": ["09:00:00", "21:00:00"],
"scheduled_days_of_week": ["SATURDAY", "SUNDAY"]
}'curl -X GET "$BASE_URL/api/private/providers/datasources/scheduling_configs" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/private/providers/datasources/scheduling_configs?datasource_type=EXTRACTOR" \
-H "authorization: Bearer $VEZA_TOKEN"# Configure Workday to extract weekdays at 6 AM Eastern
curl -X POST "$BASE_URL/api/private/providers/datasources/{workday_datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100,
"timezone": "America/New_York",
"scheduled_extraction_times": ["06:00:00"],
"scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
}'curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"priority": 100,
"timezone": "America/Los_Angeles",
"scheduled_extraction_times": ["00:00:00", "12:00:00"],
"scheduled_days_of_week": ["SATURDAY", "SUNDAY"]
}'POST /api/private/providers/datasources/{datasource_id}/scheduling_config{
"value": {
"datasource_id": "019a0f2b-53cd-7c5d-904f-bf2588b876d5",
"priority": "100",
"datasource_name": "AWS S3 (527398259632)",
"datasource_type": "EXTRACTOR",
"timezone": "America/New_York",
"scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
"created_at": "2025-10-28T02:34:27.794138246Z",
"updated_at": "2025-10-31T19:42:43.705828675Z",
"scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
}
}{
"code": "INVALID_ARGUMENT",
"message": "invalid time format '09:15:00': only 00 and 30 minutes of the hour are supported",
"details": []
}{
"code": "INVALID_ARGUMENT",
"message": "Cannot create scheduling configuration. Limit of 100 configurations is reached.",
"details": []
}GET /api/private/providers/datasources/{datasource_id}/scheduling_configcurl -X GET "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"datasource_id": "0199827a-402d-7554-af7b-cb3489b68402",
"priority": "100",
"datasource_name": "AWS IAM Volatile (527398259632)",
"datasource_type": "EXTRACTOR",
"timezone": "America/New_York",
"scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
"created_at": "2025-10-10T12:52:11.659562336Z",
"updated_at": "2025-10-10T12:52:11.659562336Z",
"scheduled_days_of_week": ["MONDAY", "WEDNESDAY", "FRIDAY"]
}
}{
"code": "NOT_FOUND",
"message": "datasource_scheduling_config not found",
"details": []
}GET /api/private/providers/datasources/scheduling_configs{
"values": [
{
"datasource_id": "0199827a-3d32-7342-9ccd-2f928ccc6855",
"priority": "100",
"datasource_name": "AWS Cognito (527398259632)",
"datasource_type": "EXTRACTOR",
"timezone": "America/New_York",
"scheduled_extraction_times": ["00:00:00", "01:30:00", "03:00:00"],
"created_at": "1970-01-01T00:00:01.758832260Z",
"updated_at": "1970-01-01T00:00:01.758832260Z",
"scheduled_days_of_week": ["MONDAY", "WEDNESDAY", "FRIDAY"]
},
{
"datasource_id": "0199827a-402d-7554-af7b-cb3489b68402",
"priority": "100",
"datasource_name": "AWS IAM Volatile (527398259632)",
"datasource_type": "EXTRACTOR",
"timezone": "America/New_York",
"scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
"created_at": "2025-10-10T12:52:11.659562336Z",
"updated_at": "2025-10-10T12:52:11.659562336Z",
"scheduled_days_of_week": []
}
]
}DELETE /api/private/providers/datasources/{datasource_id}/scheduling_configcurl -X DELETE "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
-H "authorization: Bearer $VEZA_TOKEN"{}curl -X POST "https://your-tenant.veza.com/api/v1/batch_set_owners" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"batches": [
{
"entity_type": "AwsIamUser",
"entity_ids": ["aws-iam-user-abc123"],
"assigned_owners": {
"owners": [
{
"entity_id": "okta-user-xyz789",
"entity_type": "OktaUser"
}
]
}
}
]
}'{
"entity_type": "OktaUser",
"external_property_name": "email",
"external_id": "owner@example.com"
}{
"batches": [
{
"entity_type": "AwsS3Bucket",
"entity_ids": ["bucket-1", "bucket-2", "bucket-3"],
"assigned_owners": {
"owners": [{"entity_id": "okta-user-xyz", "entity_type": "OktaUser"}]
}
}
]
}{
"batches": [
{
"entity_type": "VirtualMachine",
"entity_ids": ["vm-abc"],
"added_owners": [
{"external_id": "ops-team@example.com", "entity_type": "OktaUser", "external_property_name": "email"}
]
}
]
}{
"batches": [
{
"entity_type": "AwsIamRole",
"entity_ids": ["role-xyz"],
"removed_owners_incremental": [
{"entity_id": "okta-user-former", "entity_type": "OktaUser"}
]
}
]
}{
"batches": [
{
"entity_type": "AwsIamUser",
"entity_ids": ["iam-user-1", "iam-user-2"],
"assigned_owners": {
"owners": [{"entity_id": "okta-user-xyz", "entity_type": "OktaUser"}]
}
},
{
"entity_type": "GithubRepo",
"entity_ids": ["repo-abc"],
"added_owners": [
{"external_id": "dev-lead@example.com", "entity_type": "OktaUser", "external_property_name": "email"}
]
}
]
}{
"code": "InvalidArgument",
"message": "Invalid Arguments",
"details": [{"field_violations": [{"field": "types", "description": "Must supply at least one valid type"}]}]
}{
"code": "InvalidArgument",
"details": [{"field_violations": [{"field": "entity_type", "description": "issue with entity {external_id}: owner not of an allowed type"}]}]
}SHOW AwsIamUser
WHERE entity_id = "your-entity-id"account_id{
"services": [
"S3", "RDS_POSTGRES", "RDS_MYSQL", "RDS_ORACLE", "RDS",
"DYNAMODB", "REDSHIFT", "REDSHIFT_CLUSTER", "EC2", "LAMBDA",
"EKS", "ECR", "EMR", "AWS_IAM", "KMS", "SECRETS_MANAGER",
"COGNITO", "SSO", "ORGANIZATIONS", "NEPTUNE", "SYSTEMS_MANAGER",
"CERTIFICATE_MANAGER", "BEDROCK", "DOCUMENTDB"
]
}{
"services": [
"S3", "RDS_POSTGRES", "LAMBDA", "EC2", "AWS_IAM"
]
}curl -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws"{
"values": [
{
"id": "12345678-1234-5678-9012-123456789012",
"name": "Production AWS Account",
"account_id": "123456789012",
"services": [],
"state": "ENABLED"
},
{
"id": "87654321-4321-8765-2109-876543210987",
"name": "Development AWS Account",
"account_id": "987654321098",
"services": ["S3", "RDS_POSTGRES", "LAMBDA"],
"state": "ENABLED"
}
]
}# Replace with your actual provider ID and desired services
curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"services":["S3","RDS_POSTGRES","LAMBDA","EC2","AWS_IAM"]}' \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_HERE"curl -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_HERE"# Example for multiple providers - replace with your actual IDs and services
DESIRED_SERVICES='["S3","RDS_POSTGRES","DYNAMODB","LAMBDA","EC2","AWS_IAM"]'
# Provider 1
curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"services\":$DESIRED_SERVICES}" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_1"
# Provider 2
curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"services\":$DESIRED_SERVICES}" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_2"#!/bin/bash
# Configuration - CUSTOMIZE THESE VALUES
VEZA_URL="https://yourcompany.cookiecloud.ai"
DESIRED_SERVICES='["S3","RDS_POSTGRES","DYNAMODB","LAMBDA","EC2","AWS_IAM"]'
echo "Starting bulk AWS provider services update..."
echo "Target services: $DESIRED_SERVICES"
echo ""
# Get all AWS provider IDs
provider_ids=$(curl -s -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws" | \
jq -r '.values[].id')
if [ -z "$provider_ids" ]; then
echo "Error: No AWS providers found or API call failed"
exit 1
fi
# Count providers
provider_count=$(echo "$provider_ids" | wc -l)
echo "Found $provider_count AWS providers to update"
echo ""
# Add confirmation prompt
read -p "Continue with bulk update? (y/N): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Update cancelled"
exit 0
fi
# Update each provider
echo "$provider_ids" | while read provider_id; do
if [ -n "$provider_id" ]; then
echo "Updating provider: $provider_id"
response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"services\":$DESIRED_SERVICES}" \
"$VEZA_URL/api/v1/providers/aws/$provider_id")
http_status=$(echo "$response" | grep "HTTP_STATUS" | cut -d: -f2)
if [ "$http_status" = "200" ]; then
echo "âś“ Successfully updated provider $provider_id"
else
echo "âś— Failed to update provider $provider_id (HTTP $http_status)"
echo "Response: $(echo "$response" | grep -v "HTTP_STATUS")"
fi
echo ""
fi
done
echo "Bulk update completed"# Check all providers
curl -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws" | \
jq '.values[] | {id: .id, name: .name, services: .services}'
# Check specific provider
curl -H "Authorization: Bearer $VEZA_TOKEN" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID" | \
jq '{id: .id, name: .name, services: .services}'curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"services":[]}' \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID"# Example: Enable different set of services
NEW_SERVICES='["S3","LAMBDA","DYNAMODB","EC2"]'
curl -X PATCH \
-H "Authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"services\":$NEW_SERVICES}" \
"$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID"Unified API for managing all provider configurations
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X GET \
"https://{tenant}.vezacloud.com/api/v1/providers?page_size=10&filter=state+eq+'ENABLED'" \
-H "Authorization: Bearer {your_api_key}" \
-H "Accept: application/json"{
"values": [
{
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789012",
"name": "AWS-Production",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"external_id": "501779813173",
"team_id": "team-uuid-here",
"team_name": "Platform Team",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-08-26T14:22:00Z",
"created_by": "user-uuid",
"updated_by": "user-uuid",
"owners": ["user-uuid-1", "group-uuid-1"],
"labels": ["production", "critical"],
"vendor": {},
"lifecycle_management_state": "NOT_CONFIGURED",
"provisioning": false
},
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "contoso.onmicrosoft.com",
"name": "Azure-Production",
"type": "AZURE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"external_id": "veza-ext-def456",
"team_id": "team-uuid-here",
"team_name": "Platform Team",
"created_at": "2024-02-01T09:15:00Z",
"updated_at": "2024-08-26T13:45:00Z",
"owners": [],
"labels": ["production"],
"vendor": {},
"lifecycle_management_state": "NOT_CONFIGURED",
"provisioning": false
}
],
"next_page_token": "eyJvZmZzZXQiOjEwfQ=="
}the plan is to migrate all the provider update endpoints to this one
one provider at a time
while still keeping the old endpoints for backward compatibility
Veza API key for authentication. Generate keys in Administration > API Keys.
curl -X PUT \
"https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
-H "Authorization: Bearer {your_api_key}" \
-H "Content-Type: application/json" \
-d '{
"value": {
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"name": "AWS-Production-Updated",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"owners": ["user-uuid-1", "group-uuid-1"],
"labels": ["production", "critical", "pci"]
}
}'{
"value": {
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789012",
"name": "AWS-Production-Updated",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "PENDING",
"external_id": "501779813173",
"team_id": "team-uuid-here",
"team_name": "Platform Team",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-08-26T15:30:00Z",
"created_by": "user-uuid",
"updated_by": "user-uuid",
"owners": ["user-uuid-1", "group-uuid-1"],
"labels": ["production", "critical", "pci"],
"vendor": {},
"lifecycle_management_state": "NOT_CONFIGURED",
"provisioning": false
}
}the plan is to migrate all the provider update endpoints to this one
one provider at a time
while still keeping the old endpoints for backward compatibility
Veza API key for authentication. Generate keys in Administration > API Keys.
curl -X PATCH \
"https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
-H "Authorization: Bearer {your_api_key}" \
-H "Content-Type: application/json" \
-d '{
"value": {
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"name": "AWS-Production-Renamed",
"labels": ["production", "updated"]
},
"update_mask": "name,labels"
}'{
"value": {
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789012",
"name": "AWS-Production-Renamed",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "PENDING",
"external_id": "501779813173",
"team_id": "team-uuid-here",
"team_name": "Platform Team",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-08-26T15:45:00Z",
"owners": ["user-uuid-1", "group-uuid-1"],
"labels": ["production", "updated"],
"vendor": {},
"lifecycle_management_state": "NOT_CONFIGURED",
"provisioning": false
}
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
curl -X DELETE \
"https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
-H "Authorization: Bearer {your_api_key}"{}GET /api/v1/providers HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"external_id": "text",
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"lifecycle_management_state": 1,
"team_id": "text",
"created_at": "2026-07-19T12:46:46.939Z",
"updated_at": "2026-07-19T12:46:46.939Z",
"vendor": {},
"extractors_datasource_status": 1,
"discoverers_datasource_status": 1,
"team_name": "text",
"type_summary": "text",
"owners": [
"text"
],
"labels": [
"text"
],
"secret_references": [
{
"id": "text",
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"updated_by": "text",
"created_by": "text",
"rbac_id": "text",
"updated_by_name": "text",
"created_by_name": "text",
"owner_names": [
"text"
]
}
],
"next_page_token": "text"
}the generic provider object with vendor prop that represent vendor specific data this is for the generic provider creation and update endpoints eventually the goal is to demise the provider proto for each provider, for example AwsProvider below and maintain the individual vendor proto in their own agent directory for validation and documentation purpose we will migrate one provider type at a time while keep the old proto file for backward compatibility for a period of time
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PUT /api/v1/providers/{value.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 224
{
"name": "text",
"type": 1,
"data_plane_id": "text",
"vendor": {},
"owners": [
"text"
],
"labels": [
"text"
],
"secret_references": [
{
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text"
}
],
"owner_names": [
"text"
]
}the generic provider object with vendor prop that represent vendor specific data this is for the generic provider creation and update endpoints eventually the goal is to demise the provider proto for each provider, for example AwsProvider below and maintain the individual vendor proto in their own agent directory for validation and documentation purpose we will migrate one provider type at a time while keep the old proto file for backward compatibility for a period of time
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
PATCH /api/v1/providers/{value.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 224
{
"name": "text",
"type": 1,
"data_plane_id": "text",
"vendor": {},
"owners": [
"text"
],
"labels": [
"text"
],
"secret_references": [
{
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text"
}
],
"owner_names": [
"text"
]
}DELETE /api/v1/providers/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"external_id": "text",
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"lifecycle_management_state": 1,
"team_id": "text",
"created_at": "2026-07-19T12:46:46.939Z",
"updated_at": "2026-07-19T12:46:46.939Z",
"vendor": {},
"extractors_datasource_status": 1,
"discoverers_datasource_status": 1,
"team_name": "text",
"type_summary": "text",
"owners": [
"text"
],
"labels": [
"text"
],
"secret_references": [
{
"id": "text",
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"updated_by": "text",
"created_by": "text",
"rbac_id": "text",
"updated_by_name": "text",
"created_by_name": "text",
"owner_names": [
"text"
]
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"external_id": "text",
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"lifecycle_management_state": 1,
"team_id": "text",
"created_at": "2026-07-19T12:46:46.939Z",
"updated_at": "2026-07-19T12:46:46.939Z",
"vendor": {},
"extractors_datasource_status": 1,
"discoverers_datasource_status": 1,
"team_name": "text",
"type_summary": "text",
"owners": [
"text"
],
"labels": [
"text"
],
"secret_references": [
{
"id": "text",
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"updated_by": "text",
"created_by": "text",
"rbac_id": "text",
"updated_by_name": "text",
"created_by_name": "text",
"owner_names": [
"text"
]
}
}{
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789010",
"name": "AWS-Production",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"account_id": "123456789010",
"credentials_type": "ASSUME_CUSTOMER_ROLE",
"access_key_id": "AKIA6FRNZGGIOEBZ6BEA",
"assume_role_name": "VezaDiscoveryRole",
"assume_role_external_id": "veza-external-id",
"regions": [
"us-east-1",
"us-west-2",
"eu-west-1"
],
"db_user": "veza_user",
"services": [
"IAM",
"S3",
"RDS",
"REDSHIFT"
],
"s3_bucket_allow_list": ["prod-data-*"],
"s3_bucket_deny_list": ["temp-*", "test-*"],
"rds_database_allow_list": ["production"],
"rds_database_deny_list": ["temp"]
}{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "contoso.onmicrosoft.com",
"name": "Azure-Production",
"type": "AZURE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"tenant_id": "12345678-1234-1234-1234-123456789012",
"client_id": "87654321-4321-4321-4321-210987654321",
"services": [
"AZUREAD",
"SHAREPOINT",
"SQLSERVER"
],
"gather_guest_users": true,
"gather_disabled_users": false,
"gather_personal_sites": true,
"domains": ["contoso.com"],
"sql_server_database_allow_list": ["production"],
"sql_server_database_deny_list": ["temp"]
}{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "gcp-project-id",
"name": "GCP-Production",
"type": "GOOGLE_CLOUD",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"customer_id": "C01234567",
"workspace_email": "service-account@project.iam.gserviceaccount.com",
"project_allow_list": ["prod-project-1", "prod-project-2"],
"project_deny_list": ["test-*"],
"domain_allow_list": ["company.com"],
"domain_deny_list": [],
"services": [
"IAM",
"STORAGE",
"COMPUTE",
"WORKSPACE",
"BIGQUERY"
],
"dataset_allow_list": ["analytics", "reporting"],
"dataset_deny_list": ["temp_*"]
}{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "xy12345.us-east-1",
"name": "Snowflake-Production",
"type": "SNOWFLAKE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"account_locator": "xy12345",
"region": "us-east-1",
"cloud": "aws",
"user": "veza_user",
"role": "VEZA_ROLE",
"warehouse": "COMPUTE_WH",
"database_allow_list": ["PROD_DB", "ANALYTICS_DB"],
"database_deny_list": ["TEMP_DB", "TEST_DB"]
}{
"id": "90112ed7-47e7-48e6-9f05-c02d19d7f137",
"vendor_id": "sqlserver.company.com",
"name": "SQL-Production",
"type": "SQL_SERVER",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"host": "sqlserver.company.com",
"port": 1433,
"username": "veza_user",
"database_allow_list": ["ProductionDB", "AnalyticsDB"],
"database_deny_list": ["TempDB", "TestDB"],
"schema_allow_list": ["dbo", "analytics"],
"schema_deny_list": ["temp"]
}{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "trino.company.com",
"name": "Trino-Production",
"type": "TRINO",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"host": "trino.company.com",
"port": 8080,
"username": "veza_user",
"aws_s3_object_config": {
"access_key": "AKIA...",
"region": "us-east-1",
"bucket": "trino-config",
"object": "access-control.properties",
"credentials_type": "STATIC",
"assume_role_name": "",
"account_id": ""
},
"ssl_certificate": "-----BEGIN CERTIFICATE-----\n..."
}{
"error": {
"code": "INVALID_CREDENTIALS",
"message": "The provided credentials are invalid or expired",
"details": "AWS STS AssumeRole failed with error: Access denied"
}
}Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
OK
Must be unique within an insight point
Provider type: "azure_key_vault", "aws_secrets_manager", etc.
Owning insight point ID, or "internal" for control plane vaults
Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
External OAuth specific fields
Organization account filtering
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
External OAuth specific fields
Organization account filtering
OK
External OAuth specific fields
Organization account filtering
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
External OAuth specific fields
Organization account filtering
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
External OAuth specific fields
Organization account filtering
OK
External OAuth specific fields
Organization account filtering
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
The type of the serialized message.
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"rbac_id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true,
"gather_all_iam_policies": true,
"documentdb_user": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"rbac_id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true,
"gather_all_iam_policies": true,
"documentdb_user": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"rbac_id": "text",
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"lifecycle_management_state": 1,
"secret_references": [
{
"id": "text",
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"sharepoint_provisioning": true,
"user_extra_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"separate_group_app_role_assignment_pagination": true,
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
],
"m365_agents_refresh_token": "text"
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"rbac_id": "text",
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"lifecycle_management_state": 1,
"secret_references": [
{
"id": "text",
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"sharepoint_provisioning": true,
"user_extra_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"separate_group_app_role_assignment_pagination": true,
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
],
"m365_agents_refresh_token": "text"
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"organization_account": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"external_oauth_c2c_audience_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"organization_account": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"external_oauth_c2c_audience_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}
}{
"id": "text"
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true,
"use_legacy_tls_ciphers": true
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}GET /api/v1/providers/aws HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"rbac_id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true,
"gather_all_iam_policies": true,
"documentdb_user": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}
]
}POST /api/v1/providers/aws HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1617
{
"name": "text",
"account_id": "text",
"regions": [
"text"
],
"data_plane_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"secret_key": "text",
"assume_role_name": "text",
"assume_role_external_id": "text",
"db_user": "text",
"rds_postgres_user": "text",
"rds_mysql_user": "text",
"rds_oracle_user": "text",
"rds_oracle_password": "text",
"redshift_user": "text",
"services": [
1
],
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"rds_db_level_only": true,
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"provisioning_scim_token": "text",
"gather_all_iam_policies": true,
"documentdb_user": "text",
"documentdb_password": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}GET /api/v1/providers/aws/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"rbac_id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true,
"gather_all_iam_policies": true,
"documentdb_user": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}
}PATCH /api/v1/providers/aws/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1615
{
"id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"secret_key": "text",
"assume_role_name": "text",
"assume_role_external_id": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"rds_oracle_password": "text",
"services": [
1
],
"data_plane_id": "text",
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_rds_oracle_system_schemas": true,
"gather_postgresql_system_schemas": true,
"rds_db_level_only": true,
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"provisioning_scim_token": "text",
"gather_all_iam_policies": true,
"documentdb_user": "text",
"documentdb_password": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}DELETE /api/v1/providers/aws/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/aws:trustpolicy HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"trust_policy_json": "text"
}GET /api/v1/providers/aws/{id}:checkpolicy HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"requires_update": true,
"aws_account_id": "text",
"current_policy": "text",
"required_policy": "text",
"required_actions": [
"text"
],
"overprivileged_actions": [
"text"
]
}GET /api/v1/providers/azure HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"rbac_id": "text",
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"lifecycle_management_state": 1,
"secret_references": [
{
"id": "text",
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"sharepoint_provisioning": true,
"user_extra_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"separate_group_app_role_assignment_pagination": true,
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
],
"m365_agents_refresh_token": "text"
}
]
}POST /api/v1/providers/azure HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 2332
{
"name": "text",
"tenant_id": "text",
"client_id": "text",
"client_secret": "text",
"data_plane_id": "text",
"auth_certificate": "text",
"auth_certificate_password": "text",
"services": [
1
],
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"gather_postgresql_system_schemas": true,
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"secret_references": [
{
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text"
}
],
"sharepoint_provisioning": true,
"user_extra_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"separate_group_app_role_assignment_pagination": true,
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
],
"m365_agents_refresh_token": "text"
}GET /api/v1/providers/azure/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"rbac_id": "text",
"skip_mailbox_folders": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"lifecycle_management_state": 1,
"secret_references": [
{
"id": "text",
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
],
"sharepoint_provisioning": true,
"user_extra_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"separate_group_app_role_assignment_pagination": true,
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
],
"m365_agents_refresh_token": "text"
}
}PATCH /api/v1/providers/azure/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 2330
{
"id": "text",
"tenant_id": "text",
"client_id": "text",
"client_secret": "text",
"auth_certificate": "text",
"auth_certificate_password": "text",
"services": [
1
],
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"dynamics_erp_environments": [
"text"
],
"authentication_type": 1,
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"gather_postgresql_system_schemas": true,
"skip_mailbox_folders": true,
"data_plane_id": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"provisioning": true,
"secret_references": [
{
"secret_id": "text",
"secret_mapping": {
"type": 1,
"mapping": "text"
},
"vault_id": "text"
}
],
"sharepoint_provisioning": true,
"user_extra_properties": [
{
"name": "text",
"type": 1,
"lcm_unique_identifier": true
}
],
"gather_group_extra_info": true,
"gather_group_owner_details": true,
"log_analytics_workspace_id": "text",
"separate_group_app_role_assignment_pagination": true,
"subscription_id_allow_list": [
"text"
],
"subscription_id_deny_list": [
"text"
],
"storage_account_name_allow_list": [
"text"
],
"storage_account_name_deny_list": [
"text"
],
"blob_container_name_allow_list": [
"text"
],
"blob_container_name_deny_list": [
"text"
],
"m365_agents_refresh_token": "text"
}DELETE /api/v1/providers/azure/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/google_cloud HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}
]
}POST /api/v1/providers/google_cloud HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1067
{
"name": "text",
"credentials_json": "text",
"data_plane_id": "text",
"workspace_email": "text",
"customer_id": "text",
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"services": [
1
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"oauth_config": "text",
"oauth_token": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}GET /api/v1/providers/google_cloud/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}
}PATCH /api/v1/providers/google_cloud/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1065
{
"id": "text",
"credentials_json": "text",
"workspace_email": "text",
"customer_id": "text",
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"services": [
1
],
"data_plane_id": "text",
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"oauth_config": "text",
"oauth_token": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
],
"property_match_operator": 1
}
],
"use_email": true
}
}DELETE /api/v1/providers/google_cloud/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/snowflake HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"organization_account": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"external_oauth_c2c_audience_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}
]
}POST /api/v1/providers/snowflake HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1149
{
"name": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"password": "text",
"role": "text",
"warehouse": "text",
"data_plane_id": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"alternative_database_name": "text",
"authentication_method": 1,
"private_key": "text",
"private_key_password": "text",
"extract_tags": true,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"export_private_key": "text",
"export_private_key_password": "text",
"export_password": "text",
"provisioning": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"organization_account": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"external_oauth_c2c_audience_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}GET /api/v1/providers/snowflake/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2026-07-19T12:46:46.939Z",
"synced_at": "2026-07-19T12:46:46.939Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"organization_account": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_network_policies": true,
"gather_projection_policies": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"external_oauth_c2c_audience_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}
}PATCH /api/v1/providers/snowflake/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1147
{
"id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"password": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"alternative_database_name": "text",
"authentication_method": 1,
"private_key": "text",
"private_key_password": "text",
"extract_tags": true,
"data_plane_id": "text",
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"export_private_key": "text",
"export_private_key_password": "text",
"export_password": "text",
"gather_masking_policies": true,
"gather_row_access_policies": true,
"gather_projection_policies": true,
"organization_account": true,
"gather_password_policies": true,
"gather_login_source_ip": true,
"provisioning": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_network_policies": true,
"external_oauth_aws_region": "text",
"external_oauth_ida_provider_uri": "text",
"external_oauth_ida_resource_uri": "text",
"external_oauth_c2c_audience_uri": "text",
"account_allow_list": [
"text"
],
"account_deny_list": [
"text"
]
}DELETE /api/v1/providers/snowflake/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/sqlserver HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true,
"use_legacy_tls_ciphers": true
}
]
}POST /api/v1/providers/sqlserver HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 324
{
"name": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"data_plane_id": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true,
"use_legacy_tls_ciphers": true
}GET /api/v1/providers/sqlserver/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true,
"use_legacy_tls_ciphers": true
}PATCH /api/v1/providers/sqlserver/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 322
{
"id": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"use_tls_connector": true,
"use_legacy_tls_ciphers": true,
"data_plane_id": "text"
}DELETE /api/v1/providers/sqlserver/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}GET /api/v1/providers/trino HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
]
}POST /api/v1/providers/trino HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 506
{
"name": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"data_plane_id": "text",
"aws_s3_object_config": {
"access_key": "text",
"secret_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"assume_role_external_id": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}GET /api/v1/providers/trino/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"rbac_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}PATCH /api/v1/providers/trino/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 504
{
"id": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"aws_s3_object_config": {
"access_key": "text",
"secret_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"assume_role_external_id": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"data_plane_id": "text"
}DELETE /api/v1/providers/trino/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}API endpoints for configuring Okta and OneLogin
{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}curl --location --request GET '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN'{
"values": [
{
"id": "interation-GUID",
"vendor_id": "domain.controller.FQDN",
"name": "ad_cct01",
"type": "ACTIVE_DIRECTORY",
"state": "ENABLED",
"data_plane_id": "insight-point-GUID",
"status": "SUCCESS",
"host": "domain.controller.FQDN",
"port": 636,
"username": "read.only",
"domains": [
"corp.cookie.ai"
],
"ad_fqdn": "cct01-ad-01.corp.cookie.ai",
"identity_mapping_configuration": null
}
]
}curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}'curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}'curl --location --request DELETE '/api/v1/providers/activedirectory/{{provider_id}}' \
--header 'Authorization: Bearer TOKEN'curl --location --request PATCH '/api/v1/providers/azure/{{provider_id}}' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"port": 636
}'{
"id": "string",
"domain": "string",
"region": "string",
"token": "string",
"gather_all_applications": true,
"domain_allow_list": [
"string"
],
"domain_deny_list": [
"string"
],
"app_allow_list": [
"string"
],
"app_deny_list": [
"string"
]
}{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
]
}{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
]
}{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
}{}{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
}{
"name": "string",
"domain": "string",
"region": "string",
"client_id": "string",
"client_secret": "string",
"data_plane_id": "string"
}{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
]
}{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
}{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
}{}{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
]
}