All pages
Powered by GitBook
1 of 35

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Enable/Disable Providers

API operations for enabling and disabling provider connections

The v1/providers API includes endpoints to enable or disable integrations by provider id. This allows you to temporarily pause data extraction and synchronization for specific providers when needed, without deleting the configuration.

The provider_id value should be obtained from the provider listing APIs (e.g., /api/v1/providers/aws for AWS providers)

Enable Provider

Activate a provider connection that was disabled.

curl -X PUT \
  "https://{tenant}.vezacloud.com/api/v1/providers/{id}:enable" \
  -H "accept: application/json" \
  -H "Authorization: Bearer {your_api_key}"

Disable Provider

Deactivates a provider connection until it is-renabled, preserving the configured settings.

curl -X PUT \
  "https://{tenant}.vezacloud.com/api/v1/providers/{id}:disable" \
  -H "accept: application/json" \
  -H "Authorization: Bearer {your_api_key}"

List Data Sources (Batch by ID)

Fetch a known set of data sources by ID (or external ID) in a single request

Endpoint

POST /api/v1/providers/datasources:list

Description

DataSourcesList is the POST/body counterpart of List Data Sources. It accepts the request parameters in the body so that ids and external_ids lists travel in the request body instead of the query string, enabling batch fetch by ID without a URL-length limit.

Use this endpoint when an integration needs to retrieve a known set of data sources in a single call. The SCIM filter query string supported by ListDataSources only allows single-value EQ and has no IN operator, which forces clients to either issue N parallel GetDataSource calls or to page through the full list. DataSourcesList removes that constraint: the ids and external_ids typed lists map to a native IN lookup. Unknown IDs are silently omitted from the response — they are not treated as an error.

filter, order_by, page_size, and page_token keep the same semantics as ListDataSources. All conditions on the request are combined with AND.

Parameter
Type
Required?
Description
Use Case
Recommended Endpoint

Optional

Fetch the data sources with these external IDs. Maps to external_id IN (...). Unknown external IDs are silently omitted from the response.

filter

string

Optional

SCIM filter, same syntax and attributes as ListDataSourcesRequest.filter (name, agent_type, status, state, provider_id, data_provider_id, datasource_type).

order_by

string

Optional

Sort results by: name, agent_type, status, state, provider_id, data_provider_id, or datasource_type.

page_size

integer

Optional

The maximum number of results to return. Fewer results may be returned even when more pages exist.

page_token

string

Optional

The token specifying the specific page of results to retrieve.

ids

string[]

Optional

Fetch the data sources with these IDs. Maps to id IN (...). Unknown IDs are silently omitted from the response.

external_ids

curl -X POST "$BASE_URL/api/v1/providers/datasources:list" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "ids": [
      "6961b032-3fd7-4baa-a230-146d1b70ec27",
      "cd0cf102-e86c-4599-9cbe-64d2c6b83236"
    ]
  }'
curl -X POST "$BASE_URL/api/v1/providers/datasources:list" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "external_ids": ["aws-prod-ec2", "aws-prod-iam"]
  }'
curl -X POST "$BASE_URL/api/v1/providers/datasources:list" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "ids": ["6961b032-3fd7-4baa-a230-146d1b70ec27"],
    "filter": "status eq \"SUCCESS\"",
    "order_by": "name",
    "page_size": 10
  }'
{
  "values": [
    {
      "id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
      "name": "AWS EC2 (527398259632)",
      "datasource_type": "EXTRACTOR",
      "agent_type": "AWS_EC2",
      "status": "SUCCESS",
      "provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
      "path": "AWS/ec2",
      "state": "ENABLED",
      "effective_state": "ENABLED",
      "created_at": "2021-10-26T07:10:38Z",
      "updated_at": "2021-10-26T07:10:38Z",
      "synced_at": "2022-01-13T20:53:23Z",
      "parsed_at": "2022-01-13T20:53:29Z"
    }
  ],
  "next_page_token": "",
  "has_more": false
}

Retrieve a single data source by ID

Get Data Source

Retrieve all data sources, optionally filtered by a single attribute

List Data Sources

Retrieve a known set of data sources by ID or external ID in one call

List Data Sources (Batch by ID) — this endpoint

API Reference

Request Body Parameters

Request Examples

Response Example

When to Use This Endpoint

string[]

put
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
object · EnableProviderResponseOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
put/api/v1/providers/{id}:enable
put
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
object · DisableProviderResponseOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
put/api/v1/providers/{id}:disable

DataSourcesList is the POST/body counterpart of ListDataSources. It is POST

post

(not GET) so the ids/external_ids lists travel in the request body instead

of the query string, enabling batch fetch by id without a URL-length limit.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

DataSourcesListRequest is the POST/body counterpart of ListDataSourcesRequest. It exists because the SCIM filter string only supports single-value EQ and has no IN operator, so there is no way to fetch a known set of data sources by id (or external id) in one call via ListDataSources. The ids/external_ids typed lists map to a native SQL IN, while filter/order_by/pagination keep the same semantics as ListDataSources. All conditions are combined with AND.

idsstring[]Optional

Fetch the data sources with these ids. Maps to id IN (...). Unknown ids are silently omitted from the response (not an error).

external_idsstring[]Optional

Fetch the data sources with these external ids. Maps to external_id IN (...). Unknown external ids are silently omitted from the response (not an error).

filterstringOptional

SCIM filter, same syntax/attributes as ListDataSourcesRequest.filter.

order_bystringOptional

Sort order, same syntax as ListDataSourcesRequest.order_by.

page_sizeinteger · int32Optional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

Responses
200

OK

application/json
valuesobject · DataSource[]Optional
next_page_tokenstringOptional

The pagination token to retrieve the next page of results.

has_morebooleanOptional

If true, more results are available.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
post/api/v1/providers/datasources:list
{
  "values": [
    {}
  ],
  "next_page_token": "text",
  "has_more": true
}
POST /api/v1/providers/datasources:list HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 108

{
  "ids": [
    "text"
  ],
  "external_ids": [
    "text"
  ],
  "filter": "text",
  "order_by": "text",
  "page_size": 1,
  "page_token": "text"
}
PUT /api/v1/providers/{id}:enable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
PUT /api/v1/providers/{id}:disable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}
{}

Custom Provider Configurations

ListCustomProviderInternalConfigurationDefinitions returns the internal configuration definitions for all custom OAA providers, including built-in Veza integrations that use OAA templates.

This endpoint is useful for understanding the configuration schema of custom integrations, including connector types, data source configurations, and supported settings.

Integration APIs

Programmatic configuration of providers and data sources

The Veza management APIs enable internal tooling to automate administration of cloud providers and data sources. These APIs provide both unified and provider-specific endpoints to manage integrations:

  • : Unified endpoints for managing all provider types through a single interface

  • : Specialized endpoints for individual provider types with extended configuration options

Data Sources API: Management of individual data sources within providers

Each supported provider can be managed through either the unified Provider Management API or provider-specific endpoints, depending on your needs.

  • A data plane ID is required when adding a custom provider.

    • This value refers to the Insight Point used for discovery, or the GUID of the built-in data plane.

    • To get all available IDs, navigate to Administration > Insight Point.

    • Unless you have deployed an Insight Point within your environment, the only entry will be for the internal data plane.

  • If a request is unsuccessful, an error message will provide additional details and troubleshooting steps.

You can issue new API keys from Administration > API Keys > Add New API Key. Provide the key as the bearer auth token in the header of each request.

Users must have the admin role to add/modify provider configurations. Configurations can be viewed by users with the operator role.

Register Accounts - Use the management API to add multiple AWS accounts from CSV.

Veza Python Client - Simple Python class for making REST API calls to Veza.

Cloud Formation Stacks - Configure multiple AWS accounts for Veza discovery by enabling the required assume role operations and IAM permissions.

If your organization uses applications, data sources, or identity providers not natively supported by Veza, you may be able to add them to your data catalog using Open Authorization APIs. You will need to query the provider to retrieve entity and permissions metadata and push the payload to Veza for parsing in a template format.

Endpoints for administering custom resources (/providers/custom/*) are described in OAA Push API.

Provider Management API
Provider-Specific APIs

Notes

Authentication

Sample Integrations and Tools

Please contact your support team for private repository access.

Open Authorization APIs

get

Retrieve the internal configuration definitions for all available OAA provider types. Returns metadata about each provider type including configuration property definitions (names, types, and whether fields are optional or secret), provider icon and MIME type, custom templates available, provider categories (application, IdP, HRIS, etc.), lifecycle management support, and documentation URL. Use this to discover available provider types and their configuration schema before creating a new custom provider instance.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Responses
200

OK

application/json

List of OAA provider configuration definitions.

provider_namestringOptional

Canonical name identifying this provider type (e.g., "slack", "jira").

namestringOptional
descriptionstringOptional
typeinteger · enumOptional
optionalbooleanOptional
secretbooleanOptional
internalbooleanOptional
oauth2_redirect_requiredbooleanOptional
vault_sourcedbooleanOptional
valuestringOptional
labelstringOptional
lifecycle_management_onlybooleanOptional
condition_fieldstringOptional

When set, this property is only shown/required when the named field equals the given value.

condition_valuestringOptional
clear_when_condition_not_metbooleanOptional

When true, the value of this property is cleared if its condition is not met.

write_oncebooleanOptional

When true, the value of the property cannot be changed once set

labelstringOptional

Optional human-friendly display label for the field. When empty, the UI falls back to a title-cased version of name (so existing connectors are unaffected).

iconstringOptional

Base64-encoded icon image for UI display.

icon_mime_typestringOptional

MIME type of the icon image (e.g., "image/png", "image/svg+xml").

custom_templatesstring[]Optional

OAA template types supported by this provider.

provider_categoriesinteger · enum[]Optional

Categories this provider belongs to (application, IdP, HRIS, file system, etc.).

documentation_urlstringOptional

URL to the provider's documentation page on docs.veza.com.

lifecycle_management_supportedbooleanOptional

Whether this provider supports lifecycle management (provisioning/deprovisioning) operations.

created_atstring · date-timeOptional

Timestamp when this provider configuration was registered.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
curl -X GET "$BASE_URL/api/v1/providers/custom/configurations" \
  -H "authorization: Bearer $VEZA_TOKEN"

Sample request

Preview enrichment rule

Returns the entities that would be affected by an enrichment rule, along with their current and projected property values. Use this endpoint to verify a rule's impact before creating or updating it.

The request accepts a full CreateEnrichmentRuleRequest body. The response is a paginated list of matching entities with enrichment-relevant properties.

Request body

Field
Description

request

  • The preview reflects the current state of the Access Graph. It does not trigger extraction or persist any changes.

  • For Entity Owner rules that use an , include the preview_other_node_query field to preview the resolved owner values.

Get valid queries

Returns saved assessment queries that are compatible with a given entity type. Use this to discover valid query_id values before calling Create enrichment rule.

Request body

Field
Description

entity_type

The entity type to find compatible queries for (e.g., OktaUser, AwsIamRole). Required.

Response

Returns a queries array of ValidEnrichmentRuleQuery objects, each with an id and name. Pass the id as query_id when creating an enrichment rule.

Owners API

API reference for managing entity ownership in the Veza Access Graph

Manage entity ownership in the Veza Access Graph using the Owners API. Use List Available Owners to discover valid owner candidates, then Batch Set Owners to assign, add, or remove owners across multiple entities in a single request.

Owner updates are applied asynchronously — changes typically reflect within a few seconds of the API returning.

Endpoints

Operation
Method
Path

Delete enrichment rule

Permanently deletes an enrichment rule.

Path parameter

Parameter
Description

id

The ID of the enrichment rule to delete.

Notes

Deleting a rule stops future enrichment but does not roll back attributes previously applied by the rule. Entities that were classified or tagged by the rule retain those attributes until they are updated by another rule or manually changed.

List provider types

Returns all provider types available in the tenant, including both Veza-managed integrations and custom OAA provider types.

Response

  • provider_types: Veza-managed provider types such as AWS, AZURE, GOOGLE_CLOUD, OKTA, ACTIVE_DIRECTORY, GITHUB, SNOWFLAKE, SALESFORCE, KUBERNETES, and others. Each entry includes enabled: true if the tenant has at least one configured provider instance of that type.

  • unregistered_custom_provider_types: OAA provider types present in the tenant that do not have a registered Veza configuration definition.

Each ProviderType includes a schema_integration_type field. Use this value (not type) when filtering by integration_type in assessment queries. The values are not always a direct transformation of the type identifier — for example, GOOGLE_CLOUD maps to google, ONE_LOGIN maps to onelogin, and MYSQL maps to my_sql.

For detailed integration guides, see the .

Disable Data Source

Pause discovery and extraction for a data source

Endpoint

PUT /api/v1/providers/datasources/{id}:disable

Description

Pause discovery and extraction for a data source. This will cancel all pending extractions for the specified data source.

Disabling a data source will cancel all pending extractions and prevent new data from being collected until the data source is re-enabled.

API Reference

Path Parameters

Parameter
Type
Required?
Description

id

string

Standard Response:

Enable Data Source

Resume monitoring and queue the data source for extraction

Endpoint

PUT /api/v1/providers/datasources/{id}:enable

Description

Resume monitoring and queue the data source for extraction. This will re-enable a previously disabled data source and schedule it for data collection.

API Reference

Path Parameters

Parameter
Type
Required?
Description

id

string

Standard Response:

Get Data Source

Retrieve status and details for an individual data source

Endpoint

GET /api/v1/providers/datasources/{id}

Description

Returns status and configuration details for an individual data source by its ID.

API Reference

Path Parameters

Parameter
Type
Required?
Description

id

string

Standard Response:

Enable or disable rule

Enables or disables an existing enrichment rule without deleting it. Disabled rules are not evaluated during metadata extraction.

Path parameter

Parameter
Description

id

The ID of the enrichment rule to enable or disable.

Request body

Field
Description

A 200 OK with an empty body indicates success.

Get Sync Status

Retrieve the synchronization status and details for a specific data source

Endpoint

GET /api/v1/providers/datasources/{id}/sync_status

Description

Returns the current synchronization status for a specific data source, including information about the last sync operation and any errors that occurred during data extraction.

API Reference

Path Parameters

Parameter
Type
Required?
Description

id

string

Standard Response:

Get Parse Status

Retrieve the parsing status and details for a specific data source

Endpoint

GET /api/v1/providers/datasources/{id}/parse_status

Description

Returns the current parsing status for a specific data source, including information about the last parse operation and any errors that occurred.

API Reference

Path Parameters

Parameter
Type
Required?
Description

id

string

Standard Response:

Preview enrichment rule count

Returns the total count of entities that would be affected by an enrichment rule. Use this to estimate the scope of a rule before creating it.

Request body

The request body is the same as Preview enrichment rule. See that page for field descriptions.

Response

Field
Type
Description

count

Get enrichment rule

Returns the configuration and status of a single enrichment rule by ID.

Path parameter

Parameter
Description

id

The ID of the enrichment rule to retrieve.

Sample response

{
  "value": {
    "id": "019c4441-62c3-78f6-9dad-2b29b9b7ffee",
    "name": "AWS NHIs by property",
    "active": true,
    "provider_ids": ["5443ea52-9dba-435e-8c6a-9035cc513bfa"],
    "entity_type": "AwsIamUser",
    "property_name": "enriched_owners",
    "property_value": "{\"property_names_in_template\":[\"id\"],\"owners\":[{\"entity_id\":\"{{id}}\",\"entity_type\":\"OktaUser\"}]}",
    "node_ids": [],
    "query_id": "0198d3ff-b2f7-7b05-b3d3-14b3cfc35858",
    "priority": 6
  }
}

Custom Providers

ListCustomProviders returns all custom (OAA-based) provider definitions configured in the Veza instance.

Each provider in the response includes its ID, name, custom template type, integration type, and associated data sources.

Sample request

curl -X GET "$BASE_URL/api/v1/providers/custom" \
  -H "authorization: Bearer $VEZA_TOKEN"

Sample response

{
  "values": [
    {
      "name": "my_custom_app",
      "custom_template": "application",
      "integration_type": "my_custom_app",
      "data_sources": [],
      "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
    }
  ]
}

Update Data Source

Update the name for a given data source ID

Update the name for a given data source ID. This endpoint allows you to modify the display name of an existing data source.

Parameter
Type
Required?
Description

List enrichment rules

Returns all enrichment rules configured in the tenant.

Parameter
Description

List available owners

POST

/api/v1/list_available_owners

Batch set owners

POST

/api/v1/batch_set_owners

get/api/v1/providers/custom/configurations
GET /api/v1/providers/custom/configurations HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

List custom provider configuration definitions

The data source ID

Field
Type
Required?
Description

name

string

Optional

New name for the data source

Standard Response:

PUT /api/v1/providers/datasources/{id}
put
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Body

id

string

Endpoint

Description

API Reference

Path Parameters

Required

curl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "name": "AWS EC2 Production Environment"
  }'
{
  "value": {
    "id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
    "name": "AWS EC2 Production Environment",
    "datasource_type": "EXTRACTOR",
    "agent_type": "AWS_EC2",
    "status": "SUCCESS",
    "provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
    "path": "AWS/ec2",
    "state": "ENABLED",
    "effective_state": "ENABLED",
    "datasource_config": null,
    "created_at": "2021-10-26T07:10:38Z",
    "updated_at": "2024-01-15T10:30:45Z",
    "synced_at": "2022-01-13T20:53:23Z",
    "parsed_at": "2022-01-13T20:53:29Z"
  }
}

Request Body

Request Examples

Response Examples

order_by

Sort order for results.

page_size / page_token

Pagination controls.

get

Returns all enrichment rules configured in the tenant. Enrichment rules automatically classify and tag entities in the Veza Authorization Graph based on saved query conditions. Use include_inactive_rules=true to include disabled rules in the response. Supports filter and order_by parameters for result filtering.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters
include_inactive_rulesbooleanOptional
filterstringOptional
order_bystringOptional
page_sizestringOptional
page_tokenstringOptional
Responses
200

OK

application/json

Paginated list of enrichment rules. Use page_token from the response to fetch subsequent pages when the total count exceeds page_size.

idstringOptional

ID of the enrichment rule.

namestringOptional

Name of the enrichment rule.

descriptionstringOptional

Description of the enrichment rule.

activebooleanOptional

Whether the rule will be executed.

provider_idsstring[]Optional

Provider IDs for which the rule will be executed.

entity_typestringOptional

Entity type on which the rule will be executed.

property_namestringOptional

Property name whose value will be changed by enrichment.

property_valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

node_idsstring[]Optional

Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Limitation: does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment types.

query_idstringOptional

The query that is executed to obtain a list of entity IDs of the specified entity type.

prioritynumber · floatOptional

The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.

other_node_query_idstringOptional

If set, this separate query will be executed to find another entity that is related to the enriched entity, and the properties of the other entity can be referenced in the value for enriched_owners.

query_namestringOptional

Name of the query belonging to 'query_id'.

other_node_query_namestringOptional

Name of the query belonging to 'other_node_query_id'.

other_node_typestringOptional

The resolved entity type of the other node. Typically the destination type on 'other_node_query_id'.

next_page_tokenstringOptional

The pagination token to retrieve the next page of results.

has_morebooleanOptional

If true, more results are available.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional

include_inactive_rules

When true, includes disabled rules in the response. Default: false.

filter

SCIM filter expression. Example: property_name eq "enriched_owners".

Query parameters

curl "$BASE_URL/api/v1/enrichment/rules?page_size=3" \
  -H "Authorization: Bearer $VEZA_TOKEN"
{
  "values": [
    {
      "id": "019c4441-62c3-78f6-9dad-2b29b9b7ffee",
      "name": "AWS NHIs by property",
      "active": true,
      "provider_ids": ["5443ea52-9dba-435e-8c6a-9035cc513bfa"],
      "entity_type": "AwsIamUser",
      "property_name": "enriched_owners",
      "property_value": "{\"property_names_in_template\":[\"id\"],\"owners\":[{\"entity_id\":\"{{id}}\",\"entity_type\":\"OktaUser\"}]}",
      "node_ids": [],
      "query_id": "0198d3ff-b2f7-7b05-b3d3-14b3cfc35858",
      "priority": 6
    }
  ],
  "next_page_token": "<token>",
  "has_more": true
}

Sample request

Sample response

A CreateEnrichmentRuleRequest object defining the rule to preview. Required.

preview_query

Optional. Override the saved query used for preview (useful for testing query changes without saving).

preview_other_node_query

Optional. Override the other-node query used for owner resolution preview.

page_size

Optional. Number of entities per page.

page_token

Optional. Token for retrieving the next page of results.

Notes

other-node query

Preview enrichment rule

post

Returns the entities that would be affected by an enrichment rule, along with their current and projected property values. Accepts a full CreateEnrichmentRuleRequest plus optional preview_query and preview_other_node_query overrides for previewing query changes without saving. The response is paginated; use page_token to fetch subsequent pages. The preview reflects the current state of the Access Graph and does not trigger extraction or persist any changes.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

Request body for previewing an enrichment rule. The request field carries the full CreateEnrichmentRuleRequest defining the rule. preview_query and preview_other_node_query are optional overrides for previewing query changes without saving the underlying saved queries. page_size and page_token control pagination of the preview result set.

namestringOptional

Name of the enrichment rule. Must be unique across all rules.

descriptionstringOptional

Description of the enrichment rule.

activebooleanOptional

Whether the rule will be executed.

provider_idsstring[]Optional

Provider IDs for which the rule will be executed.

entity_typestringOptional

Entity type on which the rule will be executed. Must be a valid entity type that is supported by all specified providers.

property_namestringOptional

Property name whose value will be changed by enrichment. Not recommended. Only valid if enriched_property = USE_PROPERTY_NAME; otherwise, the property name will be set according to enriched_property.

property_valueanyOptional

The scalar value to set for the enriched property. Examples: "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL. Not used when enriched_property is ENRICHED_OWNERS (use enriched_owners_value) or VEZA_TAGS (use tag_updates_value).

node_idsstring[]Optional

Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment.

query_idstringOptional

The query that is executed to obtain a list of entity IDs of the specified entity type. It must exist before creating the enrichment rule and its source_type must match entity_type.

prioritynumber · floatOptional

The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.

other_node_query_idstringOptional

Optional. The ID of a saved assessment query used to resolve the owner from a related entity instead of the enriched entity itself. Two query types are accepted: a path query that traverses from the enriched entity to a related entity holding the owner ID (or that is the owner), or a query for CustomCMDBConfigurationItem whose owner_node_id and owner_external_id properties point to the resolved owner. Use Get valid other-node queries to discover compatible queries. Requires query_id to also be set.

enriched_propertyinteger · enumOptional

The enrichment rule type (enum). Values: 0 = USE_PROPERTY_NAME (custom property_name required), 1 = IDENTITY_TYPE (set identity_type to HUMAN or NONHUMAN via property_value), 2 = IS_PRIVILEGED (set is_privileged, use property_value "true"), 3 = CRITICALITY_LEVEL (set criticality_level via property_value: LOW, MEDIUM, HIGH, or CRITICAL), 4 = ENRICHED_OWNERS (assign ownership, use enriched_owners_value instead of property_value), 5 = VEZA_TAGS (add or remove tags, use tag_updates_value instead of property_value).

property_names_in_templatestring[]Optional
teamstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
keystringOptionalDeprecated
valuestringOptionalDeprecated
query_typeinteger · enumOptional

The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
keystringOptional
valuestringOptional
no_relationbooleanOptionalDeprecated

Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.

snapshot_idstringOptional

Optional snapshot ID to query against a specific point-in-time data snapshot.

opinteger · enumOptional
valueinteger · int32Optional
opinteger · enumOptional
valueinteger · int32Optional
include_secondary_granteebooleanOptional
include_indirect_resourcebooleanOptional
exclude_indirect_granteebooleanOptional
anomaly_detection_history_daysstringOptional
opinteger · enumOptional
valuestring · date-timeOptional
targetinteger · enumOptional
relative_timevar_valuestringOptional
notbooleanOptional
node_relationship_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
child_expressionsobject · RelatesToExpression[]Optional
⤷Circular reference to object · RelatesToExpression[]
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
result_value_typeinteger · enumOptional

Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.

include_all_source_tags_in_resultsbooleanOptional

These fields control whether or not tags will be included in source and/or destination results

include_all_destination_tags_in_resultsbooleanOptional
additional_columns_to_getinteger · enum[]Optional

Allows FE to Alert BE if permissions are being displayed to the user

withstringOptional

Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
asstringOptional

The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.

typeinteger · enumOptional
property_namestringOptional
node_typestringOptional
targetinteger · enumOptional
joined_node_aliasstringOptional
thresholdnumber · floatOptional

The threshold percentage below which an access path is considered an outlier.

include_associated_risksbooleanOptional

Adds associated risks to node and path results.

risks_filterstringOptional
include_sub_permissionsbooleanOptional

Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.

include_permissions_summarybooleanOptional

This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
unpivot_propertiesstring[]Optional

The properties that should be unpivoted in the results producing multiple rows per node/path To be able to unpivot a property, it must be a list/array type property. If multiple properties are used result will be Cartesian product(all unpivot combinations for node). If property does not exist on a node, and it is a valid property, we will just add that node as is. Syntax to specify properties is the full path to the property using dot notation and using properties json names. Both values and pathValues can be unpivoted:

  1. Valid values for unpivoting: properties.<property_name>, unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, raw_permissions, effective_permissions, access_stats.concrete_permissions, access_stats.canonical_permissions, filtered_raw_permissions, corresponding_effective_permissions, additional_node_properties.default_cohort_role_users_in_cohort, additional_node_properties.default_cohort_role_all_common_roles

  2. Valid pathValues for unpivoting: unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>, abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions Examples for Unpivoting values:

  3. Single field: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}} ]}

  4. Single field with missing unpivot property: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"permissions": "abc"]}} ]} After unpivot -> Single node with id 1 (no email_addresses property to unpivot): result_values: {Values: [ {id:"1","properties"{"permissions":"abc"}}, ]}

  5. Multiple fields - Cartesian Product: unpivot_properties: ["properties.email_addresses", "raw_permissions"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}, "raw_permissions":["perm1","perm2"]} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm2"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm2"}, ]}

query_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
keystringOptional
valuestringOptional
opinteger · enumOptional
valueinteger · int32Optional
opinteger · enumOptional
valueinteger · int32Optional
include_secondary_granteebooleanOptional
include_indirect_resourcebooleanOptional
exclude_indirect_granteebooleanOptional
anomaly_detection_history_daysstringOptional
opinteger · enumOptional
valuestring · date-timeOptional
targetinteger · enumOptional
relative_timevar_valuestringOptional
notbooleanOptional
node_relationship_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
child_expressionsobject · RelatesToExpression[]Optional
⤷Circular reference to object · RelatesToExpression[]
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
additional_spec_propertiesobjectOptional

Additional key-value properties that will be projected onto all results (nodes and paths) generated by this query spec. This is particularly useful for union queries where each spec can have its own properties to help correlate results back to their originating spec.

withstringOptional

Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
asstringOptional

The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.

typeinteger · enumOptional
property_namestringOptional
node_typestringOptional
targetinteger · enumOptional
joined_node_aliasstringOptional
thresholdnumber · floatOptional

The threshold percentage below which an access path is considered an outlier.

include_associated_risksbooleanOptional

Adds associated risks to node and path results.

risks_filterstringOptional
page_sizestringOptional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

query_typeinteger · enumOptional

The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
keystringOptional
valuestringOptional
no_relationbooleanOptionalDeprecated

Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.

snapshot_idstringOptional

Optional snapshot ID to query against a specific point-in-time data snapshot.

opinteger · enumOptional
valueinteger · int32Optional
opinteger · enumOptional
valueinteger · int32Optional
include_secondary_granteebooleanOptional
include_indirect_resourcebooleanOptional
exclude_indirect_granteebooleanOptional
anomaly_detection_history_daysstringOptional
opinteger · enumOptional
valuestring · date-timeOptional
targetinteger · enumOptional
relative_timevar_valuestringOptional
notbooleanOptional
node_relationship_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
child_expressionsobject · RelatesToExpression[]Optional
⤷Circular reference to object · RelatesToExpression[]
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
result_value_typeinteger · enumOptional

Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.

include_all_source_tags_in_resultsbooleanOptional

These fields control whether or not tags will be included in source and/or destination results

include_all_destination_tags_in_resultsbooleanOptional
additional_columns_to_getinteger · enum[]Optional

Allows FE to Alert BE if permissions are being displayed to the user

withstringOptional

Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
asstringOptional

The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.

typeinteger · enumOptional
property_namestringOptional
node_typestringOptional
targetinteger · enumOptional
joined_node_aliasstringOptional
thresholdnumber · floatOptional

The threshold percentage below which an access path is considered an outlier.

include_associated_risksbooleanOptional

Adds associated risks to node and path results.

risks_filterstringOptional
include_sub_permissionsbooleanOptional

Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.

include_permissions_summarybooleanOptional

This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
unpivot_propertiesstring[]Optional

The properties that should be unpivoted in the results producing multiple rows per node/path To be able to unpivot a property, it must be a list/array type property. If multiple properties are used result will be Cartesian product(all unpivot combinations for node). If property does not exist on a node, and it is a valid property, we will just add that node as is. Syntax to specify properties is the full path to the property using dot notation and using properties json names. Both values and pathValues can be unpivoted:

  1. Valid values for unpivoting: properties.<property_name>, unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, raw_permissions, effective_permissions, access_stats.concrete_permissions, access_stats.canonical_permissions, filtered_raw_permissions, corresponding_effective_permissions, additional_node_properties.default_cohort_role_users_in_cohort, additional_node_properties.default_cohort_role_all_common_roles

  2. Valid pathValues for unpivoting: unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>, abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions Examples for Unpivoting values:

  3. Single field: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}} ]}

  4. Single field with missing unpivot property: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"permissions": "abc"]}} ]} After unpivot -> Single node with id 1 (no email_addresses property to unpivot): result_values: {Values: [ {id:"1","properties"{"permissions":"abc"}}, ]}

  5. Multiple fields - Cartesian Product: unpivot_properties: ["properties.email_addresses", "raw_permissions"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}, "raw_permissions":["perm1","perm2"]} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm2"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm2"}, ]}

query_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
keystringOptional
valuestringOptional
opinteger · enumOptional
valueinteger · int32Optional
opinteger · enumOptional
valueinteger · int32Optional
include_secondary_granteebooleanOptional
include_indirect_resourcebooleanOptional
exclude_indirect_granteebooleanOptional
anomaly_detection_history_daysstringOptional
opinteger · enumOptional
valuestring · date-timeOptional
targetinteger · enumOptional
relative_timevar_valuestringOptional
notbooleanOptional
node_relationship_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
child_expressionsobject · RelatesToExpression[]Optional
⤷Circular reference to object · RelatesToExpression[]
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
additional_spec_propertiesobjectOptional

Additional key-value properties that will be projected onto all results (nodes and paths) generated by this query spec. This is particularly useful for union queries where each spec can have its own properties to help correlate results back to their originating spec.

withstringOptional

Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
asstringOptional

The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.

typeinteger · enumOptional
property_namestringOptional
node_typestringOptional
targetinteger · enumOptional
joined_node_aliasstringOptional
thresholdnumber · floatOptional

The threshold percentage below which an access path is considered an outlier.

include_associated_risksbooleanOptional

Adds associated risks to node and path results.

risks_filterstringOptional
page_sizestringOptional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

page_sizestringOptional

Page size of the preview.

page_tokenstringOptional

Page token of the preview.

Responses
200

OK

application/json

Paginated list of entities that would be affected by the previewed enrichment rule, with their current and projected property values.

idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

abstract_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group. abstract_permissions and concrete permission for source to destination pairs without path summary accumulate permissions from all paths from source to destination for source to destination pairs with path summary they accumulate permissions per each unique path summary abstract permissions are only accumulated in case of an EFFECTIVE_ACCESS NodeRelationshipType

concrete_permissionsstring[]Optional
conditionsstring[]Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

results_truncatedbooleanOptional
filtered_concrete_permissionsstring[]Optional
corresponding_abstract_permissionsstring[]Optional
permissionsstring[]Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
access_path_risk_scoreinteger · uint32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
idstringOptional
typestringOptional
propertiesobjectOptional
destination_node_countinteger · int32Optional
permissionsobject · AssessmentQueryNode[]OptionalDeprecated
⤷Circular reference to object · AssessmentQueryNode[]
engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

engagement_scoreinteger · int32Optional
over_provisioned_scoreinteger · int32Optional
total_countstringOptional
accessed_countstringOptional
last_usedstring · date-timeOptional
countinteger · int32Optional
concrete_permissionsstring[]Optional
canonical_permissionsstring[]Optional
destination_node_idsstring[]OptionalDeprecated
risk_levelinteger · enumOptional
raw_permissionsstring[]Optional

Effective permissions. These three should be a separate object, but we are preserving backwards compatibility; treat these as a linked group.

effective_permissionsstring[]Optional
conditionsstring[]Optional
destination_node_percentage_of_totalnumber · floatOptional
typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

filtered_raw_permissionsstring[]Optional
corresponding_effective_permissionsstring[]Optional
last_usedstring · date-timeOptional
namestringOptional
last_usedstring · date-timeOptional
role_substitution_recommended_rolestringOptional
role_substitution_reason_for_high_priv_rolestringOptional
role_substitution_errorstringOptional
default_cohort_role_users_in_cohortstring[]Optional
default_cohort_rolestringOptional
default_cohort_role_all_common_rolesstring[]Optional
default_cohort_role_errorstringOptional
timestring · date-timeOptional
login_countstringOptional
median_login_countnumber · floatOptional
outlier_predictionnumber · floatOptional
predictionnumber · floatOptional
scorenumber · floatOptional
namestringOptional
valuenumber · floatOptional
explanationstringOptional
query_idstringOptional
suppressedbooleanOptional
risk_levelinteger · enumOptional
integration_typestringOptional
joined_nodesobjectOptional
⤷Circular reference to object
additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

additional_spec_propertiesobjectOptional

Additional properties from the originating union query spec. This is populated from or union_specs[i].additional_spec_properties (for union queries). Each result will have the additional_spec_properties from the query spec that generated it, allowing you to correlate results back to their originating spec in union queries.

approx_total_source_nodes_countstringOptional
next_page_tokenstringOptional

The token to retrieve the next page of results.

has_morebooleanOptional

If true, more results are available.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
post/api/v1/enrichment/rules_preview
{
  "queries": [
    {
      "id": "019d5767-2edf-7401-9c65-1d9c28f6b343",
      "name": "AWS IAM users who can delete S3 buckets"
    }
  ]
}

Get valid enrichment rule queries

post

Returns saved assessment queries compatible with the given entity_type. Use this endpoint to discover valid query_id values before creating an enrichment rule. The entity_type must match across all provider_ids specified in the rule.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body
provider_idsstring[]OptionalDeprecated

No longer used. The provider compatibility is validated only when creating or updating enrichment rules.

entity_typestringOptional

Queries returned should have source_type compatible with the entity_type specified here.

Responses
200

OK

application/json
idstringOptional

ID of the assessment query.

namestringOptional

Name of the assessment query.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
post/api/v1/enrichment/rules/queries
curl -X GET "$BASE_URL/api/v1/providers/types" \
  -H "authorization: Bearer $VEZA_TOKEN"
{
  "provider_types": [
    {
      "type": "AWS",
      "schema_integration_type": "aws",
      "enabled": true,
      "provider_ids": ["883dd869-8762-4187-8767-1c387de14b4b"]
    },
    {
      "type": "GOOGLE_CLOUD",
      "schema_integration_type": "google",
      "enabled": false,
      "provider_ids": []
    }
  ],
  "unregistered_custom_provider_types": []
}

Sample request

Sample response

Integrations documentation

ListProviderTypes

get

List Provider Types

Returns all provider types configured in the tenant, grouped by Veza-managed and user-defined custom types.

Response

FieldDescription
provider_typesVeza-managed provider types. Includes integrations such as AWS, AZURE, GOOGLE_CLOUD, OKTA, ACTIVE_DIRECTORY, GITHUB, SNOWFLAKE, SALESFORCE, KUBERNETES, and others.
unregistered_custom_provider_typesOAA provider types present in the tenant that do not have a registered Veza configuration definition. Always have enabled: true.

ProviderType

FieldDescription
typeProvider type identifier (e.g., AWS, OKTA).
schema_integration_typeThe graph schema identifier for this provider type, used as the integration_type value in assessment query filters. Not always a direct transformation of type (e.g., GOOGLE_CLOUD → google, ONE_LOGIN → onelogin, MYSQL → my_sql).
enabledtrue if the tenant has at least one configured provider instance of this type.
provider_idsDeprecated. Use provider_details instead.
provider_detailsList of individual provider instances of this type.

ProviderDetail

FieldDescription
idProvider ID.
external_idThe provider's identifier in its source system, derived at creation time. Format varies by type: a flat ID for cloud and identity providers (e.g., AWS account ID, Azure tenant ID, Okta domain), or a structured composite for databases and infrastructure (e.g., oracle_db:host:1521/dbname, kubernetes:GKE::cluster:my-cluster).
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Responses
200

OK

application/json
typestringOptional

Provider type identifier (e.g., "AWS", "OKTA").

schema_integration_typestringOptional

The corresponding integration_type for this provider type that appears in schema and can be used for assessment queries.

enabledbooleanOptional

Whether this provider type is enabled.

provider_idsstring[]OptionalDeprecated

DEPRECATED: use provider_details instead.

idstringOptional

Provider ID.

external_idstringOptional

External ID of the provider.

typestringOptional

Provider type identifier (e.g., "AWS", "OKTA").

schema_integration_typestringOptional

The corresponding integration_type for this provider type that appears in schema and can be used for assessment queries.

enabledbooleanOptional

Whether this provider type is enabled.

provider_idsstring[]OptionalDeprecated

DEPRECATED: use provider_details instead.

idstringOptional

Provider ID.

external_idstringOptional

External ID of the provider.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
get/api/v1/providers/types

Required

The data source ID

curl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27:disable" \
  -H "authorization: Bearer $VEZA_TOKEN"
{}

Request Examples

Response Examples

put
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
object · DisableDataSourceResponseOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
put/api/v1/providers/datasources/{id}:disable

Required

The data source ID

curl -X PUT "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27:enable" \
  -H "authorization: Bearer $VEZA_TOKEN"
{}

Request Examples

Response Examples

put
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
object · EnableDataSourceResponseOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
put/api/v1/providers/datasources/{id}:enable

Required

The data source ID

curl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27" \
  -H "authorization: Bearer $VEZA_TOKEN"
{
  "value": {
    "id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
    "name": "AWS EC2 (527398259632)",
    "datasource_type": "EXTRACTOR",
    "agent_type": "AWS_EC2",
    "status": "SUCCESS",
    "provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
    "path": "AWS/ec2",
    "state": "ENABLED",
    "effective_state": "ENABLED",
    "datasource_config": null,
    "created_at": "2021-10-26T07:10:38Z",
    "updated_at": "2021-10-26T07:10:38Z",
    "synced_at": "2022-01-13T20:53:23Z",
    "parsed_at": "2022-01-13T20:53:29Z"
  }
}

Request Examples

Response Examples

get
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
valueobject · DataSourceOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
get/api/v1/providers/datasources/{id}

active

Set to true to enable the rule or false to disable it.

curl -X PUT "$BASE_URL/api/v1/enrichment/rules/{id}:toggle" \
  -H "Authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"active": false}'

Enable or disable enrichment rule

put

Enables or disables an existing enrichment rule by setting active to true or false. This is the only public API endpoint for changing a rule's enabled state. Disabled rules are not evaluated during metadata extraction.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Body
idstringOptional

ID of the enrichment rule to be enabled or disabled.

activebooleanOptional

The new active state. If true, the rule will be executed.

Responses
200

OK

application/json
object · ToggleEnrichmentRuleResponseOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
put/api/v1/enrichment/rules/{id}:toggle

Required

The data source ID

curl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27/sync_status" \
  -H "authorization: Bearer $VEZA_TOKEN"
{
  "value": {
    "datasource_id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
    "status": "SUCCESS",
    "last_synced_at": "2022-01-13T20:53:23Z",
    "sync_duration_seconds": 120,
    "records_extracted": 5000,
    "errors_count": 0,
    "next_scheduled_sync": "2022-01-14T08:00:00Z"
  }
}

Request Examples

Response Examples

get
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
idstringOptional
statusstringOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
get/api/v1/providers/datasources/{id}/sync_status

Required

The data source ID

curl -X GET "$BASE_URL/api/v1/providers/datasources/6961b032-3fd7-4baa-a230-146d1b70ec27/parse_status" \
  -H "authorization: Bearer $VEZA_TOKEN"
{
  "value": {
    "datasource_id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
    "status": "SUCCESS",
    "last_parsed_at": "2022-01-13T20:53:29Z",
    "parse_duration_seconds": 45,
    "entities_processed": 1250,
    "errors_count": 0,
    "warnings_count": 2
  }
}

Request Examples

Response Examples

get
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
idstringOptional
statusstringOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
get/api/v1/providers/datasources/{id}/parse_status

string

The total number of entities that match the rule criteria.

Preview enrichment rule count

post

Returns the total count of entities that would be affected by an enrichment rule. Accepts the same request body as Preview enrichment rule. Use this to estimate the scope of a rule before creating it without paginating through full entity results.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

Request body for previewing an enrichment rule. The request field carries the full CreateEnrichmentRuleRequest defining the rule. preview_query and preview_other_node_query are optional overrides for previewing query changes without saving the underlying saved queries. page_size and page_token control pagination of the preview result set.

namestringOptional

Name of the enrichment rule. Must be unique across all rules.

descriptionstringOptional

Description of the enrichment rule.

activebooleanOptional

Whether the rule will be executed.

provider_idsstring[]Optional

Provider IDs for which the rule will be executed.

entity_typestringOptional

Entity type on which the rule will be executed. Must be a valid entity type that is supported by all specified providers.

property_namestringOptional

Property name whose value will be changed by enrichment. Not recommended. Only valid if enriched_property = USE_PROPERTY_NAME; otherwise, the property name will be set according to enriched_property.

property_valueanyOptional

The scalar value to set for the enriched property. Examples: "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL. Not used when enriched_property is ENRICHED_OWNERS (use enriched_owners_value) or VEZA_TAGS (use tag_updates_value).

node_idsstring[]Optional

Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment.

query_idstringOptional

The query that is executed to obtain a list of entity IDs of the specified entity type. It must exist before creating the enrichment rule and its source_type must match entity_type.

prioritynumber · floatOptional

The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.

other_node_query_idstringOptional

Optional. The ID of a saved assessment query used to resolve the owner from a related entity instead of the enriched entity itself. Two query types are accepted: a path query that traverses from the enriched entity to a related entity holding the owner ID (or that is the owner), or a query for CustomCMDBConfigurationItem whose owner_node_id and owner_external_id properties point to the resolved owner. Use Get valid other-node queries to discover compatible queries. Requires query_id to also be set.

enriched_propertyinteger · enumOptional

The enrichment rule type (enum). Values: 0 = USE_PROPERTY_NAME (custom property_name required), 1 = IDENTITY_TYPE (set identity_type to HUMAN or NONHUMAN via property_value), 2 = IS_PRIVILEGED (set is_privileged, use property_value "true"), 3 = CRITICALITY_LEVEL (set criticality_level via property_value: LOW, MEDIUM, HIGH, or CRITICAL), 4 = ENRICHED_OWNERS (assign ownership, use enriched_owners_value instead of property_value), 5 = VEZA_TAGS (add or remove tags, use tag_updates_value instead of property_value).

property_names_in_templatestring[]Optional
teamstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
keystringOptionalDeprecated
valuestringOptionalDeprecated
query_typeinteger · enumOptional

The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
keystringOptional
valuestringOptional
no_relationbooleanOptionalDeprecated

Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.

snapshot_idstringOptional

Optional snapshot ID to query against a specific point-in-time data snapshot.

opinteger · enumOptional
valueinteger · int32Optional
opinteger · enumOptional
valueinteger · int32Optional
include_secondary_granteebooleanOptional
include_indirect_resourcebooleanOptional
exclude_indirect_granteebooleanOptional
anomaly_detection_history_daysstringOptional
opinteger · enumOptional
valuestring · date-timeOptional
targetinteger · enumOptional
relative_timevar_valuestringOptional
notbooleanOptional
node_relationship_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
child_expressionsobject · RelatesToExpression[]Optional
⤷Circular reference to object · RelatesToExpression[]
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
result_value_typeinteger · enumOptional

Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.

include_all_source_tags_in_resultsbooleanOptional

These fields control whether or not tags will be included in source and/or destination results

include_all_destination_tags_in_resultsbooleanOptional
additional_columns_to_getinteger · enum[]Optional

Allows FE to Alert BE if permissions are being displayed to the user

withstringOptional

Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
asstringOptional

The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.

typeinteger · enumOptional
property_namestringOptional
node_typestringOptional
targetinteger · enumOptional
joined_node_aliasstringOptional
thresholdnumber · floatOptional

The threshold percentage below which an access path is considered an outlier.

include_associated_risksbooleanOptional

Adds associated risks to node and path results.

risks_filterstringOptional
include_sub_permissionsbooleanOptional

Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.

include_permissions_summarybooleanOptional

This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
unpivot_propertiesstring[]Optional

The properties that should be unpivoted in the results producing multiple rows per node/path To be able to unpivot a property, it must be a list/array type property. If multiple properties are used result will be Cartesian product(all unpivot combinations for node). If property does not exist on a node, and it is a valid property, we will just add that node as is. Syntax to specify properties is the full path to the property using dot notation and using properties json names. Both values and pathValues can be unpivoted:

  1. Valid values for unpivoting: properties.<property_name>, unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, raw_permissions, effective_permissions, access_stats.concrete_permissions, access_stats.canonical_permissions, filtered_raw_permissions, corresponding_effective_permissions, additional_node_properties.default_cohort_role_users_in_cohort, additional_node_properties.default_cohort_role_all_common_roles

  2. Valid pathValues for unpivoting: unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>, abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions Examples for Unpivoting values:

  3. Single field: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}} ]}

  4. Single field with missing unpivot property: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"permissions": "abc"]}} ]} After unpivot -> Single node with id 1 (no email_addresses property to unpivot): result_values: {Values: [ {id:"1","properties"{"permissions":"abc"}}, ]}

  5. Multiple fields - Cartesian Product: unpivot_properties: ["properties.email_addresses", "raw_permissions"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}, "raw_permissions":["perm1","perm2"]} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm2"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm2"}, ]}

query_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
keystringOptional
valuestringOptional
opinteger · enumOptional
valueinteger · int32Optional
opinteger · enumOptional
valueinteger · int32Optional
include_secondary_granteebooleanOptional
include_indirect_resourcebooleanOptional
exclude_indirect_granteebooleanOptional
anomaly_detection_history_daysstringOptional
opinteger · enumOptional
valuestring · date-timeOptional
targetinteger · enumOptional
relative_timevar_valuestringOptional
notbooleanOptional
node_relationship_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
child_expressionsobject · RelatesToExpression[]Optional
⤷Circular reference to object · RelatesToExpression[]
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
additional_spec_propertiesobjectOptional

Additional key-value properties that will be projected onto all results (nodes and paths) generated by this query spec. This is particularly useful for union queries where each spec can have its own properties to help correlate results back to their originating spec.

withstringOptional

Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
asstringOptional

The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.

typeinteger · enumOptional
property_namestringOptional
node_typestringOptional
targetinteger · enumOptional
joined_node_aliasstringOptional
thresholdnumber · floatOptional

The threshold percentage below which an access path is considered an outlier.

include_associated_risksbooleanOptional

Adds associated risks to node and path results.

risks_filterstringOptional
page_sizestringOptional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

query_typeinteger · enumOptional

The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
keystringOptional
valuestringOptional
no_relationbooleanOptionalDeprecated

Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.

snapshot_idstringOptional

Optional snapshot ID to query against a specific point-in-time data snapshot.

opinteger · enumOptional
valueinteger · int32Optional
opinteger · enumOptional
valueinteger · int32Optional
include_secondary_granteebooleanOptional
include_indirect_resourcebooleanOptional
exclude_indirect_granteebooleanOptional
anomaly_detection_history_daysstringOptional
opinteger · enumOptional
valuestring · date-timeOptional
targetinteger · enumOptional
relative_timevar_valuestringOptional
notbooleanOptional
node_relationship_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
child_expressionsobject · RelatesToExpression[]Optional
⤷Circular reference to object · RelatesToExpression[]
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
result_value_typeinteger · enumOptional

Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.

include_all_source_tags_in_resultsbooleanOptional

These fields control whether or not tags will be included in source and/or destination results

include_all_destination_tags_in_resultsbooleanOptional
additional_columns_to_getinteger · enum[]Optional

Allows FE to Alert BE if permissions are being displayed to the user

withstringOptional

Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
asstringOptional

The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.

typeinteger · enumOptional
property_namestringOptional
node_typestringOptional
targetinteger · enumOptional
joined_node_aliasstringOptional
thresholdnumber · floatOptional

The threshold percentage below which an access path is considered an outlier.

include_associated_risksbooleanOptional

Adds associated risks to node and path results.

risks_filterstringOptional
include_sub_permissionsbooleanOptional

Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.

include_permissions_summarybooleanOptional

This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
unpivot_propertiesstring[]Optional

The properties that should be unpivoted in the results producing multiple rows per node/path To be able to unpivot a property, it must be a list/array type property. If multiple properties are used result will be Cartesian product(all unpivot combinations for node). If property does not exist on a node, and it is a valid property, we will just add that node as is. Syntax to specify properties is the full path to the property using dot notation and using properties json names. Both values and pathValues can be unpivoted:

  1. Valid values for unpivoting: properties.<property_name>, unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, raw_permissions, effective_permissions, access_stats.concrete_permissions, access_stats.canonical_permissions, filtered_raw_permissions, corresponding_effective_permissions, additional_node_properties.default_cohort_role_users_in_cohort, additional_node_properties.default_cohort_role_all_common_roles

  2. Valid pathValues for unpivoting: unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>, source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>, abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions Examples for Unpivoting values:

  3. Single field: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}} ]}

  4. Single field with missing unpivot property: unpivot_properties: ["properties.email_addresses"] result_values: {Values: [ {id:"1","properties"{"permissions": "abc"]}} ]} After unpivot -> Single node with id 1 (no email_addresses property to unpivot): result_values: {Values: [ {id:"1","properties"{"permissions":"abc"}}, ]}

  5. Multiple fields - Cartesian Product: unpivot_properties: ["properties.email_addresses", "raw_permissions"] result_values: {Values: [ {id:"1","properties"{"email_addresses":["test1@gmail.com","test2@gmail.com"]}, "raw_permissions":["perm1","perm2"]} ]} After unpivot -> Multiple nodes with id 1: result_values: {Values: [ {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test1@gmail.com"}, "raw_permissions":"perm2"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm1"}, {id:"1","properties"{"email_addresses":"test2@gmail.com"}, "raw_permissions":"perm2"}, ]}

query_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
keystringOptional
valuestringOptional
opinteger · enumOptional
valueinteger · int32Optional
opinteger · enumOptional
valueinteger · int32Optional
include_secondary_granteebooleanOptional
include_indirect_resourcebooleanOptional
exclude_indirect_granteebooleanOptional
anomaly_detection_history_daysstringOptional
opinteger · enumOptional
valuestring · date-timeOptional
targetinteger · enumOptional
relative_timevar_valuestringOptional
notbooleanOptional
node_relationship_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
valuesstring[]Optional
operatorinteger · enumOptional
valuesinteger · enum[]Optional
operatorinteger · enumOptional
unsupported_condition_modeinteger · enumOptional
no_relationbooleanOptional
directioninteger · enumOptional
path_typeinteger · enumOptional
child_expressionsobject · RelatesToExpression[]Optional
⤷Circular reference to object · RelatesToExpression[]
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
operatorinteger · enumOptional
notbooleanOptional
and_op_typeinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
nodes_operatorinteger · enumOptional

Boolean operator for combining multiple node specs.

Example: 0Possible values:
additional_spec_propertiesobjectOptional

Additional key-value properties that will be projected onto all results (nodes and paths) generated by this query spec. This is particularly useful for union queries where each spec can have its own properties to help correlate results back to their originating spec.

withstringOptional

Specifies which node in the results to use to find connected nodes. "source" will join nodes connected to the result's source node. "destination" will join nodes connected to the result's destination node.

node_typestringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

fninteger · enumOptional

The comparison function to use for this condition. For list properties (like emails), use LIST_ANY_ELEMENT_* functions. Value 5 (LIST_CONTAINS) is deprecated - use LIST_ANY_ELEMENT_EQ instead.

Example: 0Possible values:
propertystringOptional

The node property to compare. Use the property name as shown in the Graph. For custom properties from OAA integrations, prefix with customprop_ (e.g., customprop_display_name).

Example: email
valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

notbooleanOptional

If true, negates the condition (e.g., fn=EQ with not=true means "not equals").

Default: false
value_property_namestringOptional

If value_property_name is set, the value will be retrieved from the property instead of using value above

value_property_from_other_nodebooleanOptional

Only effective when value_property_name is used. true -> value from <other_node>.<value_property_name> false (default) -> value from <current_node>.<value_property_name> A "true" input is valid only in destination nodes.

source_propertystringOptional

Property from saved query (RIGHT) to extract for IN_FROM_QUERY_SOURCE_RESULTS conditions. Defaults to "id" if not set (for backward compatibility).

typestringOptional
keystringOptional
valuestringOptional
Other propertiesanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

excludebooleanOptional
fninteger · enumOptional
source_query_idstringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Required in that case.

source_tag_keystringOptional

Only used when fn is "IN_FROM_QUERY_SOURCE_RESULTS". Optional in that case. Used for remapping the tag key from the source query to the key in the "tag" field.

child_expressionsobject · NodeSpecCollection_ConditionExpression[]Optional
⤷Circular reference to object · NodeSpecCollection_ConditionExpression[]
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
operatorinteger · enumOptional

Boolean operator for combining conditions in the expression.

Example: 0Possible values:
notbooleanOptional
node_idstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
fninteger · enumOptional
valuestringOptional
value_asinteger · enumOptional
child_expressionsobject · NodeSpec_CountConditionExpression[]Optional
⤷Circular reference to object · NodeSpec_CountConditionExpression[]
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
operatorinteger · enumOptional
notbooleanOptional
include_zero_count_resultsbooleanOptional
direct_relationship_onlybooleanOptional

When set to true, self-referential edges on this node type will not be traversed. For example, if the node type is Role and direct_relationship_only is true, then any edge Role -> Role will be ignored. Can only be used with destination or source node types which have self-referential edges. Cannot be used with labels.

node_typesstring[]Optional
constraint_typeinteger · enumOptional
properties_to_getstring[]Optional

The properties that are returned on node, this allows the ability to limit the amount of properties retrieved through the graph This currently is only available on the source_node_types collection If used during an export, it is supported for source_node_types, relates_to_expression.node_types and path summary node types. In this case, the field is used to filter which properties will be exported, in the order in which they are specified.

typeinteger · enumOptional
keystringOptional
integration_typesstring[]Optional
asstringOptional

The alias to refer to the joined node information. The alias must start with a letter and contain only lowercase letters, numbers, or underscores. Reserved values: "source", "destination", "waypoint", "path_summary", and "previous". If unspecified, the system will automatically assign an alias.

typeinteger · enumOptional
property_namestringOptional
node_typestringOptional
targetinteger · enumOptional
joined_node_aliasstringOptional
thresholdnumber · floatOptional

The threshold percentage below which an access path is considered an outlier.

include_associated_risksbooleanOptional

Adds associated risks to node and path results.

risks_filterstringOptional
page_sizestringOptional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

page_sizestringOptional

Page size of the preview.

page_tokenstringOptional

Page token of the preview.

Responses
200

OK

application/json

Total count of entities that would be affected by the previewed enrichment rule.

countstringOptional

The total count of nodes that would be enriched by this rule.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
post/api/v1/enrichment/rules_preview_count

Delete enrichment rule

delete

Permanently deletes an enrichment rule. Entities previously enriched by this rule retain their current attributes; deletion stops future enrichment from this rule but does not roll back previously applied classifications.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Query parameters
forcebooleanOptionalDeprecated

No longer used. Deletion is always forced.

Responses
200

OK

application/json
object · DeleteEnrichmentRuleResponseOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
delete/api/v1/enrichment/rules/{id}

Get enrichment rule

get

Returns the configuration and status of a single enrichment rule by ID.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
idstringOptional

ID of the enrichment rule.

namestringOptional

Name of the enrichment rule.

descriptionstringOptional

Description of the enrichment rule.

activebooleanOptional

Whether the rule will be executed.

provider_idsstring[]Optional

Provider IDs for which the rule will be executed.

entity_typestringOptional

Entity type on which the rule will be executed.

property_namestringOptional

Property name whose value will be changed by enrichment.

property_valueanyOptional

Represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values.

node_idsstring[]Optional

Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Limitation: does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment types.

query_idstringOptional

The query that is executed to obtain a list of entity IDs of the specified entity type.

prioritynumber · floatOptional

The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.

other_node_query_idstringOptional

If set, this separate query will be executed to find another entity that is related to the enriched entity, and the properties of the other entity can be referenced in the value for enriched_owners.

query_namestringOptional

Name of the query belonging to 'query_id'.

other_node_query_namestringOptional

Name of the query belonging to 'other_node_query_id'.

other_node_typestringOptional

The resolved entity type of the other node. Typically the destination type on 'other_node_query_id'.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
get/api/v1/enrichment/rules/{id}

List custom providers

get

Retrieve all custom (OAA) providers configured in the tenant. Custom providers represent integrations built using the Open Authorization API (OAA), including both Veza-managed connectors and customer-built integrations. Use the filter parameter to narrow results by name, state, or custom_template (e.g., filter=name eq "My App"). Set page_size to control results per page (default varies), and use page_token from the response to retrieve subsequent pages.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters
filterstringOptional
order_bystringOptional
page_sizeinteger · int32Optional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

Responses
200

OK

application/json

Paginated list of custom (OAA) providers.

idstringOptional

Unique identifier for the provider instance.

external_idstringOptional

External identifier for the provider, typically set by the integration that created it.

namestringOptional

Display name of the provider.

custom_templatestringOptional

The OAA template type used to create this provider (e.g., "application", "idp").

custom_templatesstring[]Optional

List of OAA template types associated with this provider instance (e.g., "application", "idp", "hris").

stateinteger · enumOptional

Current provider state.

application_typesstring[]Optional

Application type classifications for this provider.

resource_typesstring[]OptionalDeprecated

Deprecated. Resource type classifications. Use application_types, idp_types, hris_types, or file_system_types instead.

idp_typesstring[]Optional

Identity provider type classifications (if this provider represents an IdP).

file_system_typesstring[]Optional

File system type classifications (if this provider represents a file system).

hris_typesstring[]Optional

HRIS system type classifications (if this provider represents an HR system).

principal_typesstring[]Optional

Principal (identity) type classifications for this provider.

secret_store_typesstring[]Optional
schema_definition_jsonstring · bytesOptional
provisioningbooleanOptional

Whether provisioning (write-back) operations are enabled for this provider.

push_typeinteger · enumOptional
rbac_idstringOptional
internal_app_namestringOptional
configuration_jsonstringOptional

JSON string containing the provider's connection configuration parameters.

data_plane_idstringOptional

Identifier of the data plane that runs this provider's extraction. Empty for cloud-hosted extraction.

lifecycle_management_stateinteger · enumOptional

Current lifecycle management state for this provider (enum). Indicates whether provisioning and deprovisioning workflows are active.

team_idstringOptional

Identifier of the team that owns this provider instance.

template_typestringOptional
column_namestringOptional
destination_typestringOptional
destination_propertystringOptional
namestringOptional
typeinteger · enumOptional
lcm_unique_identifierbooleanOptional
as_listbooleanOptional
templatestringOptional
property_typeinteger · enumOptional
is_requiredbooleanOptional
application_namestringOptional
application_typestringOptional
identitystring[]Optional
resource_typestringOptional
okta_app_idstringOptional
list_delimiterstringOptional
idp_typestringOptional
domainstringOptional
hris_namestringOptional
hris_typestringOptional
hris_urlstringOptional
destination_datasource_typestringOptional
destination_datasource_oaa_app_typestringOptional
typeinteger · enumOptional
modeinteger · enumOptional
transformationsinteger · enum[]Optional
custom_valuestringOptional
source_propertyinteger · enumOptional
destination_propertyinteger · enumOptional
custom_source_propertystringOptional
custom_destination_propertystringOptional
source_idstringOptional
destination_idstringOptional
typestringOptional
oaa_app_typestringOptional
property_match_operatorinteger · enumOptional
use_emailbooleanOptional
hris_provisioning_sourcebooleanOptional
cmdb_instance_namestringOptional
cmdb_instance_typestringOptional
owner_id_column_namestringOptional
asset_id_column_namestringOptional
asset_type_column_namestringOptional
owner_node_typestringOptional
owner_id_propertystringOptional
asset_type_valuestringOptional
asset_node_typestringOptional
asset_property_namestringOptional
idstringRead-onlyOptional
secret_idstringOptional
typeinteger · enumOptional
mappingstringOptional
vault_idstringOptional
idstringRead-onlyOptional
namestringOptional

Must be unique within an insight point

vault_providerstringOptional

Provider type: "azure_key_vault", "aws_secrets_manager", etc.

insight_point_idstringOptional

Owning insight point ID, or "internal" for control plane vaults

deletedbooleanOptional

Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

external_lifecycle_management_typeinteger · enumOptional

For external OAA, how to manage lifecycle management requests

cmdb_typesstring[]Optional
enabledbooleanOptional
subscribed_eventsinteger · enum[]Optional
notify_integration_ownerbooleanOptional
additional_recipientsstring[]Optional
typeinteger · enumOptional
idstringOptional
next_page_tokenstringOptional

Token to retrieve the next page of results. Empty when no more pages exist.

has_morebooleanOptional

If true, additional pages of results are available.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
get/api/v1/providers/custom

Get Lifecycle Manager Datasource

Retrieve details for a specific lifecycle management datasource

Returns detailed information for a specific lifecycle management datasource by its ID, including its supported capabilities, available actions, syncable attributes, and grantable entitlements.

Parameter
Type
Required?
Description

List Data Sources

Retrieve all data sources with optional filtering and pagination

Returns the properties and status for all data sources. When filtering is applied, only data sources matching the filter will be returned.

Data sources represent discrete instances of services that Veza connects to for discovery and extraction of authorization metadata. Each cloud provider may have one or more associated data sources.

Parameter
Type
Required?
Description

Enrichment Rules API

API reference for managing Veza enrichment rules

Manage using the Veza API. Enrichment rules automatically classify and tag entities in the Veza Authorization Graph based on saved query conditions.

Supported rule types (set via enriched_property):

Get valid other-node queries

Returns saved assessment queries that can be used as the Owner Query for dynamic owner resolution in Entity Owner enrichment rules. The results include queries targeting IdP user entities and CMDB Configuration Items.

Use this endpoint to discover valid other_node_query_id values before calling .

Field
Description
{
  "values": [
    {
      "provider_name": "text",
      "properties": [
        {
          "name": "text",
          "description": "text",
          "type": 1,
          "optional": true,
          "secret": true,
          "internal": true,
          "oauth2_redirect_required": true,
          "vault_sourced": true,
          "enum_values": [
            {
              "value": "text",
              "label": "text"
            }
          ],
          "lifecycle_management_only": true,
          "condition_field": "text",
          "condition_value": "text",
          "clear_when_condition_not_met": true,
          "write_once": true,
          "label": "text"
        }
      ],
      "icon": "text",
      "icon_mime_type": "text",
      "custom_templates": [
        "text"
      ],
      "provider_categories": [
        1
      ],
      "documentation_url": "text",
      "lifecycle_management_supported": true,
      "created_at": "2026-07-19T12:46:46.939Z"
    }
  ]
}
{
  "queries": [
    {
      "id": "text",
      "name": "text"
    }
  ]
}
POST /api/v1/enrichment/rules/queries HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 22

{
  "entity_type": "text"
}
{}
DELETE /api/v1/enrichment/rules/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
PUT /api/v1/providers/datasources/{id}:disable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}
PUT /api/v1/providers/datasources/{id}:enable HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{}
GET /api/v1/providers/datasources/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "value": {}
}
{}
PUT /api/v1/enrichment/rules/{id}:toggle HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 27

{
  "id": "text",
  "active": true
}
GET /api/v1/providers/datasources/{id}/sync_status HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "job_status": {
    "id": "text",
    "status": "text"
  }
}
GET /api/v1/providers/datasources/{id}/parse_status HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "job_status": {
    "id": "text",
    "status": "text"
  }
}
GET /api/v1/enrichment/rules/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "value": {
    "id": "text",
    "name": "text",
    "description": "text",
    "active": true,
    "provider_ids": [
      "text"
    ],
    "entity_type": "text",
    "property_name": "text",
    "property_value": null,
    "node_ids": [
      "text"
    ],
    "query_id": "text",
    "priority": 1,
    "other_node_query_id": "text",
    "informative_fields": {
      "query_name": "text",
      "other_node_query_name": "text",
      "other_node_type": "text"
    }
  }
}
{
  "values": [
    {
      "id": "text",
      "external_id": "text",
      "name": "text",
      "custom_template": "text",
      "custom_templates": [
        "text"
      ],
      "state": 1,
      "application_types": [
        "text"
      ],
      "idp_types": [
        "text"
      ],
      "file_system_types": [
        "text"
      ],
      "hris_types": [
        "text"
      ],
      "principal_types": [
        "text"
      ],
      "secret_store_types": [
        "text"
      ],
      "schema_definition_json": "text",
      "provisioning": true,
      "push_type": 1,
      "rbac_id": "text",
      "internal_app_name": "text",
      "configuration_json": "text",
      "data_plane_id": "text",
      "lifecycle_management_state": 1,
      "team_id": "text",
      "csv_mapping_configuration": {
        "template_type": "text",
        "column_mappings": [
          {
            "column_name": "text",
            "destination_type": "text",
            "destination_property": "text",
            "custom_property": {
              "name": "text",
              "type": 1,
              "lcm_unique_identifier": true
            },
            "as_list": true,
            "template": "text",
            "property_type": 1,
            "is_required": true
          }
        ],
        "application": {
          "application_name": "text",
          "application_type": "text",
          "identity": [
            "text"
          ],
          "resource_type": "text",
          "okta_app_id": "text"
        },
        "advanced": {
          "list_delimiter": "text"
        },
        "idp": {
          "idp_type": "text",
          "domain": "text"
        },
        "hris": {
          "hris_name": "text",
          "hris_type": "text",
          "hris_url": "text",
          "hris_identity_mapping": {
            "mappings": [
              {
                "destination_datasource_type": "text",
                "destination_datasource_oaa_app_type": "text",
                "type": 1,
                "mode": 1,
                "transformations": [
                  1
                ],
                "custom_value": "text",
                "property_matchers": [
                  {
                    "source_property": 1,
                    "destination_property": 1,
                    "custom_source_property": "text",
                    "custom_destination_property": "text"
                  }
                ],
                "id_matchers": [
                  {
                    "source_id": "text",
                    "destination_id": "text"
                  }
                ],
                "destination_datasources": [
                  {
                    "type": "text",
                    "oaa_app_type": "text"
                  }
                ],
                "property_match_operator": 1
              }
            ],
            "use_email": true
          },
          "hris_provisioning_source": true
        },
        "cmdb": {
          "cmdb_instance_name": "text",
          "cmdb_instance_type": "text",
          "csc_global_config": {
            "owner_id_column_name": "text",
            "asset_id_column_name": "text",
            "asset_type_column_name": "text",
            "owner_node_type": "text",
            "owner_id_property": "text",
            "asset_connections": [
              {
                "asset_type_value": "text",
                "asset_node_type": "text",
                "asset_property_name": "text"
              }
            ]
          }
        }
      },
      "secret_references": [
        {
          "id": "text",
          "secret_id": "text",
          "secret_mapping": {
            "type": 1,
            "mapping": "text"
          },
          "vault_id": "text",
          "vault": {
            "id": "text",
            "name": "text",
            "vault_provider": "text",
            "insight_point_id": "text",
            "deleted": true
          }
        }
      ],
      "external_lifecycle_management_type": 1,
      "cmdb_types": [
        "text"
      ],
      "notification_preferences": {
        "enabled": true,
        "subscribed_events": [
          1
        ],
        "notify_integration_owner": true,
        "additional_recipients": [
          "text"
        ],
        "delivery_methods": [
          {
            "type": 1,
            "id": "text"
          }
        ]
      }
    }
  ],
  "next_page_token": "text",
  "has_more": true
}
GET /api/v1/providers/custom HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "preview_result": {
    "values": [
      {
        "id": "text",
        "type": "text",
        "properties": {},
        "destination_node_count": 1,
        "engagement_access_stats": {
          "engagement_score": 1,
          "over_provisioned_score": 1,
          "total_count": "text",
          "accessed_count": "text"
        },
        "access_stats": {
          "last_used": "2026-07-19T12:46:46.939Z",
          "count": 1,
          "concrete_permissions": [
            "text"
          ],
          "canonical_permissions": [
            "text"
          ]
        },
        "risk_level": 1,
        "raw_permissions": [
          "text"
        ],
        "effective_permissions": [
          "text"
        ],
        "unsupported_conditions": {
          "ANY_ADDITIONAL_PROPERTY": {
            "conditions": [
              "text"
            ]
          }
        },
        "destination_node_percentage_of_total": 1,
        "tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "specified_tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "filtered_raw_permissions": [
          "text"
        ],
        "corresponding_effective_permissions": [
          "text"
        ],
        "single_entity_access_stats": {
          "last_used": "2026-07-19T12:46:46.939Z",
          "last_used_with_events_for": [
            {
              "name": "text",
              "last_used": "2026-07-19T12:46:46.939Z"
            }
          ]
        },
        "additional_node_properties": {
          "role_substitution_recommended_role": "text",
          "role_substitution_reason_for_high_priv_role": "text",
          "role_substitution_error": "text",
          "default_cohort_role_users_in_cohort": [
            "text"
          ],
          "default_cohort_role": "text",
          "default_cohort_role_all_common_roles": [
            "text"
          ],
          "default_cohort_role_error": "text",
          "login_anomaly_detection_stats": [
            {
              "time": "2026-07-19T12:46:46.939Z",
              "login_count": "text",
              "median_login_count": 1,
              "outlier_prediction": 1
            }
          ],
          "outlier_prediction": {
            "prediction": 1,
            "score": 1,
            "contributing_features": [
              {
                "name": "text",
                "value": 1,
                "explanation": "text"
              }
            ]
          },
          "associated_risks": [
            {
              "query_id": "text",
              "suppressed": true,
              "risk_level": 1
            }
          ]
        },
        "integration_type": "text",
        "joined_nodes": {
          "ANY_ADDITIONAL_PROPERTY": {
            "id": "text",
            "type": "text",
            "properties": {},
            "destination_node_count": 1,
            "permissions": "[Circular Reference]",
            "engagement_access_stats": {
              "engagement_score": 1,
              "over_provisioned_score": 1,
              "total_count": "text",
              "accessed_count": "text"
            },
            "access_stats": {
              "last_used": "2026-07-19T12:46:46.939Z",
              "count": 1,
              "concrete_permissions": [
                "text"
              ],
              "canonical_permissions": [
                "text"
              ]
            },
            "risk_level": 1,
            "raw_permissions": [
              "text"
            ],
            "effective_permissions": [
              "text"
            ],
            "unsupported_conditions": {
              "ANY_ADDITIONAL_PROPERTY": {
                "conditions": [
                  "text"
                ]
              }
            },
            "destination_node_percentage_of_total": 1,
            "tags": [
              {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              }
            ],
            "specified_tags": [
              {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              }
            ],
            "filtered_raw_permissions": [
              "text"
            ],
            "corresponding_effective_permissions": [
              "text"
            ],
            "single_entity_access_stats": {
              "last_used": "2026-07-19T12:46:46.939Z",
              "last_used_with_events_for": [
                {
                  "name": "text",
                  "last_used": "2026-07-19T12:46:46.939Z"
                }
              ]
            },
            "additional_node_properties": {
              "role_substitution_recommended_role": "text",
              "role_substitution_reason_for_high_priv_role": "text",
              "role_substitution_error": "text",
              "default_cohort_role_users_in_cohort": [
                "text"
              ],
              "default_cohort_role": "text",
              "default_cohort_role_all_common_roles": [
                "text"
              ],
              "default_cohort_role_error": "text",
              "login_anomaly_detection_stats": [
                {
                  "time": "2026-07-19T12:46:46.939Z",
                  "login_count": "text",
                  "median_login_count": 1,
                  "outlier_prediction": 1
                }
              ],
              "outlier_prediction": {
                "prediction": 1,
                "score": 1,
                "contributing_features": [
                  {
                    "name": "text",
                    "value": 1,
                    "explanation": "text"
                  }
                ]
              },
              "associated_risks": [
                {
                  "query_id": "text",
                  "suppressed": true,
                  "risk_level": 1
                }
              ]
            },
            "integration_type": "text",
            "joined_nodes": "[Circular Reference]",
            "additional_spec_properties": {}
          }
        },
        "additional_spec_properties": {}
      }
    ],
    "path_values": [
      {
        "source": {
          "id": "text",
          "type": "text",
          "properties": {},
          "destination_node_count": 1,
          "engagement_access_stats": {
            "engagement_score": 1,
            "over_provisioned_score": 1,
            "total_count": "text",
            "accessed_count": "text"
          },
          "access_stats": {
            "last_used": "2026-07-19T12:46:46.939Z",
            "count": 1,
            "concrete_permissions": [
              "text"
            ],
            "canonical_permissions": [
              "text"
            ]
          },
          "risk_level": 1,
          "raw_permissions": [
            "text"
          ],
          "effective_permissions": [
            "text"
          ],
          "unsupported_conditions": {
            "ANY_ADDITIONAL_PROPERTY": {
              "conditions": [
                "text"
              ]
            }
          },
          "destination_node_percentage_of_total": 1,
          "tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "specified_tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "filtered_raw_permissions": [
            "text"
          ],
          "corresponding_effective_permissions": [
            "text"
          ],
          "single_entity_access_stats": {
            "last_used": "2026-07-19T12:46:46.939Z",
            "last_used_with_events_for": [
              {
                "name": "text",
                "last_used": "2026-07-19T12:46:46.939Z"
              }
            ]
          },
          "additional_node_properties": {
            "role_substitution_recommended_role": "text",
            "role_substitution_reason_for_high_priv_role": "text",
            "role_substitution_error": "text",
            "default_cohort_role_users_in_cohort": [
              "text"
            ],
            "default_cohort_role": "text",
            "default_cohort_role_all_common_roles": [
              "text"
            ],
            "default_cohort_role_error": "text",
            "login_anomaly_detection_stats": [
              {
                "time": "2026-07-19T12:46:46.939Z",
                "login_count": "text",
                "median_login_count": 1,
                "outlier_prediction": 1
              }
            ],
            "outlier_prediction": {
              "prediction": 1,
              "score": 1,
              "contributing_features": [
                {
                  "name": "text",
                  "value": 1,
                  "explanation": "text"
                }
              ]
            },
            "associated_risks": [
              {
                "query_id": "text",
                "suppressed": true,
                "risk_level": 1
              }
            ]
          },
          "integration_type": "text",
          "joined_nodes": {
            "ANY_ADDITIONAL_PROPERTY": {
              "id": "text",
              "type": "text",
              "properties": {},
              "destination_node_count": 1,
              "permissions": "[Circular Reference]",
              "engagement_access_stats": {
                "engagement_score": 1,
                "over_provisioned_score": 1,
                "total_count": "text",
                "accessed_count": "text"
              },
              "access_stats": {
                "last_used": "2026-07-19T12:46:46.939Z",
                "count": 1,
                "concrete_permissions": [
                  "text"
                ],
                "canonical_permissions": [
                  "text"
                ]
              },
              "risk_level": 1,
              "raw_permissions": [
                "text"
              ],
              "effective_permissions": [
                "text"
              ],
              "unsupported_conditions": {
                "ANY_ADDITIONAL_PROPERTY": {
                  "conditions": [
                    "text"
                  ]
                }
              },
              "destination_node_percentage_of_total": 1,
              "tags": [
                {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                }
              ],
              "specified_tags": [
                {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                }
              ],
              "filtered_raw_permissions": [
                "text"
              ],
              "corresponding_effective_permissions": [
                "text"
              ],
              "single_entity_access_stats": {
                "last_used": "2026-07-19T12:46:46.939Z",
                "last_used_with_events_for": [
                  {
                    "name": "text",
                    "last_used": "2026-07-19T12:46:46.939Z"
                  }
                ]
              },
              "additional_node_properties": {
                "role_substitution_recommended_role": "text",
                "role_substitution_reason_for_high_priv_role": "text",
                "role_substitution_error": "text",
                "default_cohort_role_users_in_cohort": [
                  "text"
                ],
                "default_cohort_role": "text",
                "default_cohort_role_all_common_roles": [
                  "text"
                ],
                "default_cohort_role_error": "text",
                "login_anomaly_detection_stats": [
                  {
                    "time": "2026-07-19T12:46:46.939Z",
                    "login_count": "text",
                    "median_login_count": 1,
                    "outlier_prediction": 1
                  }
                ],
                "outlier_prediction": {
                  "prediction": 1,
                  "score": 1,
                  "contributing_features": [
                    {
                      "name": "text",
                      "value": 1,
                      "explanation": "text"
                    }
                  ]
                },
                "associated_risks": [
                  {
                    "query_id": "text",
                    "suppressed": true,
                    "risk_level": 1
                  }
                ]
              },
              "integration_type": "text",
              "joined_nodes": "[Circular Reference]",
              "additional_spec_properties": {}
            }
          },
          "additional_spec_properties": {}
        },
        "abstract_permissions": [
          "text"
        ],
        "concrete_permissions": [
          "text"
        ],
        "unsupported_conditions": {
          "ANY_ADDITIONAL_PROPERTY": {
            "conditions": [
              "text"
            ]
          }
        },
        "destination": {
          "id": "text",
          "type": "text",
          "properties": {},
          "destination_node_count": 1,
          "engagement_access_stats": {
            "engagement_score": 1,
            "over_provisioned_score": 1,
            "total_count": "text",
            "accessed_count": "text"
          },
          "access_stats": {
            "last_used": "2026-07-19T12:46:46.939Z",
            "count": 1,
            "concrete_permissions": [
              "text"
            ],
            "canonical_permissions": [
              "text"
            ]
          },
          "risk_level": 1,
          "raw_permissions": [
            "text"
          ],
          "effective_permissions": [
            "text"
          ],
          "unsupported_conditions": {
            "ANY_ADDITIONAL_PROPERTY": {
              "conditions": [
                "text"
              ]
            }
          },
          "destination_node_percentage_of_total": 1,
          "tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "specified_tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "filtered_raw_permissions": [
            "text"
          ],
          "corresponding_effective_permissions": [
            "text"
          ],
          "single_entity_access_stats": {
            "last_used": "2026-07-19T12:46:46.939Z",
            "last_used_with_events_for": [
              {
                "name": "text",
                "last_used": "2026-07-19T12:46:46.939Z"
              }
            ]
          },
          "additional_node_properties": {
            "role_substitution_recommended_role": "text",
            "role_substitution_reason_for_high_priv_role": "text",
            "role_substitution_error": "text",
            "default_cohort_role_users_in_cohort": [
              "text"
            ],
            "default_cohort_role": "text",
            "default_cohort_role_all_common_roles": [
              "text"
            ],
            "default_cohort_role_error": "text",
            "login_anomaly_detection_stats": [
              {
                "time": "2026-07-19T12:46:46.939Z",
                "login_count": "text",
                "median_login_count": 1,
                "outlier_prediction": 1
              }
            ],
            "outlier_prediction": {
              "prediction": 1,
              "score": 1,
              "contributing_features": [
                {
                  "name": "text",
                  "value": 1,
                  "explanation": "text"
                }
              ]
            },
            "associated_risks": [
              {
                "query_id": "text",
                "suppressed": true,
                "risk_level": 1
              }
            ]
          },
          "integration_type": "text",
          "joined_nodes": {
            "ANY_ADDITIONAL_PROPERTY": {
              "id": "text",
              "type": "text",
              "properties": {},
              "destination_node_count": 1,
              "permissions": "[Circular Reference]",
              "engagement_access_stats": {
                "engagement_score": 1,
                "over_provisioned_score": 1,
                "total_count": "text",
                "accessed_count": "text"
              },
              "access_stats": {
                "last_used": "2026-07-19T12:46:46.939Z",
                "count": 1,
                "concrete_permissions": [
                  "text"
                ],
                "canonical_permissions": [
                  "text"
                ]
              },
              "risk_level": 1,
              "raw_permissions": [
                "text"
              ],
              "effective_permissions": [
                "text"
              ],
              "unsupported_conditions": {
                "ANY_ADDITIONAL_PROPERTY": {
                  "conditions": [
                    "text"
                  ]
                }
              },
              "destination_node_percentage_of_total": 1,
              "tags": [
                {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                }
              ],
              "specified_tags": [
                {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                }
              ],
              "filtered_raw_permissions": [
                "text"
              ],
              "corresponding_effective_permissions": [
                "text"
              ],
              "single_entity_access_stats": {
                "last_used": "2026-07-19T12:46:46.939Z",
                "last_used_with_events_for": [
                  {
                    "name": "text",
                    "last_used": "2026-07-19T12:46:46.939Z"
                  }
                ]
              },
              "additional_node_properties": {
                "role_substitution_recommended_role": "text",
                "role_substitution_reason_for_high_priv_role": "text",
                "role_substitution_error": "text",
                "default_cohort_role_users_in_cohort": [
                  "text"
                ],
                "default_cohort_role": "text",
                "default_cohort_role_all_common_roles": [
                  "text"
                ],
                "default_cohort_role_error": "text",
                "login_anomaly_detection_stats": [
                  {
                    "time": "2026-07-19T12:46:46.939Z",
                    "login_count": "text",
                    "median_login_count": 1,
                    "outlier_prediction": 1
                  }
                ],
                "outlier_prediction": {
                  "prediction": 1,
                  "score": 1,
                  "contributing_features": [
                    {
                      "name": "text",
                      "value": 1,
                      "explanation": "text"
                    }
                  ]
                },
                "associated_risks": [
                  {
                    "query_id": "text",
                    "suppressed": true,
                    "risk_level": 1
                  }
                ]
              },
              "integration_type": "text",
              "joined_nodes": "[Circular Reference]",
              "additional_spec_properties": {}
            }
          },
          "additional_spec_properties": {}
        },
        "path_summary_nodes": [
          {
            "id": "text",
            "type": "text",
            "properties": {},
            "destination_node_count": 1,
            "permissions": "[Circular Reference]",
            "engagement_access_stats": {
              "engagement_score": 1,
              "over_provisioned_score": 1,
              "total_count": "text",
              "accessed_count": "text"
            },
            "access_stats": {
              "last_used": "2026-07-19T12:46:46.939Z",
              "count": 1,
              "concrete_permissions": [
                "text"
              ],
              "canonical_permissions": [
                "text"
              ]
            },
            "risk_level": 1,
            "raw_permissions": [
              "text"
            ],
            "effective_permissions": [
              "text"
            ],
            "unsupported_conditions": {
              "ANY_ADDITIONAL_PROPERTY": {
                "conditions": [
                  "text"
                ]
              }
            },
            "destination_node_percentage_of_total": 1,
            "tags": [
              {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              }
            ],
            "specified_tags": [
              {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              }
            ],
            "filtered_raw_permissions": [
              "text"
            ],
            "corresponding_effective_permissions": [
              "text"
            ],
            "single_entity_access_stats": {
              "last_used": "2026-07-19T12:46:46.939Z",
              "last_used_with_events_for": [
                {
                  "name": "text",
                  "last_used": "2026-07-19T12:46:46.939Z"
                }
              ]
            },
            "additional_node_properties": {
              "role_substitution_recommended_role": "text",
              "role_substitution_reason_for_high_priv_role": "text",
              "role_substitution_error": "text",
              "default_cohort_role_users_in_cohort": [
                "text"
              ],
              "default_cohort_role": "text",
              "default_cohort_role_all_common_roles": [
                "text"
              ],
              "default_cohort_role_error": "text",
              "login_anomaly_detection_stats": [
                {
                  "time": "2026-07-19T12:46:46.939Z",
                  "login_count": "text",
                  "median_login_count": 1,
                  "outlier_prediction": 1
                }
              ],
              "outlier_prediction": {
                "prediction": 1,
                "score": 1,
                "contributing_features": [
                  {
                    "name": "text",
                    "value": 1,
                    "explanation": "text"
                  }
                ]
              },
              "associated_risks": [
                {
                  "query_id": "text",
                  "suppressed": true,
                  "risk_level": 1
                }
              ]
            },
            "integration_type": "text",
            "joined_nodes": {
              "ANY_ADDITIONAL_PROPERTY": {
                "id": "text",
                "type": "text",
                "properties": {},
                "destination_node_count": 1,
                "permissions": "[Circular Reference]",
                "engagement_access_stats": {
                  "engagement_score": 1,
                  "over_provisioned_score": 1,
                  "total_count": "text",
                  "accessed_count": "text"
                },
                "access_stats": {
                  "last_used": "2026-07-19T12:46:46.939Z",
                  "count": 1,
                  "concrete_permissions": [
                    "text"
                  ],
                  "canonical_permissions": [
                    "text"
                  ]
                },
                "risk_level": 1,
                "raw_permissions": [
                  "text"
                ],
                "effective_permissions": [
                  "text"
                ],
                "unsupported_conditions": {
                  "ANY_ADDITIONAL_PROPERTY": {
                    "conditions": [
                      "text"
                    ]
                  }
                },
                "destination_node_percentage_of_total": 1,
                "tags": [
                  {
                    "type": "text",
                    "key": "text",
                    "value": "text",
                    "properties": {
                      "ANY_ADDITIONAL_PROPERTY": null
                    }
                  }
                ],
                "specified_tags": [
                  {
                    "type": "text",
                    "key": "text",
                    "value": "text",
                    "properties": {
                      "ANY_ADDITIONAL_PROPERTY": null
                    }
                  }
                ],
                "filtered_raw_permissions": [
                  "text"
                ],
                "corresponding_effective_permissions": [
                  "text"
                ],
                "single_entity_access_stats": {
                  "last_used": "2026-07-19T12:46:46.939Z",
                  "last_used_with_events_for": [
                    {
                      "name": "text",
                      "last_used": "2026-07-19T12:46:46.939Z"
                    }
                  ]
                },
                "additional_node_properties": {
                  "role_substitution_recommended_role": "text",
                  "role_substitution_reason_for_high_priv_role": "text",
                  "role_substitution_error": "text",
                  "default_cohort_role_users_in_cohort": [
                    "text"
                  ],
                  "default_cohort_role": "text",
                  "default_cohort_role_all_common_roles": [
                    "text"
                  ],
                  "default_cohort_role_error": "text",
                  "login_anomaly_detection_stats": [
                    {
                      "time": "2026-07-19T12:46:46.939Z",
                      "login_count": "text",
                      "median_login_count": 1,
                      "outlier_prediction": 1
                    }
                  ],
                  "outlier_prediction": {
                    "prediction": 1,
                    "score": 1,
                    "contributing_features": [
                      {
                        "name": "text",
                        "value": 1,
                        "explanation": "text"
                      }
                    ]
                  },
                  "associated_risks": [
                    {
                      "query_id": "text",
                      "suppressed": true,
                      "risk_level": 1
                    }
                  ]
                },
                "integration_type": "text",
                "joined_nodes": "[Circular Reference]",
                "additional_spec_properties": {}
              }
            },
            "additional_spec_properties": {}
          }
        ],
        "results_truncated": true,
        "filtered_concrete_permissions": [
          "text"
        ],
        "corresponding_abstract_permissions": [
          "text"
        ],
        "filtered_concrete_permission_groups": [
          {
            "permissions": [
              "text"
            ]
          }
        ],
        "joined_nodes": {
          "ANY_ADDITIONAL_PROPERTY": {
            "id": "text",
            "type": "text",
            "properties": {},
            "destination_node_count": 1,
            "permissions": "[Circular Reference]",
            "engagement_access_stats": {
              "engagement_score": 1,
              "over_provisioned_score": 1,
              "total_count": "text",
              "accessed_count": "text"
            },
            "access_stats": {
              "last_used": "2026-07-19T12:46:46.939Z",
              "count": 1,
              "concrete_permissions": [
                "text"
              ],
              "canonical_permissions": [
                "text"
              ]
            },
            "risk_level": 1,
            "raw_permissions": [
              "text"
            ],
            "effective_permissions": [
              "text"
            ],
            "unsupported_conditions": {
              "ANY_ADDITIONAL_PROPERTY": {
                "conditions": [
                  "text"
                ]
              }
            },
            "destination_node_percentage_of_total": 1,
            "tags": [
              {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              }
            ],
            "specified_tags": [
              {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              }
            ],
            "filtered_raw_permissions": [
              "text"
            ],
            "corresponding_effective_permissions": [
              "text"
            ],
            "single_entity_access_stats": {
              "last_used": "2026-07-19T12:46:46.939Z",
              "last_used_with_events_for": [
                {
                  "name": "text",
                  "last_used": "2026-07-19T12:46:46.939Z"
                }
              ]
            },
            "additional_node_properties": {
              "role_substitution_recommended_role": "text",
              "role_substitution_reason_for_high_priv_role": "text",
              "role_substitution_error": "text",
              "default_cohort_role_users_in_cohort": [
                "text"
              ],
              "default_cohort_role": "text",
              "default_cohort_role_all_common_roles": [
                "text"
              ],
              "default_cohort_role_error": "text",
              "login_anomaly_detection_stats": [
                {
                  "time": "2026-07-19T12:46:46.939Z",
                  "login_count": "text",
                  "median_login_count": 1,
                  "outlier_prediction": 1
                }
              ],
              "outlier_prediction": {
                "prediction": 1,
                "score": 1,
                "contributing_features": [
                  {
                    "name": "text",
                    "value": 1,
                    "explanation": "text"
                  }
                ]
              },
              "associated_risks": [
                {
                  "query_id": "text",
                  "suppressed": true,
                  "risk_level": 1
                }
              ]
            },
            "integration_type": "text",
            "joined_nodes": {
              "ANY_ADDITIONAL_PROPERTY": {
                "id": "text",
                "type": "text",
                "properties": {},
                "destination_node_count": 1,
                "permissions": "[Circular Reference]",
                "engagement_access_stats": {
                  "engagement_score": 1,
                  "over_provisioned_score": 1,
                  "total_count": "text",
                  "accessed_count": "text"
                },
                "access_stats": {
                  "last_used": "2026-07-19T12:46:46.939Z",
                  "count": 1,
                  "concrete_permissions": [
                    "text"
                  ],
                  "canonical_permissions": [
                    "text"
                  ]
                },
                "risk_level": 1,
                "raw_permissions": [
                  "text"
                ],
                "effective_permissions": [
                  "text"
                ],
                "unsupported_conditions": {
                  "ANY_ADDITIONAL_PROPERTY": {
                    "conditions": [
                      "text"
                    ]
                  }
                },
                "destination_node_percentage_of_total": 1,
                "tags": [
                  {
                    "type": "text",
                    "key": "text",
                    "value": "text",
                    "properties": {
                      "ANY_ADDITIONAL_PROPERTY": null
                    }
                  }
                ],
                "specified_tags": [
                  {
                    "type": "text",
                    "key": "text",
                    "value": "text",
                    "properties": {
                      "ANY_ADDITIONAL_PROPERTY": null
                    }
                  }
                ],
                "filtered_raw_permissions": [
                  "text"
                ],
                "corresponding_effective_permissions": [
                  "text"
                ],
                "single_entity_access_stats": {
                  "last_used": "2026-07-19T12:46:46.939Z",
                  "last_used_with_events_for": [
                    {
                      "name": "text",
                      "last_used": "2026-07-19T12:46:46.939Z"
                    }
                  ]
                },
                "additional_node_properties": {
                  "role_substitution_recommended_role": "text",
                  "role_substitution_reason_for_high_priv_role": "text",
                  "role_substitution_error": "text",
                  "default_cohort_role_users_in_cohort": [
                    "text"
                  ],
                  "default_cohort_role": "text",
                  "default_cohort_role_all_common_roles": [
                    "text"
                  ],
                  "default_cohort_role_error": "text",
                  "login_anomaly_detection_stats": [
                    {
                      "time": "2026-07-19T12:46:46.939Z",
                      "login_count": "text",
                      "median_login_count": 1,
                      "outlier_prediction": 1
                    }
                  ],
                  "outlier_prediction": {
                    "prediction": 1,
                    "score": 1,
                    "contributing_features": [
                      {
                        "name": "text",
                        "value": 1,
                        "explanation": "text"
                      }
                    ]
                  },
                  "associated_risks": [
                    {
                      "query_id": "text",
                      "suppressed": true,
                      "risk_level": 1
                    }
                  ]
                },
                "integration_type": "text",
                "joined_nodes": "[Circular Reference]",
                "additional_spec_properties": {}
              }
            },
            "additional_spec_properties": {}
          }
        },
        "additional_path_properties": {
          "outlier_prediction": {
            "prediction": 1,
            "score": 1,
            "contributing_features": [
              {
                "name": "text",
                "value": 1,
                "explanation": "text"
              }
            ]
          },
          "associated_risks": [
            {
              "query_id": "text",
              "suppressed": true,
              "risk_level": 1
            }
          ],
          "access_path_risk_score": 1
        },
        "waypoint": {
          "id": "text",
          "type": "text",
          "properties": {},
          "destination_node_count": 1,
          "engagement_access_stats": {
            "engagement_score": 1,
            "over_provisioned_score": 1,
            "total_count": "text",
            "accessed_count": "text"
          },
          "access_stats": {
            "last_used": "2026-07-19T12:46:46.939Z",
            "count": 1,
            "concrete_permissions": [
              "text"
            ],
            "canonical_permissions": [
              "text"
            ]
          },
          "risk_level": 1,
          "raw_permissions": [
            "text"
          ],
          "effective_permissions": [
            "text"
          ],
          "unsupported_conditions": {
            "ANY_ADDITIONAL_PROPERTY": {
              "conditions": [
                "text"
              ]
            }
          },
          "destination_node_percentage_of_total": 1,
          "tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "specified_tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "filtered_raw_permissions": [
            "text"
          ],
          "corresponding_effective_permissions": [
            "text"
          ],
          "single_entity_access_stats": {
            "last_used": "2026-07-19T12:46:46.939Z",
            "last_used_with_events_for": [
              {
                "name": "text",
                "last_used": "2026-07-19T12:46:46.939Z"
              }
            ]
          },
          "additional_node_properties": {
            "role_substitution_recommended_role": "text",
            "role_substitution_reason_for_high_priv_role": "text",
            "role_substitution_error": "text",
            "default_cohort_role_users_in_cohort": [
              "text"
            ],
            "default_cohort_role": "text",
            "default_cohort_role_all_common_roles": [
              "text"
            ],
            "default_cohort_role_error": "text",
            "login_anomaly_detection_stats": [
              {
                "time": "2026-07-19T12:46:46.939Z",
                "login_count": "text",
                "median_login_count": 1,
                "outlier_prediction": 1
              }
            ],
            "outlier_prediction": {
              "prediction": 1,
              "score": 1,
              "contributing_features": [
                {
                  "name": "text",
                  "value": 1,
                  "explanation": "text"
                }
              ]
            },
            "associated_risks": [
              {
                "query_id": "text",
                "suppressed": true,
                "risk_level": 1
              }
            ]
          },
          "integration_type": "text",
          "joined_nodes": {
            "ANY_ADDITIONAL_PROPERTY": {
              "id": "text",
              "type": "text",
              "properties": {},
              "destination_node_count": 1,
              "permissions": "[Circular Reference]",
              "engagement_access_stats": {
                "engagement_score": 1,
                "over_provisioned_score": 1,
                "total_count": "text",
                "accessed_count": "text"
              },
              "access_stats": {
                "last_used": "2026-07-19T12:46:46.939Z",
                "count": 1,
                "concrete_permissions": [
                  "text"
                ],
                "canonical_permissions": [
                  "text"
                ]
              },
              "risk_level": 1,
              "raw_permissions": [
                "text"
              ],
              "effective_permissions": [
                "text"
              ],
              "unsupported_conditions": {
                "ANY_ADDITIONAL_PROPERTY": {
                  "conditions": [
                    "text"
                  ]
                }
              },
              "destination_node_percentage_of_total": 1,
              "tags": [
                {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                }
              ],
              "specified_tags": [
                {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                }
              ],
              "filtered_raw_permissions": [
                "text"
              ],
              "corresponding_effective_permissions": [
                "text"
              ],
              "single_entity_access_stats": {
                "last_used": "2026-07-19T12:46:46.939Z",
                "last_used_with_events_for": [
                  {
                    "name": "text",
                    "last_used": "2026-07-19T12:46:46.939Z"
                  }
                ]
              },
              "additional_node_properties": {
                "role_substitution_recommended_role": "text",
                "role_substitution_reason_for_high_priv_role": "text",
                "role_substitution_error": "text",
                "default_cohort_role_users_in_cohort": [
                  "text"
                ],
                "default_cohort_role": "text",
                "default_cohort_role_all_common_roles": [
                  "text"
                ],
                "default_cohort_role_error": "text",
                "login_anomaly_detection_stats": [
                  {
                    "time": "2026-07-19T12:46:46.939Z",
                    "login_count": "text",
                    "median_login_count": 1,
                    "outlier_prediction": 1
                  }
                ],
                "outlier_prediction": {
                  "prediction": 1,
                  "score": 1,
                  "contributing_features": [
                    {
                      "name": "text",
                      "value": 1,
                      "explanation": "text"
                    }
                  ]
                },
                "associated_risks": [
                  {
                    "query_id": "text",
                    "suppressed": true,
                    "risk_level": 1
                  }
                ]
              },
              "integration_type": "text",
              "joined_nodes": "[Circular Reference]",
              "additional_spec_properties": {}
            }
          },
          "additional_spec_properties": {}
        },
        "additional_spec_properties": {}
      }
    ],
    "approx_total_source_nodes_count": "text",
    "next_page_token": "text",
    "has_more": true
  }
}
POST /api/v1/enrichment/rules_preview HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 18614

{
  "request": {
    "name": "text",
    "description": "text",
    "active": true,
    "provider_ids": [
      "text"
    ],
    "entity_type": "text",
    "property_name": "text",
    "property_value": null,
    "node_ids": [
      "text"
    ],
    "query_id": "text",
    "priority": 1,
    "other_node_query_id": "text",
    "enriched_property": 1,
    "enriched_owners_value": {
      "property_names_in_template": [
        "text"
      ],
      "owners": [
        {
          "team": "text"
        }
      ]
    },
    "tag_updates_value": {
      "add_tags": [
        {}
      ],
      "remove_tags": [
        {}
      ]
    }
  },
  "preview_query": {
    "query_type": 1,
    "source_node_types": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "customized_variables": [
      {
        "key": "text",
        "value": "text"
      }
    ],
    "snapshot_id": "text",
    "access_filter": {
      "engagement_score": {
        "op": 1,
        "value": 1
      },
      "over_provisioned_score": {
        "op": 1,
        "value": 1
      },
      "include_secondary_grantee": true,
      "include_indirect_resource": true,
      "exclude_indirect_grantee": true,
      "anomaly_detection_history_days": "text",
      "last_used": {
        "op": 1,
        "value": "2026-07-19T12:46:46.939Z",
        "target": 1,
        "relative_timevar_value": "text",
        "not": true
      }
    },
    "node_relationship_type": 1,
    "relates_to_exp": {
      "specs": [
        {
          "node_types": "[Circular Reference]",
          "required_intermediate_node_types": "[Circular Reference]",
          "avoided_intermediate_node_types": "[Circular Reference]",
          "raw_permissions": {
            "values": [
              "text"
            ],
            "operator": 1
          },
          "effective_permissions": {
            "values": [
              1
            ],
            "operator": 1
          },
          "unsupported_condition_mode": 1,
          "no_relation": true,
          "direction": 1,
          "path_type": 1
        }
      ],
      "child_expressions": [
        {
          "specs": "[Circular Reference]",
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "and_op_type": 1
        }
      ],
      "operator": 1,
      "not": true,
      "and_op_type": 1
    },
    "path_summary_node_types": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "all_entity_condition": {
      "specs": [
        {
          "fn": 0,
          "property": "email",
          "value": null,
          "not": false,
          "value_property_name": "text",
          "value_property_from_other_node": true,
          "source_property": "text"
        }
      ],
      "tag_specs": [
        {
          "tag": {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          },
          "exclude": true,
          "fn": 1,
          "source_query_id": "text",
          "source_tag_key": "text"
        }
      ],
      "child_expressions": [
        {
          "specs": [
            {
              "fn": 0,
              "property": "email",
              "value": null,
              "not": false,
              "value_property_name": "text",
              "value_property_from_other_node": true,
              "source_property": "text"
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true,
              "fn": 1,
              "source_query_id": "text",
              "source_tag_key": "text"
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 0,
          "not": true
        }
      ],
      "operator": 0,
      "not": true
    },
    "path_summary_count_conditions": {
      "conditions": [
        {
          "fn": 1,
          "value": "text",
          "value_as": 1
        }
      ]
    },
    "result_value_type": 1,
    "include_all_source_tags_in_results": true,
    "include_all_destination_tags_in_results": true,
    "additional_columns_to_get": [
      1
    ],
    "result_enrichment": {
      "join_node_specs": [
        {
          "with": "text",
          "node_spec": "[Circular Reference]",
          "as": "text"
        }
      ],
      "outlier_detection": {
        "type": 1,
        "manager_centric_config": {
          "grouping_properties": [
            {
              "property_name": "text",
              "node_type": "text",
              "target": 1,
              "joined_node_alias": "text"
            }
          ],
          "threshold": 1
        }
      },
      "include_associated_risks": true,
      "risks_filter": "text"
    },
    "include_sub_permissions": true,
    "include_permissions_summary": true,
    "waypoint_nodes": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "unpivot_properties": [
      "text"
    ],
    "union_specs": [
      {
        "query_type": 1,
        "source_node_types": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "customized_variables": [
          {
            "key": "text",
            "value": "text"
          }
        ],
        "access_filter": {
          "engagement_score": {
            "op": 1,
            "value": 1
          },
          "over_provisioned_score": {
            "op": 1,
            "value": 1
          },
          "include_secondary_grantee": true,
          "include_indirect_resource": true,
          "exclude_indirect_grantee": true,
          "anomaly_detection_history_days": "text",
          "last_used": {
            "op": 1,
            "value": "2026-07-19T12:46:46.939Z",
            "target": 1,
            "relative_timevar_value": "text",
            "not": true
          }
        },
        "node_relationship_type": 1,
        "relates_to_exp": {
          "specs": "[Circular Reference]",
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "and_op_type": 1
        },
        "path_summary_node_types": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "all_entity_condition": {
          "specs": [
            {
              "fn": 0,
              "property": "email",
              "value": null,
              "not": false,
              "value_property_name": "text",
              "value_property_from_other_node": true,
              "source_property": "text"
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true,
              "fn": 1,
              "source_query_id": "text",
              "source_tag_key": "text"
            }
          ],
          "child_expressions": [
            {
              "specs": [
                {
                  "fn": 0,
                  "property": "email",
                  "value": null,
                  "not": false,
                  "value_property_name": "text",
                  "value_property_from_other_node": true,
                  "source_property": "text"
                }
              ],
              "tag_specs": [
                {
                  "tag": {
                    "type": "text",
                    "key": "text",
                    "value": "text",
                    "properties": {
                      "ANY_ADDITIONAL_PROPERTY": null
                    }
                  },
                  "exclude": true,
                  "fn": 1,
                  "source_query_id": "text",
                  "source_tag_key": "text"
                }
              ],
              "child_expressions": [
                "[Circular Reference]"
              ],
              "operator": 0,
              "not": true
            }
          ],
          "operator": 0,
          "not": true
        },
        "path_summary_count_conditions": {
          "conditions": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ]
        },
        "waypoint_nodes": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "additional_spec_properties": {},
        "result_enrichment": {
          "join_node_specs": [
            {
              "with": "text",
              "node_spec": "[Circular Reference]",
              "as": "text"
            }
          ],
          "outlier_detection": {
            "type": 1,
            "manager_centric_config": {
              "grouping_properties": [
                {
                  "property_name": "text",
                  "node_type": "text",
                  "target": 1,
                  "joined_node_alias": "text"
                }
              ],
              "threshold": 1
            }
          },
          "include_associated_risks": true,
          "risks_filter": "text"
        }
      }
    ],
    "page_size": "text",
    "page_token": "text"
  },
  "preview_other_node_query": {
    "query_type": 1,
    "source_node_types": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "customized_variables": [
      {
        "key": "text",
        "value": "text"
      }
    ],
    "snapshot_id": "text",
    "access_filter": {
      "engagement_score": {
        "op": 1,
        "value": 1
      },
      "over_provisioned_score": {
        "op": 1,
        "value": 1
      },
      "include_secondary_grantee": true,
      "include_indirect_resource": true,
      "exclude_indirect_grantee": true,
      "anomaly_detection_history_days": "text",
      "last_used": {
        "op": 1,
        "value": "2026-07-19T12:46:46.939Z",
        "target": 1,
        "relative_timevar_value": "text",
        "not": true
      }
    },
    "node_relationship_type": 1,
    "relates_to_exp": {
      "specs": [
        {
          "node_types": "[Circular Reference]",
          "required_intermediate_node_types": "[Circular Reference]",
          "avoided_intermediate_node_types": "[Circular Reference]",
          "raw_permissions": {
            "values": [
              "text"
            ],
            "operator": 1
          },
          "effective_permissions": {
            "values": [
              1
            ],
            "operator": 1
          },
          "unsupported_condition_mode": 1,
          "no_relation": true,
          "direction": 1,
          "path_type": 1
        }
      ],
      "child_expressions": [
        {
          "specs": "[Circular Reference]",
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "and_op_type": 1
        }
      ],
      "operator": 1,
      "not": true,
      "and_op_type": 1
    },
    "path_summary_node_types": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "all_entity_condition": {
      "specs": [
        {
          "fn": 0,
          "property": "email",
          "value": null,
          "not": false,
          "value_property_name": "text",
          "value_property_from_other_node": true,
          "source_property": "text"
        }
      ],
      "tag_specs": [
        {
          "tag": {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          },
          "exclude": true,
          "fn": 1,
          "source_query_id": "text",
          "source_tag_key": "text"
        }
      ],
      "child_expressions": [
        {
          "specs": [
            {
              "fn": 0,
              "property": "email",
              "value": null,
              "not": false,
              "value_property_name": "text",
              "value_property_from_other_node": true,
              "source_property": "text"
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true,
              "fn": 1,
              "source_query_id": "text",
              "source_tag_key": "text"
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 0,
          "not": true
        }
      ],
      "operator": 0,
      "not": true
    },
    "path_summary_count_conditions": {
      "conditions": [
        {
          "fn": 1,
          "value": "text",
          "value_as": 1
        }
      ]
    },
    "result_value_type": 1,
    "include_all_source_tags_in_results": true,
    "include_all_destination_tags_in_results": true,
    "additional_columns_to_get": [
      1
    ],
    "result_enrichment": {
      "join_node_specs": [
        {
          "with": "text",
          "node_spec": "[Circular Reference]",
          "as": "text"
        }
      ],
      "outlier_detection": {
        "type": 1,
        "manager_centric_config": {
          "grouping_properties": [
            {
              "property_name": "text",
              "node_type": "text",
              "target": 1,
              "joined_node_alias": "text"
            }
          ],
          "threshold": 1
        }
      },
      "include_associated_risks": true,
      "risks_filter": "text"
    },
    "include_sub_permissions": true,
    "include_permissions_summary": true,
    "waypoint_nodes": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "unpivot_properties": [
      "text"
    ],
    "union_specs": [
      {
        "query_type": 1,
        "source_node_types": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "customized_variables": [
          {
            "key": "text",
            "value": "text"
          }
        ],
        "access_filter": {
          "engagement_score": {
            "op": 1,
            "value": 1
          },
          "over_provisioned_score": {
            "op": 1,
            "value": 1
          },
          "include_secondary_grantee": true,
          "include_indirect_resource": true,
          "exclude_indirect_grantee": true,
          "anomaly_detection_history_days": "text",
          "last_used": {
            "op": 1,
            "value": "2026-07-19T12:46:46.939Z",
            "target": 1,
            "relative_timevar_value": "text",
            "not": true
          }
        },
        "node_relationship_type": 1,
        "relates_to_exp": {
          "specs": "[Circular Reference]",
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "and_op_type": 1
        },
        "path_summary_node_types": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "all_entity_condition": {
          "specs": [
            {
              "fn": 0,
              "property": "email",
              "value": null,
              "not": false,
              "value_property_name": "text",
              "value_property_from_other_node": true,
              "source_property": "text"
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true,
              "fn": 1,
              "source_query_id": "text",
              "source_tag_key": "text"
            }
          ],
          "child_expressions": [
            {
              "specs": [
                {
                  "fn": 0,
                  "property": "email",
                  "value": null,
                  "not": false,
                  "value_property_name": "text",
                  "value_property_from_other_node": true,
                  "source_property": "text"
                }
              ],
              "tag_specs": [
                {
                  "tag": {
                    "type": "text",
                    "key": "text",
                    "value": "text",
                    "properties": {
                      "ANY_ADDITIONAL_PROPERTY": null
                    }
                  },
                  "exclude": true,
                  "fn": 1,
                  "source_query_id": "text",
                  "source_tag_key": "text"
                }
              ],
              "child_expressions": [
                "[Circular Reference]"
              ],
              "operator": 0,
              "not": true
            }
          ],
          "operator": 0,
          "not": true
        },
        "path_summary_count_conditions": {
          "conditions": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ]
        },
        "waypoint_nodes": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "additional_spec_properties": {},
        "result_enrichment": {
          "join_node_specs": [
            {
              "with": "text",
              "node_spec": "[Circular Reference]",
              "as": "text"
            }
          ],
          "outlier_detection": {
            "type": 1,
            "manager_centric_config": {
              "grouping_properties": [
                {
                  "property_name": "text",
                  "node_type": "text",
                  "target": 1,
                  "joined_node_alias": "text"
                }
              ],
              "threshold": 1
            }
          },
          "include_associated_risks": true,
          "risks_filter": "text"
        }
      }
    ],
    "page_size": "text",
    "page_token": "text"
  },
  "page_size": "text",
  "page_token": "text"
}
{
  "provider_types": [
    {
      "type": "text",
      "schema_integration_type": "text",
      "enabled": true,
      "provider_details": [
        {
          "id": "text",
          "external_id": "text"
        }
      ]
    }
  ],
  "unregistered_custom_provider_types": [
    {
      "type": "text",
      "schema_integration_type": "text",
      "enabled": true,
      "provider_details": [
        {
          "id": "text",
          "external_id": "text"
        }
      ]
    }
  ]
}
GET /api/v1/providers/types HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "count": "text"
}
POST /api/v1/enrichment/rules_preview_count HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 18614

{
  "request": {
    "name": "text",
    "description": "text",
    "active": true,
    "provider_ids": [
      "text"
    ],
    "entity_type": "text",
    "property_name": "text",
    "property_value": null,
    "node_ids": [
      "text"
    ],
    "query_id": "text",
    "priority": 1,
    "other_node_query_id": "text",
    "enriched_property": 1,
    "enriched_owners_value": {
      "property_names_in_template": [
        "text"
      ],
      "owners": [
        {
          "team": "text"
        }
      ]
    },
    "tag_updates_value": {
      "add_tags": [
        {}
      ],
      "remove_tags": [
        {}
      ]
    }
  },
  "preview_query": {
    "query_type": 1,
    "source_node_types": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "customized_variables": [
      {
        "key": "text",
        "value": "text"
      }
    ],
    "snapshot_id": "text",
    "access_filter": {
      "engagement_score": {
        "op": 1,
        "value": 1
      },
      "over_provisioned_score": {
        "op": 1,
        "value": 1
      },
      "include_secondary_grantee": true,
      "include_indirect_resource": true,
      "exclude_indirect_grantee": true,
      "anomaly_detection_history_days": "text",
      "last_used": {
        "op": 1,
        "value": "2026-07-19T12:46:46.939Z",
        "target": 1,
        "relative_timevar_value": "text",
        "not": true
      }
    },
    "node_relationship_type": 1,
    "relates_to_exp": {
      "specs": [
        {
          "node_types": "[Circular Reference]",
          "required_intermediate_node_types": "[Circular Reference]",
          "avoided_intermediate_node_types": "[Circular Reference]",
          "raw_permissions": {
            "values": [
              "text"
            ],
            "operator": 1
          },
          "effective_permissions": {
            "values": [
              1
            ],
            "operator": 1
          },
          "unsupported_condition_mode": 1,
          "no_relation": true,
          "direction": 1,
          "path_type": 1
        }
      ],
      "child_expressions": [
        {
          "specs": "[Circular Reference]",
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "and_op_type": 1
        }
      ],
      "operator": 1,
      "not": true,
      "and_op_type": 1
    },
    "path_summary_node_types": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "all_entity_condition": {
      "specs": [
        {
          "fn": 0,
          "property": "email",
          "value": null,
          "not": false,
          "value_property_name": "text",
          "value_property_from_other_node": true,
          "source_property": "text"
        }
      ],
      "tag_specs": [
        {
          "tag": {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          },
          "exclude": true,
          "fn": 1,
          "source_query_id": "text",
          "source_tag_key": "text"
        }
      ],
      "child_expressions": [
        {
          "specs": [
            {
              "fn": 0,
              "property": "email",
              "value": null,
              "not": false,
              "value_property_name": "text",
              "value_property_from_other_node": true,
              "source_property": "text"
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true,
              "fn": 1,
              "source_query_id": "text",
              "source_tag_key": "text"
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 0,
          "not": true
        }
      ],
      "operator": 0,
      "not": true
    },
    "path_summary_count_conditions": {
      "conditions": [
        {
          "fn": 1,
          "value": "text",
          "value_as": 1
        }
      ]
    },
    "result_value_type": 1,
    "include_all_source_tags_in_results": true,
    "include_all_destination_tags_in_results": true,
    "additional_columns_to_get": [
      1
    ],
    "result_enrichment": {
      "join_node_specs": [
        {
          "with": "text",
          "node_spec": "[Circular Reference]",
          "as": "text"
        }
      ],
      "outlier_detection": {
        "type": 1,
        "manager_centric_config": {
          "grouping_properties": [
            {
              "property_name": "text",
              "node_type": "text",
              "target": 1,
              "joined_node_alias": "text"
            }
          ],
          "threshold": 1
        }
      },
      "include_associated_risks": true,
      "risks_filter": "text"
    },
    "include_sub_permissions": true,
    "include_permissions_summary": true,
    "waypoint_nodes": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "unpivot_properties": [
      "text"
    ],
    "union_specs": [
      {
        "query_type": 1,
        "source_node_types": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "customized_variables": [
          {
            "key": "text",
            "value": "text"
          }
        ],
        "access_filter": {
          "engagement_score": {
            "op": 1,
            "value": 1
          },
          "over_provisioned_score": {
            "op": 1,
            "value": 1
          },
          "include_secondary_grantee": true,
          "include_indirect_resource": true,
          "exclude_indirect_grantee": true,
          "anomaly_detection_history_days": "text",
          "last_used": {
            "op": 1,
            "value": "2026-07-19T12:46:46.939Z",
            "target": 1,
            "relative_timevar_value": "text",
            "not": true
          }
        },
        "node_relationship_type": 1,
        "relates_to_exp": {
          "specs": "[Circular Reference]",
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "and_op_type": 1
        },
        "path_summary_node_types": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "all_entity_condition": {
          "specs": [
            {
              "fn": 0,
              "property": "email",
              "value": null,
              "not": false,
              "value_property_name": "text",
              "value_property_from_other_node": true,
              "source_property": "text"
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true,
              "fn": 1,
              "source_query_id": "text",
              "source_tag_key": "text"
            }
          ],
          "child_expressions": [
            {
              "specs": [
                {
                  "fn": 0,
                  "property": "email",
                  "value": null,
                  "not": false,
                  "value_property_name": "text",
                  "value_property_from_other_node": true,
                  "source_property": "text"
                }
              ],
              "tag_specs": [
                {
                  "tag": {
                    "type": "text",
                    "key": "text",
                    "value": "text",
                    "properties": {
                      "ANY_ADDITIONAL_PROPERTY": null
                    }
                  },
                  "exclude": true,
                  "fn": 1,
                  "source_query_id": "text",
                  "source_tag_key": "text"
                }
              ],
              "child_expressions": [
                "[Circular Reference]"
              ],
              "operator": 0,
              "not": true
            }
          ],
          "operator": 0,
          "not": true
        },
        "path_summary_count_conditions": {
          "conditions": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ]
        },
        "waypoint_nodes": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "additional_spec_properties": {},
        "result_enrichment": {
          "join_node_specs": [
            {
              "with": "text",
              "node_spec": "[Circular Reference]",
              "as": "text"
            }
          ],
          "outlier_detection": {
            "type": 1,
            "manager_centric_config": {
              "grouping_properties": [
                {
                  "property_name": "text",
                  "node_type": "text",
                  "target": 1,
                  "joined_node_alias": "text"
                }
              ],
              "threshold": 1
            }
          },
          "include_associated_risks": true,
          "risks_filter": "text"
        }
      }
    ],
    "page_size": "text",
    "page_token": "text"
  },
  "preview_other_node_query": {
    "query_type": 1,
    "source_node_types": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "customized_variables": [
      {
        "key": "text",
        "value": "text"
      }
    ],
    "snapshot_id": "text",
    "access_filter": {
      "engagement_score": {
        "op": 1,
        "value": 1
      },
      "over_provisioned_score": {
        "op": 1,
        "value": 1
      },
      "include_secondary_grantee": true,
      "include_indirect_resource": true,
      "exclude_indirect_grantee": true,
      "anomaly_detection_history_days": "text",
      "last_used": {
        "op": 1,
        "value": "2026-07-19T12:46:46.939Z",
        "target": 1,
        "relative_timevar_value": "text",
        "not": true
      }
    },
    "node_relationship_type": 1,
    "relates_to_exp": {
      "specs": [
        {
          "node_types": "[Circular Reference]",
          "required_intermediate_node_types": "[Circular Reference]",
          "avoided_intermediate_node_types": "[Circular Reference]",
          "raw_permissions": {
            "values": [
              "text"
            ],
            "operator": 1
          },
          "effective_permissions": {
            "values": [
              1
            ],
            "operator": 1
          },
          "unsupported_condition_mode": 1,
          "no_relation": true,
          "direction": 1,
          "path_type": 1
        }
      ],
      "child_expressions": [
        {
          "specs": "[Circular Reference]",
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "and_op_type": 1
        }
      ],
      "operator": 1,
      "not": true,
      "and_op_type": 1
    },
    "path_summary_node_types": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "all_entity_condition": {
      "specs": [
        {
          "fn": 0,
          "property": "email",
          "value": null,
          "not": false,
          "value_property_name": "text",
          "value_property_from_other_node": true,
          "source_property": "text"
        }
      ],
      "tag_specs": [
        {
          "tag": {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          },
          "exclude": true,
          "fn": 1,
          "source_query_id": "text",
          "source_tag_key": "text"
        }
      ],
      "child_expressions": [
        {
          "specs": [
            {
              "fn": 0,
              "property": "email",
              "value": null,
              "not": false,
              "value_property_name": "text",
              "value_property_from_other_node": true,
              "source_property": "text"
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true,
              "fn": 1,
              "source_query_id": "text",
              "source_tag_key": "text"
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 0,
          "not": true
        }
      ],
      "operator": 0,
      "not": true
    },
    "path_summary_count_conditions": {
      "conditions": [
        {
          "fn": 1,
          "value": "text",
          "value_as": 1
        }
      ]
    },
    "result_value_type": 1,
    "include_all_source_tags_in_results": true,
    "include_all_destination_tags_in_results": true,
    "additional_columns_to_get": [
      1
    ],
    "result_enrichment": {
      "join_node_specs": [
        {
          "with": "text",
          "node_spec": "[Circular Reference]",
          "as": "text"
        }
      ],
      "outlier_detection": {
        "type": 1,
        "manager_centric_config": {
          "grouping_properties": [
            {
              "property_name": "text",
              "node_type": "text",
              "target": 1,
              "joined_node_alias": "text"
            }
          ],
          "threshold": 1
        }
      },
      "include_associated_risks": true,
      "risks_filter": "text"
    },
    "include_sub_permissions": true,
    "include_permissions_summary": true,
    "waypoint_nodes": {
      "nodes": [
        {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 0,
                "property": "email",
                "value": null,
                "not": false,
                "value_property_name": "text",
                "value_property_from_other_node": true,
                "source_property": "text"
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true,
                "fn": 1,
                "source_query_id": "text",
                "source_tag_key": "text"
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 0,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": "[Circular Reference]",
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        }
      ],
      "nodes_operator": 0
    },
    "unpivot_properties": [
      "text"
    ],
    "union_specs": [
      {
        "query_type": 1,
        "source_node_types": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "customized_variables": [
          {
            "key": "text",
            "value": "text"
          }
        ],
        "access_filter": {
          "engagement_score": {
            "op": 1,
            "value": 1
          },
          "over_provisioned_score": {
            "op": 1,
            "value": 1
          },
          "include_secondary_grantee": true,
          "include_indirect_resource": true,
          "exclude_indirect_grantee": true,
          "anomaly_detection_history_days": "text",
          "last_used": {
            "op": 1,
            "value": "2026-07-19T12:46:46.939Z",
            "target": 1,
            "relative_timevar_value": "text",
            "not": true
          }
        },
        "node_relationship_type": 1,
        "relates_to_exp": {
          "specs": "[Circular Reference]",
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "and_op_type": 1
        },
        "path_summary_node_types": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "all_entity_condition": {
          "specs": [
            {
              "fn": 0,
              "property": "email",
              "value": null,
              "not": false,
              "value_property_name": "text",
              "value_property_from_other_node": true,
              "source_property": "text"
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true,
              "fn": 1,
              "source_query_id": "text",
              "source_tag_key": "text"
            }
          ],
          "child_expressions": [
            {
              "specs": [
                {
                  "fn": 0,
                  "property": "email",
                  "value": null,
                  "not": false,
                  "value_property_name": "text",
                  "value_property_from_other_node": true,
                  "source_property": "text"
                }
              ],
              "tag_specs": [
                {
                  "tag": {
                    "type": "text",
                    "key": "text",
                    "value": "text",
                    "properties": {
                      "ANY_ADDITIONAL_PROPERTY": null
                    }
                  },
                  "exclude": true,
                  "fn": 1,
                  "source_query_id": "text",
                  "source_tag_key": "text"
                }
              ],
              "child_expressions": [
                "[Circular Reference]"
              ],
              "operator": 0,
              "not": true
            }
          ],
          "operator": 0,
          "not": true
        },
        "path_summary_count_conditions": {
          "conditions": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ]
        },
        "waypoint_nodes": {
          "nodes": [
            {
              "node_type": "text",
              "condition_expression": {
                "specs": [
                  {
                    "fn": 0,
                    "property": "email",
                    "value": null,
                    "not": false,
                    "value_property_name": "text",
                    "value_property_from_other_node": true,
                    "source_property": "text"
                  }
                ],
                "tag_specs": [
                  {
                    "tag": {
                      "type": "text",
                      "key": "text",
                      "value": "text",
                      "properties": {
                        "ANY_ADDITIONAL_PROPERTY": null
                      }
                    },
                    "exclude": true,
                    "fn": 1,
                    "source_query_id": "text",
                    "source_tag_key": "text"
                  }
                ],
                "child_expressions": "[Circular Reference]",
                "operator": 0,
                "not": true
              },
              "node_id": "text",
              "count_condition_expression": "[Circular Reference]",
              "direct_relationship_only": true,
              "node_type_grouping_constraint": {
                "node_types": [
                  "text"
                ],
                "constraint_type": 1
              },
              "properties_to_get": [
                "text"
              ],
              "tags_to_get": [
                {
                  "type": 1,
                  "key": "text"
                }
              ],
              "integration_types": [
                "text"
              ]
            }
          ],
          "nodes_operator": 0
        },
        "additional_spec_properties": {},
        "result_enrichment": {
          "join_node_specs": [
            {
              "with": "text",
              "node_spec": "[Circular Reference]",
              "as": "text"
            }
          ],
          "outlier_detection": {
            "type": 1,
            "manager_centric_config": {
              "grouping_properties": [
                {
                  "property_name": "text",
                  "node_type": "text",
                  "target": 1,
                  "joined_node_alias": "text"
                }
              ],
              "threshold": 1
            }
          },
          "include_associated_risks": true,
          "risks_filter": "text"
        }
      }
    ],
    "page_size": "text",
    "page_token": "text"
  },
  "page_size": "text",
  "page_token": "text"
}

IMPORTANT: keep mutable fields in sync with PatchDataSourceRequest. When adding a new mutable datasource field, add it to both messages.

idstringOptional
namestringOptional
idstringRead-onlyOptional
secret_idstringOptional
typeinteger · enumOptional
mappingstringOptional
vault_idstringOptional
idstringRead-onlyOptional
namestringOptional

Must be unique within an insight point

vault_providerstringOptional

Provider type: "azure_key_vault", "aws_secrets_manager", etc.

insight_point_idstringOptional

Owning insight point ID, or "internal" for control plane vaults

deletedbooleanOptional

Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

Responses
200

OK

application/json
valueobject · DataSourceOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
put/api/v1/providers/datasources/{id}
PUT /api/v1/providers/datasources/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 133

{
  "id": "text",
  "name": "text",
  "secret_references": [
    {
      "secret_id": "text",
      "secret_mapping": {
        "type": 1,
        "mapping": "text"
      },
      "vault_id": "text"
    }
  ]
}
get/api/v1/enrichment/rules
GET /api/v1/enrichment/rules HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

List enrichment rules

Required

The lifecycle management datasource ID

{
  "value": {
    "id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
    "name": "Workday Integration",
    "provider_type": "WORKDAY",
    "external_id": "https://wd5-impl-services1.workday.com/veza_preview",
    "lifecycle_management_enabled": true,
    "supported_capabilities": [
      "IDENTITY_SOURCE",
      "ACCESS_TARGET"
    ]
  }
}
{
  "value": {
    "id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
    "name": "SCIM Demo Server",
    "provider_type": "SCIM",
    "external_id": "https://scim.example.com",
    "lifecycle_management_enabled": true,
    "supported_capabilities": [
      "ACCESS_TARGET"
    ],
    "available_actions": [
      {
        "action_type": "MANAGE_RELATIONSHIPS",
        "description": "Add or remove user memberships in groups",
        "supported_entity_types": ["User", "Group"],
        "supported_relationship_types": ["MemberOf"]
      }
    ],
    "syncable_attributes": [
      {
        "entity_type": "User",
        "attributes": [
          {
            "name": "userName",
            "type": "string",
            "required": true,
            "description": "Primary identifier for the user"
          },
          {
            "name": "displayName", 
            "type": "string",
            "required": false,
            "description": "Display name for the user"
          },
          {
            "name": "emails",
            "type": "array",
            "required": false,
            "description": "Email addresses associated with the user"
          }
        ]
      },
      {
        "entity_type": "Group",
        "attributes": [
          {
            "name": "displayName",
            "type": "string", 
            "required": true,
            "description": "Display name for the group"
          }
        ]
      }
    ],
    "grantable_entitlements": [
      {
        "entity_type": "Group",
        "entitlement_type": "MemberOf",
        "description": "Grant membership in the specified group"
      }
    ]
  }
}

For detailed information about the response fields, see the List Lifecycle Manager Datasources documentation.

GET /api/v1/providers/datasources/lifecycle_managers/{id}
get
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
idstringRequired
Responses
200

OK

application/json
idstringOptional
enabledbooleanOptional
datasourceobject · DataSourceOptional
entity_typestringOptional
typeinteger · enumOptional
idempotentbooleanOptional
namestringOptional
descriptionstringOptional
available_entity_typesstring[]Optional
namestringOptional
descriptionstringOptional
available_entity_typesstring[]Optional
@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional

id

Endpoint

Description

API Reference

Path Parameters

string

curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers/549a4b5e-0328-4c87-a19d-ee8a2926d1aa" \
  -H "authorization: Bearer $VEZA_TOKEN"

Request Examples

Response Examples

string

Optional

When present, only returns data sources matching the filter. Available options: name, agent_type, status, state, provider_id, data_provider_id, datasource_type

order_by

string

Optional

Sort results by: name, agent_type, status, state, provider_id, data_provider_id, or datasource_type

page_size

integer

Optional

The maximum number of results to return. Fewer results may be returned even when more pages exist

page_token

string

Optional

The token specifying the specific page of results to retrieve

curl -X GET "$BASE_URL/api/v1/providers/datasources" \
  -H "authorization: Bearer $VEZA_TOKEN"
curl -X GET "$BASE_URL/api/v1/providers/datasources?filter=status+eq+\"SUCCESS\"" \
  -H "authorization: Bearer $VEZA_TOKEN"
curl -X GET "$BASE_URL/api/v1/providers/datasources?page_size=10&order_by=name" \
  -H "authorization: Bearer $VEZA_TOKEN"

Standard Response:

GET /api/v1/providers/datasources
get
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters
filterstringOptional

When specified, only data sources matching the filter will be returned. Valid attributes: datasource_type Valid operators: EQ E.g. 'datasource_type eq "extractor"'

order_bystringOptional
page_sizeinteger · int32Optional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

Endpoint

Description

To fetch a known set of data sources by ID or external ID in a single request, use the POST counterpart List Data Sources (Batch by ID). The SCIM filter on this endpoint only supports single-value EQ and has no IN operator.

API Reference

Query Parameters

filter

{
  "values": [
    {
      "id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
      "name": "AWS EC2 (527398259632)",
      "datasource_type": "EXTRACTOR",
      "agent_type": "AWS_EC2",
      "status": "SUCCESS",
      "provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
      "path": "AWS/ec2",
      "state": "ENABLED",
      "effective_state": "ENABLED",
      "created_at": "2021-10-26T07:10:38Z",
      "updated_at": "2021-10-26T07:10:38Z",
      "synced_at": "2022-01-13T20:53:23Z",
      "parsed_at": "2022-01-13T20:53:29Z"
    }
  ],
  "next_page_token": "ec67g",
  "has_more": false
}

Request Examples

Veza expects spaces in URLs encoded as + (?datasource_type+eq+"extractor"). Some libraries encode spaces as %2B by default, which will cause errors.

Response Examples

Non-human identity

Sets identity_type to HUMAN or NONHUMAN

IS_PRIVILEGED

Privileged account

Sets is_privileged to true

CRITICALITY_LEVEL

Critical resource

Sets criticality_level to LOW, MEDIUM, HIGH, or CRITICAL

ENRICHED_OWNERS

Entity owner

Assigns ownership (static or from entity properties)

VEZA_TAGS

Veza tag

Adds or removes tags on matched entities

Before creating a rule, save the target query using the Query Builder API or the Veza UI.

Operation
Method
Path

GET

/api/v1/enrichment/rules

POST

/api/v1/enrichment/rules

enriched_property

Rule type

Effect

enrichment rules

IDENTITY_TYPE

Endpoints

enriched_property

The enrichment rule type. Set to "ENRICHED_OWNERS" (or the integer 4). Required.

Returns a queries array. Each entry includes:

Field
Description

id

Assessment query ID. Pass this as other_node_query_id when creating a rule.

name

Display name of the saved query.

other_node_type

The destination entity type of the query (e.g., OktaUser, CustomCMDBConfigurationItem).

Example: traversal query

Example: CMDB query

  • Create enrichment rule: using other_node_query_id in a rule

  • Enrichment rules: Entity Owner: UI walkthrough and concepts

  • Freshservice CMDB integration: column mapping that populates owner_node_id / owner_external_id

post

Returns saved assessment queries that can be used as the Owner Query (other_node_query_id) for dynamic owner resolution in Entity Owner enrichment rules. Two query types are returned: path queries that traverse from the enriched entity to a related entity holding the owner identifier, and CMDB queries that return CustomCMDBConfigurationItem nodes whose owner_node_id and owner_external_id properties point to the resolved owner. Use the returned property_names to populate property_names_in_template on CreateEnrichmentRule.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

entity_type

Request body

Create enrichment rule

The entity type being enriched (e.g., AwsIamUser, OktaUser). Required.

{
  "queries": [
    {
      "id": "019d5767-2edf-7401-9c65-1d9c28f6b343",
      "name": "AWS IAM users linked to Okta",
      "other_node_type": "OktaUser",
      "property_names": ["id", "email", "employee_id", "department"]
    }
  ]
}
{
  "queries": [
    {
      "id": "019d5767-2edf-7401-9c65-1d9c28f6b343",
      "name": "Service accounts to CMDB config items",
      "other_node_type": "CustomCMDBConfigurationItem",
      "property_names": ["owner_node_id", "owner_external_id"]
    }
  ]
}

Response

Related

Data Sources

Operations for managing data sources including listing, updating, enabling, disabling, and status monitoring

Each cloud provider will have one or more associated data sources. Each represents a discrete instance of a service that Veza connects to for the discovery and extraction of authorization metadata.

The provider under /providers/aws/{id}, for example, may have an associated EC2 data source, represented as:

{
  "id": "6961b032-3fd7-4baa-a230-146d1b70ec27",
  "name": "AWS EC2 (527398259632)",
  "datasource_type": "EXTRACTOR",
  "agent_type": "AWS_EC2",
  "status": "SUCCESS",
  "provider_id": "cd0cf102-e86c-4599-9cbe-64d2c6b83236",
  "path": "AWS/ec2",
  "state": "ENABLED",
  "effective_state": "ENABLED",
  "datasource_config": null,
  "created_at": "2021-10-26T07:10:38Z",
  "updated_at": "2021-10-26T07:10:38Z",
  "sync_start": "2022-01-13T20:53:20Z",
  "sync_end": "2022-01-13T20:53:23Z",
  "sync_start_success": "2022-01-13T20:53:20Z",
  "sync_end_success": "2022-01-13T20:53:23Z",
  "parse_start": "2022-01-13T20:53:24Z",
  "parse_end": "2022-01-13T20:53:29Z",
  "parse_start_success": "2022-01-13T20:53:24Z",
  "parse_end_success": "2022-01-13T20:53:29Z"
}

You can use the API to get or update data source records, or enable and disable individual data sources.

Disabling a data source will cancel all pending extractions.

Available Endpoints

Core Data Source Operations

Lifecycle Management Operations

For working with custom applications and Open Authorization API (OAA), see:

List by Action Type

Find lifecycle management datasources that support specific action types and entity relationships

Endpoint

GET /api/v1/providers/datasources/lifecycle_managers:by_action_type

Description

Returns Lifecycle Management datasources filtered by their supported action types, entity types, and relationship types. This endpoint helps you find datasources that can perform specific lifecycle management operations.

API Reference

Query Parameters

Parameter
Type
Required?
Description

action_type

Value
Name

Standard Response:

Get enrichment rule

GET

/api/v1/enrichment/rules/{id}

Delete enrichment rule

DELETE

/api/v1/enrichment/rules/{id}

Enable or disable rule

PUT

/api/v1/enrichment/rules/{id}:toggle

Get valid queries

POST

/api/v1/enrichment/rules/queries

Get valid other-node queries

POST

/api/v1/enrichment/rules/other_node_queries

Preview enrichment rule

POST

/api/v1/enrichment/rules_preview

Preview enrichment rule count

POST

/api/v1/enrichment/rules_preview_count

List enrichment rules
Create enrichment rule

List Data Sources

Retrieve all data sources with filtering and pagination

List Data Sources (Batch by ID)

Fetch a known set of data sources by ID or external ID in one call

Get Data Source

Retrieve details for a specific data source

Update Data Source

Update the name for a data source

Disable Data Source

Pause discovery and extraction for a data source

Enable Data Source

Resume monitoring and queue for extraction

Status and Monitoring

Related APIs

Open Authorization API
OAA Operations

List Lifecycle Manager Datasources

List datasources with lifecycle management capabilities

Get Lifecycle Manager Datasource

Get details for a specific lifecycle manager datasource

List by Action Type

Find datasources that support specific action types

Get Parse Status

Retrieve parsing status and details

Get Sync Status

Retrieve synchronization status and details

get/api/v1/providers/datasources/lifecycle_managers/{id}
GET /api/v1/providers/datasources/lifecycle_managers/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "value": {
    "id": "text",
    "enabled": true,
    "datasource": {},
    "definition": {
      "source_of_identity_definition": {
        "entity_type": "text"
      },
      "actions": [
        {
          "type": 1,
          "idempotent": true,
          "input_entity_types": [
            {
              "name": "text",
              "description": "text",
              "available_entity_types": [
                "text"
              ]
            }
          ],
          "output_entity_types": [
            {
              "name": "text",
              "description": "text",
              "available_entity_types": [
                "text"
              ]
            }
          ],
          "definition": {
            "@type": "text",
            "ANY_ADDITIONAL_PROPERTY": "anything"
          }
        }
      ]
    }
  }
}
{
  "value": {}
}
{
  "values": [
    {
      "id": "text",
      "name": "text",
      "description": "text",
      "active": true,
      "provider_ids": [
        "text"
      ],
      "entity_type": "text",
      "property_name": "text",
      "property_value": null,
      "node_ids": [
        "text"
      ],
      "query_id": "text",
      "priority": 1,
      "other_node_query_id": "text",
      "informative_fields": {
        "query_name": "text",
        "other_node_query_name": "text",
        "other_node_type": "text"
      }
    }
  ],
  "next_page_token": "text",
  "has_more": true
}

3

CREATE_EMAIL

4

DEPROVISION_IDENTITY

5

ACCESS_PLAN

6

WRITE_BACK_EMAIL

7

PAUSE

8

SEND_NOTIFICATION

9

CUSTOM_ACTION

10

CREATE_ENTITLEMENT

11

CREATE_ACCESS_REVIEW

12

RESET_PASSWORD

13

DELETE_IDENTITY

integer

Optional

Filter by specific LCM action type. See Action Type Values below. See OpenAPI schema for details.

entity_type

string

Optional

Filter by entity type that the datasource can work with

relationship_type

string

Optional

Filter by relationship type that the datasource can manage

0

NONE

1

SYNC_IDENTITIES

2

MANAGE_RELATIONSHIPS

# Find datasources that support SYNC_IDENTITIES operations (action_type=1)
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?action_type=1" \
  -H "authorization: Bearer $VEZA_TOKEN"
# Find datasources that can manage User entities
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?entity_type=User" \
  -H "authorization: Bearer $VEZA_TOKEN"
# Find datasources that support SYNC_IDENTITIES operations on Users with MemberOf relationships
curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers:by_action_type?action_type=1&entity_type=User&relationship_type=MemberOf" \
  -H "authorization: Bearer $VEZA_TOKEN"
{
  "values": [
    {
      "id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
      "name": "Workday Integration",
      "provider_type": "WORKDAY",
      "external_id": "https://wd5-impl-services1.workday.com/veza_preview",
      "lifecycle_management_enabled": true,
      "supported_capabilities": [
        "IDENTITY_SOURCE",
        "ACCESS_TARGET"
      ]
    }
  ],
  "has_more": false,
  "next_page_token": ""
}

Action Type Values

Request Examples

Response Examples

get
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters
action_typeinteger · enumOptional
entity_typestringOptional

Optional filter to narrow by the entity type of the action. For MANAGE_RELATIONSHIPS this is the assignee entity type (AssigneeEntityTypes). For REMOVE_DIRECT_ACCESS this is the assignee side of an AllowedPair. For other actions it matches the action's primary entity type from GetInfoForActionProtoMessage.

relationship_typestringOptional

Optional filter to narrow by the relationship/target side of the action. For MANAGE_RELATIONSHIPS this matches AvailableEntityTypes. For REMOVE_DIRECT_ACCESS this matches the target side of an AllowedPair; when both entity_type and relationship_type are supplied they must match the same AllowedPair entry. Ignored for other actions.

Responses
200

OK

application/json
idstringOptional
enabledbooleanOptional
datasourceobject · DataSourceOptional
entity_typestringOptional
typeinteger · enumOptional
idempotentbooleanOptional
namestringOptional
descriptionstringOptional
available_entity_typesstring[]Optional
namestringOptional
descriptionstringOptional
available_entity_typesstring[]Optional
@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
get/api/v1/providers/datasources/lifecycle_managers:by_action_type
Responses
200

OK

application/json
external_datasource_idstringOptional
external_provider_idstringOptional
datasource_typestringOptional
extraction_startstring · date-timeOptional
extraction_endstring · date-timeOptional
datasource_namestringOptional
is_deletedbooleanOptional
datasource_idstringOptional
has_warningbooleanOptional
snapshot_not_foundbooleanOptional
pagination_contextstringOptional
has_morebooleanOptional
default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
get/api/v1/providers/datasources
GET /api/v1/providers/datasources HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

Request body for discovering valid other-node queries. Specify the entity_type being enriched (the same entity_type passed to CreateEnrichmentRule) and set enriched_property to "ENRICHED_OWNERS" (the API also accepts the integer enum value 4). The endpoint rejects requests where entity_type is CustomCMDBConfigurationItem.

entity_typestringOptional

Node type of the enriched entity.

enriched_propertyinteger · enumOptional

Enriched property of the enrichment rule.

Responses
200

OK

application/json

List of saved assessment queries compatible with the requested entity_type for use as other_node_query_id in an enrichment rule.

idstringOptional

ID of the assessment query.

namestringOptional

Name of the assessment query.

other_node_typestringOptional

Node type of the other entity that the query targets.

property_namesstring[]Optional

Properties of the other entity that can be referenced in the enrichment rule value template.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
post/api/v1/enrichment/rules/other_node_queries
POST /api/v1/enrichment/rules/other_node_queries HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 44

{
  "entity_type": "text",
  "enriched_property": 1
}

property_names

Properties on the destination entity that can be referenced in the enriched_owners_value template. For traversal queries, this is the set of string properties on the destination entity.

For CustomCMDBConfigurationItem queries, this is always ["owner_node_id", "owner_external_id"] populated when the CMDB integration maps owner columns to identity nodes.

Get valid other-node queries

Create enrichment rule

Creates a new enrichment rule that automatically applies attributes to entities matching a saved query.

Workflow

  1. Save a query using the Query Builder API or the Veza UI (Access Intelligence > Query Builder).

  2. Copy the query id from the response.

  3. Submit a CreateEnrichmentRule request with the query_id and one rule type field.

The rule is applied during the next metadata extraction for integrations with entities matching the saved query.

Set enriched_property to define the enrichment behavior:

For ENRICHED_OWNERS, use enriched_owners_value instead of property_value. The owners array supports template variables. Use property_names_in_template to declare the entity property containing the owner ID, then reference it as {{property_name}} in the entity_id field:

When ownership information exists on a related entity rather than the enriched entity itself, pass other_node_query_id with the ID of a saved query. The query must be one of two types:

  1. Related-entity traversal: A query that traverses from the enriched entity to a related entity. The related entity either contains the owner ID in a property (referenced by property_names_in_template), or is the owner itself (use id in property_names_in_template to reference its node ID).

  2. CMDB Configuration Item lookup: A query for CustomCMDBConfigurationItem. Unlike a traversal query, this does not connect directly to the enriched entity or owner. Instead, the CMDB item's asset_node_id

Use to discover compatible queries and their available properties.

Example: Related-entity traversal

In this example, other_node_query_id points to a saved query that traverses from AwsIamUser to a linked OktaUser. The id property on the related OktaUser resolves to the owner:

Example: CMDB Configuration Item lookup

In this example, other_node_query_id points to a saved query that returns CustomCMDBConfigurationItem nodes. Each CMDB item has an asset_node_id pointing to the enriched entity and an owner_node_id pointing to the owner:

For VEZA_TAGS, use tag_updates_value with add_tags and remove_tags arrays. Each tag is a {key, value} pair:

UpdateEnrichmentRule is not exposed via the public API. To replace a rule's configuration, delete and recreate it. To enable or disable a rule, use .

List Lifecycle Manager Datasources

Lists all data sources that have enabled lifecycle management and their supported capabilities

Lists all data sources that have enabled lifecycle management and their detailed capabilities. This endpoint shows which systems can be used as sources of identity information and as targets for access management operations in Veza Lifecycle Management.

Use this endpoint to:

  • Discover which datasources support lifecycle management

  • View the capabilities each datasource provides

{
  "datasource_list": [
    {
      "external_datasource_id": "text",
      "external_provider_id": "text",
      "datasource_type": "text",
      "extraction_start": "2026-07-19T12:46:46.939Z",
      "extraction_end": "2026-07-19T12:46:46.939Z",
      "datasource_name": "text",
      "is_deleted": true,
      "datasource_id": "text",
      "has_warning": true
    }
  ],
  "snapshot_not_found": true,
  "pagination_context": "text",
  "has_more": true
}
{
  "queries": [
    {
      "id": "text",
      "name": "text",
      "other_node_type": "text",
      "property_names": [
        "text"
      ]
    }
  ]
}
{
  "values": [
    {
      "id": "text",
      "enabled": true,
      "datasource": {},
      "definition": {
        "source_of_identity_definition": {
          "entity_type": "text"
        },
        "actions": [
          {
            "type": 1,
            "idempotent": true,
            "input_entity_types": [
              {
                "name": "text",
                "description": "text",
                "available_entity_types": [
                  "text"
                ]
              }
            ],
            "output_entity_types": [
              {
                "name": "text",
                "description": "text",
                "available_entity_types": [
                  "text"
                ]
              }
            ],
            "definition": {
              "@type": "text",
              "ANY_ADDITIONAL_PROPERTY": "anything"
            }
          }
        ]
      }
    }
  ]
}
GET /api/v1/providers/datasources/lifecycle_managers:by_action_type HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

CRITICALITY_LEVEL

Critical resource

"LOW", "MEDIUM", "HIGH", or "CRITICAL"

ENRICHED_OWNERS

Entity owner

— use enriched_owners_value instead

VEZA_TAGS

Veza tag

— use tag_updates_value instead

property points to the enriched entity, and its
owner_node_id
property points to the owner. Use
owner_node_id
or
owner_external_id
in
property_names_in_template
.

Value

Rule type

Use property_value

IDENTITY_TYPE

Non-human identity

"HUMAN" or "NONHUMAN"

IS_PRIVILEGED

Privileged account

curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "content-type: application/json" \
  -d '{
    "name": "Mark service accounts as NHI",
    "provider_ids": ["<provider-id>"],
    "entity_type": "OktaUser",
    "query_id": "<saved-query-id>",
    "enriched_property": "IDENTITY_TYPE",
    "property_value": "NONHUMAN"
  }'
curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
  -H "Authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Assign owner from entity property",
    "provider_ids": ["<provider-id>"],
    "entity_type": "AwsIamUser",
    "query_id": "<saved-query-id>",
    "enriched_property": "ENRICHED_OWNERS",
    "enriched_owners_value": {
      "property_names_in_template": ["id"],
      "owners": [
        {
          "entity_id": "{{id}}",
          "entity_type": "OktaUser"
        }
      ]
    }
  }'
curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
  -H "Authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Assign owner from linked IdP user",
    "provider_ids": ["<provider-id>"],
    "entity_type": "AwsIamUser",
    "query_id": "<saved-query-id>",
    "other_node_query_id": "<traversal-query-id>",
    "enriched_property": "ENRICHED_OWNERS",
    "enriched_owners_value": {
      "property_names_in_template": ["id"],
      "owners": [
        {
          "entity_id": "{{id}}",
          "entity_type": "OktaUser"
        }
      ]
    }
  }'
curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
  -H "Authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Assign owner from CMDB config item",
    "provider_ids": ["<provider-id>"],
    "entity_type": "AwsIamUser",
    "query_id": "<saved-query-id>",
    "other_node_query_id": "<cmdb-query-id>",
    "enriched_property": "ENRICHED_OWNERS",
    "enriched_owners_value": {
      "property_names_in_template": ["owner_node_id"],
      "owners": [
        {
          "entity_id": "{{owner_node_id}}",
          "entity_type": "OktaUser"
        }
      ]
    }
  }'
curl -X POST "$BASE_URL/api/v1/enrichment/rules" \
  -H "Authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Tag production AWS roles",
    "provider_ids": ["<provider-id>"],
    "entity_type": "AwsIamRole",
    "query_id": "<saved-query-id>",
    "enriched_property": "VEZA_TAGS",
    "tag_updates_value": {
      "add_tags": [
        {"key": "environment", "value": "production"}
      ],
      "remove_tags": []
    }
  }'

enriched_property values

Sample request

Examples for ENRICHED_OWNERS and VEZA_TAGS

Using other_node_query_id for CMDB or related-entity owner resolution

Notes

Get valid other-node queries
ToggleEnrichmentRule

Create enrichment rule

post

Creates a new enrichment rule that automatically applies attributes to entities matching a saved query. Supported rule types are: identify non-human identities (set identity_type to HUMAN or NONHUMAN), assign entity owners (static or dynamic ownership from entity properties), detect privileged accounts (set is_privileged to true), classify critical resources (set criticality_level to LOW, MEDIUM, HIGH, or CRITICAL), and assign Veza tags (add or remove tags on matched entities). The query_id must reference an existing saved assessment query.

Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

Request body for creating an enrichment rule. Required fields: name, provider_ids, entity_type. Set enriched_property to define the rule type (IDENTITY_TYPE, IS_PRIVILEGED, CRITICALITY_LEVEL, ENRICHED_OWNERS, or VEZA_TAGS). Use property_value for scalar values (e.g., "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL). Use enriched_owners_value for owner assignment rules, or tag_updates_value for tag rules. Use query_id to target entities matching a saved assessment query, or node_ids for static targeting.

namestringOptional

Name of the enrichment rule. Must be unique across all rules.

descriptionstringOptional

Description of the enrichment rule.

activebooleanOptional

Whether the rule will be executed.

provider_idsstring[]Optional

Provider IDs for which the rule will be executed.

entity_typestringOptional

Entity type on which the rule will be executed. Must be a valid entity type that is supported by all specified providers.

property_namestringOptional

Property name whose value will be changed by enrichment. Not recommended. Only valid if enriched_property = USE_PROPERTY_NAME; otherwise, the property name will be set according to enriched_property.

property_valueanyOptional

The scalar value to set for the enriched property. Examples: "NONHUMAN" for IDENTITY_TYPE, "true" for IS_PRIVILEGED, "HIGH" for CRITICALITY_LEVEL. Not used when enriched_property is ENRICHED_OWNERS (use enriched_owners_value) or VEZA_TAGS (use tag_updates_value).

node_idsstring[]Optional

Static list of entity IDs for which the property-value should be applied. Not recommended: use query_id to target entities dynamically instead. Does not work with ENRICHED_OWNERS or VEZA_TAGS enrichment.

query_idstringOptional

The query that is executed to obtain a list of entity IDs of the specified entity type. It must exist before creating the enrichment rule and its source_type must match entity_type.

prioritynumber · floatOptional

The higher the priority, the later the rule runs. A rule running later will overwrite the changes from previous rules. CAVEAT: it is not recommended to have multiple rules of the same priority, as they may run in any order.

other_node_query_idstringOptional

Optional. The ID of a saved assessment query used to resolve the owner from a related entity instead of the enriched entity itself. Two query types are accepted: a path query that traverses from the enriched entity to a related entity holding the owner ID (or that is the owner), or a query for CustomCMDBConfigurationItem whose owner_node_id and owner_external_id properties point to the resolved owner. Use Get valid other-node queries to discover compatible queries. Requires query_id to also be set.

enriched_propertyinteger · enumOptional

The enrichment rule type (enum). Values: 0 = USE_PROPERTY_NAME (custom property_name required), 1 = IDENTITY_TYPE (set identity_type to HUMAN or NONHUMAN via property_value), 2 = IS_PRIVILEGED (set is_privileged, use property_value "true"), 3 = CRITICALITY_LEVEL (set criticality_level via property_value: LOW, MEDIUM, HIGH, or CRITICAL), 4 = ENRICHED_OWNERS (assign ownership, use enriched_owners_value instead of property_value), 5 = VEZA_TAGS (add or remove tags, use tag_updates_value instead of property_value).

property_names_in_templatestring[]Optional
teamstringOptional
keystringOptionalDeprecated
valuestringOptionalDeprecated
keystringOptionalDeprecated
valuestringOptionalDeprecated
Responses
200

OK

application/json
idstringOptional

The generated ID of the newly created enrichment rule.

default

Default error response

application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

codeinteger · int32Optional

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

messagestringOptional

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

@typestringOptional

The type of the serialized message.

Other propertiesanyOptional
post/api/v1/enrichment/rules

"true"

Get datasource IDs needed for other lifecycle management operations

  • Identify available actions, syncable attributes, and grantable entitlements for each datasource

  • Parameter
    Type
    Required?
    Description

    filter

    string

    Optional

    When present, only returns data sources matching the filter

    order_by

    curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers" \
      -H "authorization: Bearer $VEZA_TOKEN"
    curl -X GET "$BASE_URL/api/v1/providers/datasources/lifecycle_managers?page_size=10" \
      -H "authorization: Bearer $VEZA_TOKEN"
    {
      "values": [
        {
          "id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
          "name": "Workday Integration", 
          "provider_type": "WORKDAY",
          "external_id": "https://wd5-impl-services1.workday.com/veza_preview",
          "lifecycle_management_enabled": true,
          "supported_capabilities": [
            "IDENTITY_SOURCE",
            "ACCESS_TARGET"
          ]
        },
        {
          "id": "2b1c8d4e-5f2a-4b3c-9e7f-1d2e3f4a5b6c",
          "name": "Active Directory",
          "provider_type": "ACTIVE_DIRECTORY", 
          "external_id": "corp.example.com",
          "lifecycle_management_enabled": true,
          "supported_capabilities": [
            "ACCESS_TARGET"
          ]
        }
      ],
      "has_more": false,
      "next_page_token": ""
    }
    {
      "values": [
        {
          "id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
          "name": "SCIM Demo Server",
          "provider_type": "SCIM",
          "external_id": "https://scim.example.com",
          "lifecycle_management_enabled": true,
          "supported_capabilities": [
            "ACCESS_TARGET"
          ],
          "available_actions": [
            {
              "action_type": "MANAGE_RELATIONSHIPS",
              "description": "Add or remove user memberships in groups",
              "supported_entity_types": ["User", "Group"],
              "supported_relationship_types": ["MemberOf"]
            }
          ],
          "syncable_attributes": [
            {
              "entity_type": "User",
              "attributes": [
                {
                  "name": "userName",
                  "type": "string",
                  "required": true,
                  "description": "Primary identifier for the user"
                },
                {
                  "name": "displayName", 
                  "type": "string",
                  "required": false,
                  "description": "Display name for the user"
                },
                {
                  "name": "emails",
                  "type": "array",
                  "required": false,
                  "description": "Email addresses associated with the user"
                }
              ]
            },
            {
              "entity_type": "Group",
              "attributes": [
                {
                  "name": "displayName",
                  "type": "string", 
                  "required": true,
                  "description": "Display name for the group"
                }
              ]
            }
          ],
          "grantable_entitlements": [
            {
              "entity_type": "Group",
              "entitlement_type": "MemberOf",
              "description": "Grant membership in the specified group"
            }
          ]
        }
      ],
      "has_more": false,
      "next_page_token": ""
    }
    • id: Unique identifier for the datasource

    • name: Human-readable name of the datasource

    • provider_type: The type of integration (e.g., SCIM, WORKDAY, ACTIVE_DIRECTORY)

    • external_id: External system identifier or endpoint URL

    • lifecycle_management_enabled: Whether LCM is enabled for this datasource

    The supported_capabilities field indicates what operations each datasource can perform:

    • IDENTITY_SOURCE: Can provide identity information for lifecycle management

    • ACCESS_TARGET: Can receive and execute access management operations

    The available_actions array details specific lifecycle management operations supported:

    • action_type: Type of action (e.g., MANAGE_RELATIONSHIPS)

    • description: Human-readable description of the action

    • supported_entity_types: Entity types this action can work with (User, Group, etc.)

    • supported_relationship_types: Relationship types this action can manage (MemberOf, etc.)

    The syncable_attributes array shows which entity attributes can be synchronized:

    • entity_type: The type of entity (User, Group, etc.)

    • attributes: Array of attribute definitions including:

      • name: Attribute name in the target system

      • type: Data type (string, array, boolean, etc.)

      • required: Whether the attribute is required

      • description: Purpose and usage of the attribute

    The grantable_entitlements array shows what access can be granted through this datasource:

    • entity_type: Type of entity that can grant access (typically Group)

    • entitlement_type: Type of entitlement relationship (MemberOf, etc.)

    • description: What access is granted through this entitlement

    GET /api/v1/providers/datasources/lifecycle_managers

    Endpoint

    Description

    API Reference

    Query Parameters

    Request Examples

    Response Examples

    Response Fields

    Basic Datasource Information

    Supported Capabilities

    Available Actions

    Syncable Attributes

    Grantable Entitlements

    List available owners

    Returns paginated active IdP users that can be assigned as entity owners

    Endpoint: POST {veza_url}/api/v1/list_available_owners Authentication: Bearer token (admin, operator, or nhi_security_admin role)

    Returns a paginated list of active IdP users that are eligible to be assigned as entity owners. Use this endpoint to populate an owner picker before calling Batch Set Owners.


    Minimal Working Example

    curl -X POST "https://your-tenant.veza.com/api/v1/list_available_owners" \
      -H "Authorization: Bearer YOUR_TOKEN" \
      -H "Content-Type: application/json" \
      -d '{
        "search_value": "alice",
        "page_size": 25
      }'

    Response:

    {
      "owners": [
        {
          "entity_id": "abc123",
          "entity_type": "OktaUser",
          "entity_name": "Alice Smith",
          "external_id": "alice@example.com"
        }
      ],
      "next_page_token": "eyJwYWdlIjoxfQ==",
      "has_more": true
    }

    Request Fields

    Field
    Type
    Required
    Description

    Field
    Type
    Description

    Only active IdP users are returned. Active status is evaluated per IdP type:

    IdP type
    Active condition

    If a global IdP is configured for your tenant, only that IdP's user type is returned. Otherwise, all IdP user entities are returned.


    Iterate through all available owners by following next_page_token:

    Stop when has_more is false or next_page_token is empty.


    Use list_available_owners to discover valid candidates before assigning owners with :

    1. Call list_available_owners with search_value to find a user by name or email

    2. Copy the entity_id and entity_type from the response

    Properties to search on. Defaults to name and email when search_value is provided but this field is empty.

    page_size

    integer

    No

    Results per page. Defaults to 1000 if unset or 0.

    page_token

    string

    No

    Token from a previous response's next_page_token. Omit to get the first page.

    has_more

    boolean

    true if additional results are available beyond this page.

    All others

    is_active property absent, or is_active = true

    Pass them as Owner objects in a batch_set_owners request

    search_value

    string

    No

    Search string for filtering owners. Case-insensitive partial match. If omitted, all available owners are returned (paginated).

    search_properties

    array of string

    owners

    array

    Valid, active owner entities matching the request. Each entry includes entity_id, entity_type, entity_name, and external_id.

    next_page_token

    string

    Pass this value as page_token in the next request to retrieve the following page. Empty when no further pages exist.

    AzureADUser

    account_enabled = true

    OktaUser

    status not in PROVISIONED, DEPROVISIONED, STAGED, SUSPENDED

    GoogleWorkspaceUser

    archived = false and suspended = false

    Response Fields

    What Counts as "Active"

    Pagination Example

    Common Use Case

    Batch Set Owners

    No

    {
      "id": "text"
    }
    POST /api/v1/enrichment/rules HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 390
    
    {
      "name": "text",
      "description": "text",
      "active": true,
      "provider_ids": [
        "text"
      ],
      "entity_type": "text",
      "property_name": "text",
      "property_value": null,
      "node_ids": [
        "text"
      ],
      "query_id": "text",
      "priority": 1,
      "other_node_query_id": "text",
      "enriched_property": 1,
      "enriched_owners_value": {
        "property_names_in_template": [
          "text"
        ],
        "owners": [
          {
            "team": "text"
          }
        ]
      },
      "tag_updates_value": {
        "add_tags": [
          {}
        ],
        "remove_tags": [
          {}
        ]
      }
    }
    # First page
    curl -X POST ".../api/v1/list_available_owners" \
      -H "Authorization: Bearer YOUR_TOKEN" \
      -d '{"page_size": 100}'
    
    # Subsequent pages — use next_page_token from prior response
    curl -X POST ".../api/v1/list_available_owners" \
      -H "Authorization: Bearer YOUR_TOKEN" \
      -d '{"page_size": 100, "page_token": "eyJwYWdlIjoxfQ=="}'

    string

    Optional

    Sort results by specified field

    page_size

    integer

    Optional

    The maximum number of results to return. Fewer results may be returned even when more pages exist

    page_token

    string

    Optional

    The token specifying the specific page of results to retrieve

    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Query parameters
    filterstringOptional
    order_bystringOptional
    page_sizeinteger · int32Optional

    The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

    page_tokenstringOptional

    The token specifying the specific page of results to retrieve.

    Responses
    200

    OK

    application/json
    idstringOptional
    enabledbooleanOptional
    datasourceobject · DataSourceOptional
    entity_typestringOptional
    typeinteger · enumOptional
    idempotentbooleanOptional
    namestringOptional
    descriptionstringOptional
    available_entity_typesstring[]Optional
    namestringOptional
    descriptionstringOptional
    available_entity_typesstring[]Optional
    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    next_page_tokenstringOptional

    The pagination token to retrieve the next page of results.

    has_morebooleanOptional

    If true, more results are available.

    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/datasources/lifecycle_managers
    {
      "values": [
        {
          "id": "text",
          "enabled": true,
          "datasource": {},
          "definition": {
            "source_of_identity_definition": {
              "entity_type": "text"
            },
            "actions": [
              {
                "type": 1,
                "idempotent": true,
                "input_entity_types": [
                  {
                    "name": "text",
                    "description": "text",
                    "available_entity_types": [
                      "text"
                    ]
                  }
                ],
                "output_entity_types": [
                  {
                    "name": "text",
                    "description": "text",
                    "available_entity_types": [
                      "text"
                    ]
                  }
                ],
                "definition": {
                  "@type": "text",
                  "ANY_ADDITIONAL_PROPERTY": "anything"
                }
              }
            ]
          }
        }
      ],
      "next_page_token": "text",
      "has_more": true
    }
    GET /api/v1/providers/datasources/lifecycle_managers HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    

    Data Source Scheduling Configuration

    Configure priority scheduling and extraction times for data sources

    The Data Source Scheduling Configuration APIs allow administrators to configure advanced scheduling options for individual data sources, including:

    • Priority scheduling: Assign priorities (1-100) to ensure extraction jobs are processed ahead of standard data sources

    • Scheduled extraction times: Define specific times of day when extractions should occur (in 30-minute intervals)

    Day-of-week scheduling: Restrict extractions to precise days of the week

    These APIs are intended primarily for use with Veza Lifecycle Management to ensure critical data sources (such as HR systems) are refreshed at predictable times to support downstream automation workflows.

    Configure HR system data sources to extract at specific times to ensure identity data is current before provisioning workflows execute:

    Schedule non-critical extractions only on weekends to reduce workload during business hours:

    Method
    Endpoint
    Description

    POST

    /api/private/providers/datasources/{datasource_id}/scheduling_config

    Create or update scheduling configuration

    GET

    /api/private/providers/datasources/{datasource_id}/scheduling_config

    Get configuration for a specific data source


    Creates or updates the scheduling configuration for a specific data source. If a configuration already exists for the data source, it will be updated with the new values; otherwise, a new configuration will be created.

    Parameter
    Type
    Required?
    Description

    datasource_id

    string (UUID)

    Required

    The unique identifier of the data source

    The request body contains the configuration fields directly (no wrapper object needed):

    Field
    Type
    Required?
    Description

    priority

    integer

    Required

    Priority level (1-100). Must be 100 when scheduled_extraction_times are configured

    timezone

    • Priority: Must be between 1-100 (where 100 is the highest priority)

      • When scheduled_extraction_times are configured, priority must be 100 to ensure jobs are processed closest to the configured times

      • Priority 1-99 can be used without schedules for edge cases requiring a higher priority than standard periodic scheduling

      • Extraction and parsing jobs are picked up in decreasing order of priority, followed by creation timestamp

    • Timezone: Required when either scheduled_extraction_times or scheduled_days_of_week are provided. Must be a valid IANA timezone

    • Extraction times:

      • Must be in HH:MM:SS format

      • Minutes must be :00 or :30 (30-minute intervals only)

    • Days of the week:

      • Requires scheduled_extraction_times to be non-empty

      • Automatically sorted (Sunday first)

    • System limit: A maximum of 100 data sources can have scheduling configurations (limit will be enforced in a future release)

    curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
      -H "authorization: Bearer $VEZA_TOKEN" \
      -H "Content-Type: application/json" \
      --data-raw '{
        "priority": 100,
        "timezone": "America/New_York",
        "scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
        "scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
      }'
    curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
      -H "authorization: Bearer $VEZA_TOKEN" \
      -H "Content-Type: application/json" \
      --data-raw '{
        "priority": 100
      }'
    curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
      -H "authorization: Bearer $VEZA_TOKEN" \
      -H "Content-Type: application/json" \
      --data-raw '{
        "priority": 100,
        "timezone": "America/Los_Angeles",
        "scheduled_extraction_times": ["09:00:00", "21:00:00"],
        "scheduled_days_of_week": ["SATURDAY", "SUNDAY"]
      }'

    Standard Response:

    Error Response (Invalid Time Format):

    Error Response (Limit Reached):


    Retrieves the scheduling configuration for a specific data source.

    Parameter
    Type
    Required?
    Description

    datasource_id

    string (UUID)

    Required

    The unique identifier of the data source

    Standard Response:

    Error Response (Not Found):


    Returns all scheduling configurations across all data sources in your organization.

    Parameter
    Type
    Required?
    Description

    datasource_type

    string

    Optional

    Filter by datasource type: EXTRACTOR, DISCOVERER, or PARSER

    curl -X GET "$BASE_URL/api/private/providers/datasources/scheduling_configs" \
      -H "authorization: Bearer $VEZA_TOKEN"
    curl -X GET "$BASE_URL/api/private/providers/datasources/scheduling_configs?datasource_type=EXTRACTOR" \
      -H "authorization: Bearer $VEZA_TOKEN"

    Standard Response:


    Removes the scheduling configuration for a specific data source. The data source will revert to standard scheduling behavior.

    Parameter
    Type
    Required?
    Description

    datasource_id

    string (UUID)

    Required

    The unique identifier of the data source

    Standard Response:


    • List Data Sources - Get data source IDs for configuration

    • Get Data Source - View data source details and status

    • Lifecycle Management APIs - Automated identity lifecycle workflows

    Overview

    # Configure Workday to extract weekdays at 6 AM Eastern
    curl -X POST "$BASE_URL/api/private/providers/datasources/{workday_datasource_id}/scheduling_config" \
      -H "authorization: Bearer $VEZA_TOKEN" \
      -H "Content-Type: application/json" \
      --data-raw '{
        "priority": 100,
        "timezone": "America/New_York",
        "scheduled_extraction_times": ["06:00:00"],
        "scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
      }'
    curl -X POST "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
      -H "authorization: Bearer $VEZA_TOKEN" \
      -H "Content-Type: application/json" \
      --data-raw '{
        "priority": 100,
        "timezone": "America/Los_Angeles",
        "scheduled_extraction_times": ["00:00:00", "12:00:00"],
        "scheduled_days_of_week": ["SATURDAY", "SUNDAY"]
      }'
    POST /api/private/providers/datasources/{datasource_id}/scheduling_config
    {
      "value": {
        "datasource_id": "019a0f2b-53cd-7c5d-904f-bf2588b876d5",
        "priority": "100",
        "datasource_name": "AWS S3 (527398259632)",
        "datasource_type": "EXTRACTOR",
        "timezone": "America/New_York",
        "scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
        "created_at": "2025-10-28T02:34:27.794138246Z",
        "updated_at": "2025-10-31T19:42:43.705828675Z",
        "scheduled_days_of_week": ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
      }
    }
    {
      "code": "INVALID_ARGUMENT",
      "message": "invalid time format '09:15:00': only 00 and 30 minutes of the hour are supported",
      "details": []
    }
    {
      "code": "INVALID_ARGUMENT",
      "message": "Cannot create scheduling configuration. Limit of 100 configurations is reached.",
      "details": []
    }
    GET /api/private/providers/datasources/{datasource_id}/scheduling_config
    curl -X GET "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
      -H "authorization: Bearer $VEZA_TOKEN"
    {
      "value": {
        "datasource_id": "0199827a-402d-7554-af7b-cb3489b68402",
        "priority": "100",
        "datasource_name": "AWS IAM Volatile (527398259632)",
        "datasource_type": "EXTRACTOR",
        "timezone": "America/New_York",
        "scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
        "created_at": "2025-10-10T12:52:11.659562336Z",
        "updated_at": "2025-10-10T12:52:11.659562336Z",
        "scheduled_days_of_week": ["MONDAY", "WEDNESDAY", "FRIDAY"]
      }
    }
    {
      "code": "NOT_FOUND",
      "message": "datasource_scheduling_config not found",
      "details": []
    }
    GET /api/private/providers/datasources/scheduling_configs
    {
      "values": [
        {
          "datasource_id": "0199827a-3d32-7342-9ccd-2f928ccc6855",
          "priority": "100",
          "datasource_name": "AWS Cognito (527398259632)",
          "datasource_type": "EXTRACTOR",
          "timezone": "America/New_York",
          "scheduled_extraction_times": ["00:00:00", "01:30:00", "03:00:00"],
          "created_at": "1970-01-01T00:00:01.758832260Z",
          "updated_at": "1970-01-01T00:00:01.758832260Z",
          "scheduled_days_of_week": ["MONDAY", "WEDNESDAY", "FRIDAY"]
        },
        {
          "datasource_id": "0199827a-402d-7554-af7b-cb3489b68402",
          "priority": "100",
          "datasource_name": "AWS IAM Volatile (527398259632)",
          "datasource_type": "EXTRACTOR",
          "timezone": "America/New_York",
          "scheduled_extraction_times": ["09:00:00", "13:30:00", "18:30:00"],
          "created_at": "2025-10-10T12:52:11.659562336Z",
          "updated_at": "2025-10-10T12:52:11.659562336Z",
          "scheduled_days_of_week": []
        }
      ]
    }
    DELETE /api/private/providers/datasources/{datasource_id}/scheduling_config
    curl -X DELETE "$BASE_URL/api/private/providers/datasources/{datasource_id}/scheduling_config" \
      -H "authorization: Bearer $VEZA_TOKEN"
    {}

    Supported Data Source Types: Scheduling configuration is designed for EXTRACTOR and DISCOVERER data source types only. Configuring scheduling for other data source types (such as PARSER) will not work as expected.

    Examples

    Source of Identity Scheduling

    Prevent Extraction During Business Hours

    Endpoints

    Create or Update Scheduling Configuration

    Endpoint

    Description

    Path Parameters

    Request Body

    Note: The datasource_id is specified in the URL path and should not be included in the request body.

    Validation Rules

    Request Examples

    Response Examples

    Get Scheduling Configuration

    Endpoint

    Description

    Path Parameters

    Request Examples

    Response Examples

    List Scheduling Configurations

    Endpoint

    Description

    Query Parameters

    Request Examples

    Response Examples

    Delete Scheduling Configuration

    Endpoint

    Description

    Path Parameters

    Request Examples

    Response Examples

    Related APIs

    Seconds must be :00

  • Minimum 1-hour gap between adjacent times

  • Empty array or omitted means all days allowed

    GET

    /api/private/providers/datasources/scheduling_configs

    List all scheduling configurations

    DELETE

    /api/private/providers/datasources/{datasource_id}/scheduling_config

    Remove scheduling configuration

    string

    Conditional

    IANA timezone (e.g., America/New_York). Required if scheduled_extraction_times or scheduled_days_of_week are provided

    scheduled_extraction_times

    array[string]

    Optional

    Extraction times in HH:MM:SS format. Minutes must be :00 or :30, seconds must be :00. Times must be at least 1 hour apart

    scheduled_days_of_week

    array[string]

    Optional

    Days when extractions should run: SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY. Requires scheduled_extraction_times to be set

    Batch set owners

    Assign, add, or remove owners across multiple entities in a single request

    Endpoint: POST {veza_url}/api/v1/batch_set_owners Authentication: Bearer token (admin, operator, or nhi_security_admin role)

    Assigns, adds, or removes owners across multiple entities in a single bulk operation. Unlike the private owners API, this endpoint queries existing owner state internally — callers do not need to fetch current ownership before making changes.

    Owner updates are applied asynchronously and typically reflect within a few seconds.


    Minimal Working Example

    Assign one owner to one entity:

    A 200 OK with an empty body indicates success.


    Field
    Type
    Required
    Description

    Each batch targets a set of entities of the same type and applies the same owner operation to all of them.

    Field
    Type
    Required
    Description
    Field
    Type
    Description

    Each owner is resolved in one of two ways:

    • By ID — provide entity_id + entity_type for a direct lookup.

    • By external property — provide external_id + external_property_name + entity_type to match an entity whose named property equals the given value.

    An owner that cannot be resolved to a single existing entity returns an invalid argument error.

    Example — resolve by external property:

    This finds the OktaUser whose email property equals owner@example.com.

    Field
    Type
    Required
    Description

    The four owner operation fields interact in a defined precedence order. All operations in a batch are applied together to each entity:

    Strategy
    Field
    Precedence
    Effect

    Note on permanently removed owners: When an owner is added to the permanently-removed list (via removed_owners_incremental or removed_owners_update), they will not reappear even if an enrichment rule or assigned_owners would otherwise include them — unless added_owners explicitly un-removes them.


    Use assigned_owners to set a definitive owner list across many entities. Existing manually-assigned owners are replaced; enrichment-sourced owners are unaffected.

    Use added_owners to append owners without disturbing what's already there.

    Use removed_owners_incremental to prevent a specific owner from being re-added by enrichment rules on the next sync.

    Target different entity types in separate batches within a single request.


    Constraint
    Limit

    400: Unknown or unprovisioned entity_type

    The owner's entity_type is not a known node type in the graph — the integration may not be provisioned, or the type string is incorrect.

    Fix: Verify the integration for that owner type is provisioned in Veza. Check the exact entity_type string via Graph Search or GET /api/v1/providers/custom.

    400: Owner type not allowed as an owner

    The entity_type provided is a resource type (e.g., AwsS3Bucket), not a user or identity type.

    Fix: Use an identity provider user type. See .

    400: Owner not found

    The external_id value does not match any entity in Veza. Verify that external_property_name refers to a property that exists on the owner entity type, and that external_id matches an actual value for that property. Check entity properties via Graph Search.


    Native identity providers:

    OAA custom providers:

    The {idp_type} and {hris_type} values come from the idp_type or hris_type field in your OAA payload.

    OAA HRIS employees: To use property-based lookup for HRIS employee owners, set external_property_name to a property that exists on the HRIS entity (e.g., employee_number or personal_email). The default idp_unique_id property may not exist on HRIS entities.

    Finding your custom type:

    • UI: Access Visibility → Graph → search for a user → View Details → copy the entity_type

    • API: GET /api/v1/providers/custom


    After the API returns, verify ownership changes via:

    1. Graph Search: Access Visibility → Graph → find entity → Entity Owners section

    2. Query Builder (VQL):

    3. NHI Dashboard: NHI Security → Accounts → Entity Owner column

    Yes

    Veza entity IDs to update. All entities in the batch receive the same owner operation.

    assigned_owners

    OwnersAssignment

    No

    Owners to assign. Replaces the entity's manually-assigned owners. Permanently removed owners are not re-added even if listed here. Omit (not empty) to skip.

    added_owners

    array of Owner

    No

    Owners to add. Applied after assigned_owners. Un-removes any owner that was previously permanently removed.

    removed_owners_incremental

    array of Owner

    No

    Owners to permanently remove from the entity regardless of source. Applied after assigned_owners and added_owners. Appended to any existing permanently-removed list.

    removed_owners_update

    OwnersAssignment

    No

    Owners to permanently remove. Replaces the existing permanently-removed list (overrides removed_owners_incremental). Omit (not empty) to skip.

    Yes

    Type of the owner (e.g., OktaUser). Required for all lookups.

    primary

    bool

    No

    Reserved. Must not be set in input. Setting it to true returns an invalid argument error.

    external_id

    string

    Conditional

    Value to match when resolving the owner by external property. Used only when entity_id is omitted. Must be paired with external_property_name.

    external_property_name

    string

    Conditional

    Name of the entity property to match external_id against (e.g., email, idp_unique_id). Used only when entity_id is omitted. If your tenant has a Global IdP configured, this defaults to the configured identity property.

    entity_name

    string

    No

    Optional display name for the owner.

    2nd

    Appends owners. If an owner was permanently removed, this un-removes them.

    Remove (incremental)

    removed_owners_incremental

    3rd

    Permanently removes owners regardless of source. Appended to any existing permanently-removed list.

    Remove (replace)

    removed_owners_update

    4th

    Permanently removes owners. Replaces the entire permanently-removed list. Overrides removed_owners_incremental if both are set.

    Ping Identity

    PingOneUser

    OneLogin

    OneLoginUser

    AWS IAM Identity Center

    AwsSsoUser

    Google Workspace

    GoogleWorkspaceUser

    batches

    array of Batch

    Yes

    One or more batches of entity updates. All batches are validated before any are applied. Maximum 1,000 total entities and 1,000 unique owners across all batches.

    entity_type

    string

    Yes

    Type of the entities in this batch (e.g., AwsIamUser). All entities must be the same type.

    entity_ids

    owners

    array of Owner

    The owners for this assignment. An empty array assigns with no owners (clears existing). To skip the operation entirely, omit the parent field instead of passing an empty assignment.

    entity_id

    string

    Conditional

    ID of the owner entity. If provided, the owner is resolved by (entity_type, entity_id). Omit to resolve by external property instead.

    entity_type

    Assign

    assigned_owners

    1st

    Replaces all manually-assigned owners. Does not un-remove permanently-removed owners.

    Add

    Total entities across all batches

    1,000

    Unique owners across all batches

    1,000

    Identity Provider

    entity_type

    Okta

    OktaUser

    Azure AD

    AzureADUser

    Active Directory

    ActiveDirectoryUser

    OAA Template

    entity_type

    Custom IdP (identity_provider)

    OAA.{idp_type}.IDPUser

    HRIS (hris)

    OAA.{hris_type}.HRISEmployee

    Request Structure

    Top-Level

    Batch Object

    OwnersAssignment Object

    Owner Object

    Update Strategies

    Common Use Cases

    1. Assign owners to many entities at once

    2. Add owners without clearing existing

    3. Permanently block an enriched owner from returning

    4. Mixed batch across entity types

    Limits

    Common Errors

    Owner Type Reference

    Verification

    Owner Type Reference

    array of string

    string

    added_owners

    curl -X POST "https://your-tenant.veza.com/api/v1/batch_set_owners" \
      -H "Authorization: Bearer YOUR_TOKEN" \
      -H "Content-Type: application/json" \
      -d '{
        "batches": [
          {
            "entity_type": "AwsIamUser",
            "entity_ids": ["aws-iam-user-abc123"],
            "assigned_owners": {
              "owners": [
                {
                  "entity_id": "okta-user-xyz789",
                  "entity_type": "OktaUser"
                }
              ]
            }
          }
        ]
      }'
    {
      "entity_type": "OktaUser",
      "external_property_name": "email",
      "external_id": "owner@example.com"
    }
    {
      "batches": [
        {
          "entity_type": "AwsS3Bucket",
          "entity_ids": ["bucket-1", "bucket-2", "bucket-3"],
          "assigned_owners": {
            "owners": [{"entity_id": "okta-user-xyz", "entity_type": "OktaUser"}]
          }
        }
      ]
    }
    {
      "batches": [
        {
          "entity_type": "VirtualMachine",
          "entity_ids": ["vm-abc"],
          "added_owners": [
            {"external_id": "ops-team@example.com", "entity_type": "OktaUser", "external_property_name": "email"}
          ]
        }
      ]
    }
    {
      "batches": [
        {
          "entity_type": "AwsIamRole",
          "entity_ids": ["role-xyz"],
          "removed_owners_incremental": [
            {"entity_id": "okta-user-former", "entity_type": "OktaUser"}
          ]
        }
      ]
    }
    {
      "batches": [
        {
          "entity_type": "AwsIamUser",
          "entity_ids": ["iam-user-1", "iam-user-2"],
          "assigned_owners": {
            "owners": [{"entity_id": "okta-user-xyz", "entity_type": "OktaUser"}]
          }
        },
        {
          "entity_type": "GithubRepo",
          "entity_ids": ["repo-abc"],
          "added_owners": [
            {"external_id": "dev-lead@example.com", "entity_type": "OktaUser", "external_property_name": "email"}
          ]
        }
      ]
    }
    {
      "code": "InvalidArgument",
      "message": "Invalid Arguments",
      "details": [{"field_violations": [{"field": "types", "description": "Must supply at least one valid type"}]}]
    }
    {
      "code": "InvalidArgument",
      "details": [{"field_violations": [{"field": "entity_type", "description": "issue with entity {external_id}: owner not of an allowed type"}]}]
    }
    SHOW AwsIamUser
    WHERE entity_id = "your-entity-id"

    Disable AWS Services using Provider Management APIs

    Overview

    This guide explains how to disable specific AWS services across multiple AWS integrations (providers) using the Veza API. Limiting AWS service extraction can reduce processing overhead, help teams focus on relevant services, or exclude analytics platforms like AWS_DATABRICKS that may not be deployed or required for visibility in Veza. This is particularly useful for organizations with many AWS accounts who need to disable unused services at scale.

    In the JSON AWS provider configuration, the services array acts as an allow list that controls which AWS services Veza will discover and extract:

    • Empty array [] = All available AWS services are enabled for discovery

    • Populated array = Only the listed services are enabled; all others are disabled

    To disable specific services, you must populate the array with only the services you want to monitor.

    Before you update AWS provider services, ensure:

    • You have API access credentials for your Veza instance (see for API key setup)

    • You have the VEZA_TOKEN environment variable configured

    • You have the VEZA_URL environment variable set to your instance (e.g., https://yourcompany.cookiecloud.ai)

    First, retrieve all AWS provider configurations to understand your current setup:

    Understanding the response:

    • Providers with empty services: [] arrays have ALL services enabled

    • Providers with populated services arrays only extract the listed services

    • Note the id, name

    Example response structure:

    1. Identify which providers to modify based on:

      • Provider names that match your AWS accounts

      • Account IDs that correspond to your AWS accounts

    Before updating all providers, test with one provider first:

    Verify the change:

    Check that the response shows your desired services array.

    Update each provider individually using their specific IDs:

    Create a script for bulk updates. Use with caution as this affects all AWS providers:

    After updating providers, verify the changes took effect:

    To return a provider to monitoring all services:

    To change which services are monitored:

    The following AWS services can be included in the services array (25 total):

    Storage services:

    • S3 - Simple Storage Service

    • DYNAMODB - DynamoDB NoSQL database

    Database services:

    • RDS - General RDS service

    • RDS_POSTGRES - PostgreSQL databases

    • RDS_MYSQL - MySQL databases

    Compute services:

    • EC2 - Elastic Compute Cloud (virtual machines)

    • LAMBDA - Serverless functions

    • EKS - Elastic Kubernetes Service

    Identity and security services:

    • AWS_IAM - Identity and Access Management

    • KMS - Key Management Service

    • SECRETS_MANAGER - AWS Secrets Manager

    Management and governance:

    • ORGANIZATIONS - AWS Organizations

    • SYSTEMS_MANAGER - Operations management

    Analytics platforms:

    • AWS_DATABRICKS - Databricks analytics platform

    Important notes:

    • Service availability may vary by Veza version and configuration

    • Some services may require specific permissions or setup

    • When in doubt, check your Veza UI to see which services are available for your AWS providers

    You have appropriate permissions to modify provider configurations
  • You understand that empty services arrays mean ALL services are enabled

  • , and
    account_id
    fields for providers you want to modify
    Current services configuration
  • Determine your desired services configuration:

    Option A: Disable AWS_DATABRICKS only

    Option B: Enable only specific services

    Option C: Custom configuration

    • Review the available services list below

    • Create your own array with desired services

  • RDS_ORACLE - Oracle databases

  • REDSHIFT - Redshift data warehouse

  • REDSHIFT_CLUSTER - Redshift cluster (legacy, use REDSHIFT instead)

  • NEPTUNE - Graph database service

  • DOCUMENTDB - Document database (MongoDB-compatible)

  • ECR - Elastic Container Registry

  • EMR - Elastic MapReduce (big data)

  • BEDROCK - Generative AI service

  • COGNITO - User authentication service

  • SSO - AWS Single Sign-On

  • CERTIFICATE_MANAGER - SSL/TLS certificate management

  • Before you start

    Disable specific AWS services across providers

    Step 1: Discover your current AWS providers

    Step 2: Identify target providers and services

    Step 3: Test with a single provider

    Step 4: Apply to multiple providers

    Manual approach (recommended for small numbers)

    Bulk approach (for many providers)

    Step 5: Verify changes

    Reversing changes

    Re-enable all services

    Modify service configuration

    Available AWS services

    See also

    Authentication
    API Reference - AWS Providers
    AWS Provider Configuration Guide
    {
      "services": [
        "S3", "RDS_POSTGRES", "RDS_MYSQL", "RDS_ORACLE", "RDS",
        "DYNAMODB", "REDSHIFT", "REDSHIFT_CLUSTER", "EC2", "LAMBDA",
        "EKS", "ECR", "EMR", "AWS_IAM", "KMS", "SECRETS_MANAGER",
        "COGNITO", "SSO", "ORGANIZATIONS", "NEPTUNE", "SYSTEMS_MANAGER",
        "CERTIFICATE_MANAGER", "BEDROCK", "DOCUMENTDB"
      ]
    }
    {
      "services": [
        "S3", "RDS_POSTGRES", "LAMBDA", "EC2", "AWS_IAM"
      ]
    }
    curl -H "Authorization: Bearer $VEZA_TOKEN" \
         "$VEZA_URL/api/v1/providers/aws"
    {
      "values": [
        {
          "id": "12345678-1234-5678-9012-123456789012",
          "name": "Production AWS Account", 
          "account_id": "123456789012",
          "services": [],
          "state": "ENABLED"
        },
        {
          "id": "87654321-4321-8765-2109-876543210987",
          "name": "Development AWS Account",
          "account_id": "987654321098", 
          "services": ["S3", "RDS_POSTGRES", "LAMBDA"],
          "state": "ENABLED"
        }
      ]
    }
    # Replace with your actual provider ID and desired services
    curl -X PATCH \
         -H "Authorization: Bearer $VEZA_TOKEN" \
         -H "Content-Type: application/json" \
         -d '{"services":["S3","RDS_POSTGRES","LAMBDA","EC2","AWS_IAM"]}' \
         "$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_HERE"
    curl -H "Authorization: Bearer $VEZA_TOKEN" \
         "$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_HERE"
    # Example for multiple providers - replace with your actual IDs and services
    DESIRED_SERVICES='["S3","RDS_POSTGRES","DYNAMODB","LAMBDA","EC2","AWS_IAM"]'
    
    # Provider 1
    curl -X PATCH \
         -H "Authorization: Bearer $VEZA_TOKEN" \
         -H "Content-Type: application/json" \
         -d "{\"services\":$DESIRED_SERVICES}" \
         "$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_1"
    
    # Provider 2  
    curl -X PATCH \
         -H "Authorization: Bearer $VEZA_TOKEN" \
         -H "Content-Type: application/json" \
         -d "{\"services\":$DESIRED_SERVICES}" \
         "$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID_2"
    #!/bin/bash
    
    # Configuration - CUSTOMIZE THESE VALUES
    VEZA_URL="https://yourcompany.cookiecloud.ai"
    DESIRED_SERVICES='["S3","RDS_POSTGRES","DYNAMODB","LAMBDA","EC2","AWS_IAM"]'
    
    echo "Starting bulk AWS provider services update..."
    echo "Target services: $DESIRED_SERVICES"
    echo ""
    
    # Get all AWS provider IDs
    provider_ids=$(curl -s -H "Authorization: Bearer $VEZA_TOKEN" \
                        "$VEZA_URL/api/v1/providers/aws" | \
                   jq -r '.values[].id')
    
    if [ -z "$provider_ids" ]; then
        echo "Error: No AWS providers found or API call failed"
        exit 1
    fi
    
    # Count providers
    provider_count=$(echo "$provider_ids" | wc -l)
    echo "Found $provider_count AWS providers to update"
    echo ""
    
    # Add confirmation prompt
    read -p "Continue with bulk update? (y/N): " -n 1 -r
    echo
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "Update cancelled"
        exit 0
    fi
    
    # Update each provider
    echo "$provider_ids" | while read provider_id; do
        if [ -n "$provider_id" ]; then
            echo "Updating provider: $provider_id"
            
            response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X PATCH \
                            -H "Authorization: Bearer $VEZA_TOKEN" \
                            -H "Content-Type: application/json" \
                            -d "{\"services\":$DESIRED_SERVICES}" \
                            "$VEZA_URL/api/v1/providers/aws/$provider_id")
            
            http_status=$(echo "$response" | grep "HTTP_STATUS" | cut -d: -f2)
            
            if [ "$http_status" = "200" ]; then
                echo "âś“ Successfully updated provider $provider_id"
            else
                echo "âś— Failed to update provider $provider_id (HTTP $http_status)"
                echo "Response: $(echo "$response" | grep -v "HTTP_STATUS")"
            fi
            echo ""
        fi
    done
    
    echo "Bulk update completed"
    # Check all providers
    curl -H "Authorization: Bearer $VEZA_TOKEN" \
         "$VEZA_URL/api/v1/providers/aws" | \
    jq '.values[] | {id: .id, name: .name, services: .services}'
    
    # Check specific provider
    curl -H "Authorization: Bearer $VEZA_TOKEN" \
         "$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID" | \
    jq '{id: .id, name: .name, services: .services}'
    curl -X PATCH \
         -H "Authorization: Bearer $VEZA_TOKEN" \
         -H "Content-Type: application/json" \
         -d '{"services":[]}' \
         "$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID"
    # Example: Enable different set of services
    NEW_SERVICES='["S3","LAMBDA","DYNAMODB","EC2"]'
    
    curl -X PATCH \
         -H "Authorization: Bearer $VEZA_TOKEN" \
         -H "Content-Type: application/json" \
         -d "{\"services\":$NEW_SERVICES}" \
         "$VEZA_URL/api/v1/providers/aws/YOUR_PROVIDER_ID"

    Provider Management API

    Unified API for managing all provider configurations

    The Provider Management API provides a consolidated interface for managing all types of integration configurations in Veza. These endpoints work across all supported integration types including AWS, Azure, Google Cloud, Snowflake, and other providers.

    Use these endpoints to:

    • List all providers across all types with filtering and pagination

    • Update common provider fields (name, labels, owners, data_plane_id)

    • Delete provider configurations

    Returns a list of all configured providers across all types. Supports filtering, sorting, and pagination.

    Parameter
    Type
    Description

    Perform a complete update of a provider configuration. All modifiable fields must be included in the request.

    Perform a partial update of a provider configuration. Only include the fields you want to change. Use the update_mask parameter to specify which fields to update.

    Permanently delete a provider configuration and all associated data sources.

    Returns an empty response with HTTP status 200 OK on success.

    Field
    Type
    Behavior
    Description
    Field
    Type
    Behavior
    Description
    Field
    Type
    Behavior
    Description
    Field
    Type
    Behavior
    Description
    Field
    Type
    Behavior
    Description

    All endpoints return standard HTTP status codes:

    Status Code
    Description

    filter

    string

    Filter expression (e.g., state eq 'ENABLED', type eq 'AWS')

    include_datasource_status

    string

    Include datasource status in response

    include_type_summary

    boolean

    Include type summary field

    Output-only

    Provider-specific identifier (e.g., AWS account ID)

    name

    string

    Mutable

    Display name for the provider

    type

    string

    Immutable

    Provider type (AWS, AZURE, GOOGLE_CLOUD, etc.)

    state

    enum

    Output-only

    Provider state: ENABLED, DISABLED, DELETING, PENDING_DELETE

    status

    enum

    Output-only

    Discovery status: PENDING, SUCCESS, ERROR, UNAUTHENTICATED

    data_plane_id

    string

    Mutable

    Insight Point ID for data collection

    external_id

    string

    Output-only

    External identifier for cross-system references

    Output-only

    Last modification timestamp

    created_by

    string

    Output-only

    User ID who created the provider

    updated_by

    string

    Output-only

    User ID who last modified the provider

    created_by_name

    string

    Output-only

    Display name of creator (when requested)

    updated_by_name

    string

    Output-only

    Display name of last modifier (when requested)

    Output-only

    Owning team display name

    owners

    array[string]

    Mutable

    List of Veza user or group IDs with owner permissions

    owner_names

    array[string]

    Output-only

    Display names of owners

    labels

    array[string]

    Mutable

    Metadata labels (e.g., "production", "pci")

    rbac_id

    string

    Output-only

    RBAC identifier for access control

    Output-only

    Aggregate status of discoverer datasources

    lifecycle_management_state

    object

    Output-only

    Lifecycle Management provisioning state

    provisioning

    boolean

    Mutable

    Whether Lifecycle Management is enabled

    403

    Forbidden - Insufficient permissions

    404

    Not Found - Provider does not exist

    409

    Conflict - Provider already exists or state conflict

    422

    Unprocessable Entity - Validation error

    500

    Internal Server Error

    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Query parameters
    filterstringOptional
    page_sizeinteger · int32Optional
    page_tokenstringOptional
    include_datasource_statusstringOptional
    include_created_by_and_updated_by_namesbooleanOptional
    include_type_summarybooleanOptional
    Responses
    200

    OK

    application/json
    idstringRead-onlyOptional
    vendor_idstringRead-onlyOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumRead-onlyOptional
    data_plane_idstringOptional
    statusinteger · enumRead-onlyOptional
    external_idstringRead-onlyOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    lifecycle_management_stateinteger · enumRead-onlyOptional
    team_idstringRead-onlyOptional
    created_atstring · date-timeRead-onlyOptional
    updated_atstring · date-timeRead-onlyOptional
    vendorobjectOptional
    extractors_datasource_statusinteger · enumRead-onlyOptional
    discoverers_datasource_statusinteger · enumRead-onlyOptional
    team_namestringRead-onlyOptional
    type_summarystringRead-onlyOptional
    ownersstring[]Optional
    labelsstring[]Optional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    updated_bystringRead-onlyOptional
    created_bystringRead-onlyOptional
    rbac_idstringRead-onlyOptional
    updated_by_namestringRead-onlyOptional
    created_by_namestringRead-onlyOptional
    owner_namesstring[]Optional
    next_page_tokenstringOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional

    page_size

    integer

    Maximum number of results per page (default: 25)

    page_token

    string

    Token for retrieving the next page of results

    curl -X GET \
      "https://{tenant}.vezacloud.com/api/v1/providers?page_size=10&filter=state+eq+'ENABLED'" \
      -H "Authorization: Bearer {your_api_key}" \
      -H "Accept: application/json"
    {
      "values": [
        {
          "id": "883dd869-8762-4187-8767-1c387de14b4b",
          "vendor_id": "123456789012",
          "name": "AWS-Production",
          "type": "AWS",
          "state": "ENABLED",
          "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
          "status": "SUCCESS",
          "external_id": "501779813173",
          "team_id": "team-uuid-here",
          "team_name": "Platform Team",
          "created_at": "2024-01-15T10:30:00Z",
          "updated_at": "2024-08-26T14:22:00Z",
          "created_by": "user-uuid",
          "updated_by": "user-uuid",
          "owners": ["user-uuid-1", "group-uuid-1"],
          "labels": ["production", "critical"],
          "vendor": {},
          "lifecycle_management_state": "NOT_CONFIGURED",
          "provisioning": false
        },
        {
          "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
          "vendor_id": "contoso.onmicrosoft.com",
          "name": "Azure-Production",
          "type": "AZURE",
          "state": "ENABLED",
          "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
          "status": "SUCCESS",
          "external_id": "veza-ext-def456",
          "team_id": "team-uuid-here",
          "team_name": "Platform Team",
          "created_at": "2024-02-01T09:15:00Z",
          "updated_at": "2024-08-26T13:45:00Z",
          "owners": [],
          "labels": ["production"],
          "vendor": {},
          "lifecycle_management_state": "NOT_CONFIGURED",
          "provisioning": false
        }
      ],
      "next_page_token": "eyJvZmZzZXQiOjEwfQ=="
    }
    put

    the plan is to migrate all the provider update endpoints to this one

    one provider at a time

    while still keeping the old endpoints for backward compatibility

    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    value.idstringRequired
    Query parameters
    update_maskstring · field-maskOptional
    curl -X PUT \
      "https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
      -H "Authorization: Bearer {your_api_key}" \
      -H "Content-Type: application/json" \
      -d '{
        "value": {
          "id": "883dd869-8762-4187-8767-1c387de14b4b",
          "name": "AWS-Production-Updated",
          "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
          "owners": ["user-uuid-1", "group-uuid-1"],
          "labels": ["production", "critical", "pci"]
        }
      }'
    {
      "value": {
        "id": "883dd869-8762-4187-8767-1c387de14b4b",
        "vendor_id": "123456789012",
        "name": "AWS-Production-Updated",
        "type": "AWS",
        "state": "ENABLED",
        "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
        "status": "PENDING",
        "external_id": "501779813173",
        "team_id": "team-uuid-here",
        "team_name": "Platform Team",
        "created_at": "2024-01-15T10:30:00Z",
        "updated_at": "2024-08-26T15:30:00Z",
        "created_by": "user-uuid",
        "updated_by": "user-uuid",
        "owners": ["user-uuid-1", "group-uuid-1"],
        "labels": ["production", "critical", "pci"],
        "vendor": {},
        "lifecycle_management_state": "NOT_CONFIGURED",
        "provisioning": false
      }
    }
    patch

    the plan is to migrate all the provider update endpoints to this one

    one provider at a time

    while still keeping the old endpoints for backward compatibility

    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    value.idstringRequired
    Query parameters
    update_maskstring · field-maskOptional
    curl -X PATCH \
      "https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
      -H "Authorization: Bearer {your_api_key}" \
      -H "Content-Type: application/json" \
      -d '{
        "value": {
          "id": "883dd869-8762-4187-8767-1c387de14b4b",
          "name": "AWS-Production-Renamed",
          "labels": ["production", "updated"]
        },
        "update_mask": "name,labels"
      }'
    {
      "value": {
        "id": "883dd869-8762-4187-8767-1c387de14b4b",
        "vendor_id": "123456789012",
        "name": "AWS-Production-Renamed",
        "type": "AWS",
        "state": "ENABLED",
        "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
        "status": "PENDING",
        "external_id": "501779813173",
        "team_id": "team-uuid-here",
        "team_name": "Platform Team",
        "created_at": "2024-01-15T10:30:00Z",
        "updated_at": "2024-08-26T15:45:00Z",
        "owners": ["user-uuid-1", "group-uuid-1"],
        "labels": ["production", "updated"],
        "vendor": {},
        "lifecycle_management_state": "NOT_CONFIGURED",
        "provisioning": false
      }
    }
    delete
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    object · DeleteProviderResponseOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    curl -X DELETE \
      "https://{tenant}.vezacloud.com/api/v1/providers/883dd869-8762-4187-8767-1c387de14b4b" \
      -H "Authorization: Bearer {your_api_key}"
    {}

    id

    string

    Output-only

    Unique provider identifier (UUID)

    vendor_id

    created_at

    timestamp

    Output-only

    Creation timestamp

    updated_at

    team_id

    string

    Output-only

    Owning team identifier

    team_name

    extractors_datasource_status

    enum

    Output-only

    Aggregate status of extractor datasources

    discoverers_datasource_status

    vendor

    object

    Output-only

    Provider-specific metadata. This field is typically empty in the generic Provider API. Use Provider-Specific APIs for detailed configuration.

    200

    Success

    400

    Bad Request - Invalid parameters or request body

    401

    Unauthorized - Invalid or missing API key

    This API manages common fields across all provider types. For provider-specific configuration (regions, services, credentials), use the Provider-Specific APIs.

    List All Providers

    Query Parameters

    Example Request

    Example Response

    Use page_size and page_token parameters for pagination. Continue fetching pages until next_page_token is empty or absent.

    Update Provider (Full)

    Example Request

    Example Response

    Update Provider (Partial)

    Example Request

    Example Response

    PATCH is preferred over PUT for updates. Use the update_mask parameter to explicitly specify which fields to update.

    Delete Provider

    Example Request

    Example Response

    Provider Response Fields

    Core Fields

    Metadata Fields

    Organization Fields

    Status Fields

    Vendor Configuration

    Error Responses

    Related Documentation

    Provider-Specific APIs
    Data Sources API
    API Authentication

    string

    timestamp

    string

    enum

    get/api/v1/providers
    GET /api/v1/providers HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "values": [
        {
          "id": "text",
          "vendor_id": "text",
          "name": "text",
          "type": 1,
          "state": 1,
          "data_plane_id": "text",
          "status": 1,
          "external_id": "text",
          "audit_log": {
            "state": 1,
            "status": 1,
            "cursor": "2026-07-19T12:46:46.939Z",
            "synced_at": "2026-07-19T12:46:46.939Z"
          },
          "lifecycle_management_state": 1,
          "team_id": "text",
          "created_at": "2026-07-19T12:46:46.939Z",
          "updated_at": "2026-07-19T12:46:46.939Z",
          "vendor": {},
          "extractors_datasource_status": 1,
          "discoverers_datasource_status": 1,
          "team_name": "text",
          "type_summary": "text",
          "owners": [
            "text"
          ],
          "labels": [
            "text"
          ],
          "secret_references": [
            {
              "id": "text",
              "secret_id": "text",
              "secret_mapping": {
                "type": 1,
                "mapping": "text"
              },
              "vault_id": "text",
              "vault": {
                "id": "text",
                "name": "text",
                "vault_provider": "text",
                "insight_point_id": "text",
                "deleted": true
              }
            }
          ],
          "updated_by": "text",
          "created_by": "text",
          "rbac_id": "text",
          "updated_by_name": "text",
          "created_by_name": "text",
          "owner_names": [
            "text"
          ]
        }
      ],
      "next_page_token": "text"
    }
    Body

    the generic provider object with vendor prop that represent vendor specific data this is for the generic provider creation and update endpoints eventually the goal is to demise the provider proto for each provider, for example AwsProvider below and maintain the individual vendor proto in their own agent directory for validation and documentation purpose we will migrate one provider type at a time while keep the old proto file for backward compatibility for a period of time

    idstringRead-onlyOptional
    vendor_idstringRead-onlyOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumRead-onlyOptional
    data_plane_idstringOptional
    statusinteger · enumRead-onlyOptional
    external_idstringRead-onlyOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    lifecycle_management_stateinteger · enumRead-onlyOptional
    team_idstringRead-onlyOptional
    created_atstring · date-timeRead-onlyOptional
    updated_atstring · date-timeRead-onlyOptional
    vendorobjectOptional
    extractors_datasource_statusinteger · enumRead-onlyOptional
    discoverers_datasource_statusinteger · enumRead-onlyOptional
    team_namestringRead-onlyOptional
    type_summarystringRead-onlyOptional
    ownersstring[]Optional
    labelsstring[]Optional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    updated_bystringRead-onlyOptional
    created_bystringRead-onlyOptional
    rbac_idstringRead-onlyOptional
    updated_by_namestringRead-onlyOptional
    created_by_namestringRead-onlyOptional
    owner_namesstring[]Optional
    Responses
    200

    OK

    application/json
    idstringRead-onlyOptional
    vendor_idstringRead-onlyOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumRead-onlyOptional
    data_plane_idstringOptional
    statusinteger · enumRead-onlyOptional
    external_idstringRead-onlyOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    lifecycle_management_stateinteger · enumRead-onlyOptional
    team_idstringRead-onlyOptional
    created_atstring · date-timeRead-onlyOptional
    updated_atstring · date-timeRead-onlyOptional
    vendorobjectOptional
    extractors_datasource_statusinteger · enumRead-onlyOptional
    discoverers_datasource_statusinteger · enumRead-onlyOptional
    team_namestringRead-onlyOptional
    type_summarystringRead-onlyOptional
    ownersstring[]Optional
    labelsstring[]Optional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    updated_bystringRead-onlyOptional
    created_bystringRead-onlyOptional
    rbac_idstringRead-onlyOptional
    updated_by_namestringRead-onlyOptional
    created_by_namestringRead-onlyOptional
    owner_namesstring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    put/api/v1/providers/{value.id}
    PUT /api/v1/providers/{value.id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 224
    
    {
      "name": "text",
      "type": 1,
      "data_plane_id": "text",
      "vendor": {},
      "owners": [
        "text"
      ],
      "labels": [
        "text"
      ],
      "secret_references": [
        {
          "secret_id": "text",
          "secret_mapping": {
            "type": 1,
            "mapping": "text"
          },
          "vault_id": "text"
        }
      ],
      "owner_names": [
        "text"
      ]
    }
    Body

    the generic provider object with vendor prop that represent vendor specific data this is for the generic provider creation and update endpoints eventually the goal is to demise the provider proto for each provider, for example AwsProvider below and maintain the individual vendor proto in their own agent directory for validation and documentation purpose we will migrate one provider type at a time while keep the old proto file for backward compatibility for a period of time

    idstringRead-onlyOptional
    vendor_idstringRead-onlyOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumRead-onlyOptional
    data_plane_idstringOptional
    statusinteger · enumRead-onlyOptional
    external_idstringRead-onlyOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    lifecycle_management_stateinteger · enumRead-onlyOptional
    team_idstringRead-onlyOptional
    created_atstring · date-timeRead-onlyOptional
    updated_atstring · date-timeRead-onlyOptional
    vendorobjectOptional
    extractors_datasource_statusinteger · enumRead-onlyOptional
    discoverers_datasource_statusinteger · enumRead-onlyOptional
    team_namestringRead-onlyOptional
    type_summarystringRead-onlyOptional
    ownersstring[]Optional
    labelsstring[]Optional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    updated_bystringRead-onlyOptional
    created_bystringRead-onlyOptional
    rbac_idstringRead-onlyOptional
    updated_by_namestringRead-onlyOptional
    created_by_namestringRead-onlyOptional
    owner_namesstring[]Optional
    Responses
    200

    OK

    application/json
    idstringRead-onlyOptional
    vendor_idstringRead-onlyOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumRead-onlyOptional
    data_plane_idstringOptional
    statusinteger · enumRead-onlyOptional
    external_idstringRead-onlyOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    lifecycle_management_stateinteger · enumRead-onlyOptional
    team_idstringRead-onlyOptional
    created_atstring · date-timeRead-onlyOptional
    updated_atstring · date-timeRead-onlyOptional
    vendorobjectOptional
    extractors_datasource_statusinteger · enumRead-onlyOptional
    discoverers_datasource_statusinteger · enumRead-onlyOptional
    team_namestringRead-onlyOptional
    type_summarystringRead-onlyOptional
    ownersstring[]Optional
    labelsstring[]Optional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    updated_bystringRead-onlyOptional
    created_bystringRead-onlyOptional
    rbac_idstringRead-onlyOptional
    updated_by_namestringRead-onlyOptional
    created_by_namestringRead-onlyOptional
    owner_namesstring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    patch/api/v1/providers/{value.id}
    PATCH /api/v1/providers/{value.id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 224
    
    {
      "name": "text",
      "type": 1,
      "data_plane_id": "text",
      "vendor": {},
      "owners": [
        "text"
      ],
      "labels": [
        "text"
      ],
      "secret_references": [
        {
          "secret_id": "text",
          "secret_mapping": {
            "type": 1,
            "mapping": "text"
          },
          "vault_id": "text"
        }
      ],
      "owner_names": [
        "text"
      ]
    }
    delete/api/v1/providers/{id}
    DELETE /api/v1/providers/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {}

    a generic endpoint for patch update providers of different types

    a generic endpoint for patch update providers of different types

    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "external_id": "text",
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "lifecycle_management_state": 1,
        "team_id": "text",
        "created_at": "2026-07-19T12:46:46.939Z",
        "updated_at": "2026-07-19T12:46:46.939Z",
        "vendor": {},
        "extractors_datasource_status": 1,
        "discoverers_datasource_status": 1,
        "team_name": "text",
        "type_summary": "text",
        "owners": [
          "text"
        ],
        "labels": [
          "text"
        ],
        "secret_references": [
          {
            "id": "text",
            "secret_id": "text",
            "secret_mapping": {
              "type": 1,
              "mapping": "text"
            },
            "vault_id": "text",
            "vault": {
              "id": "text",
              "name": "text",
              "vault_provider": "text",
              "insight_point_id": "text",
              "deleted": true
            }
          }
        ],
        "updated_by": "text",
        "created_by": "text",
        "rbac_id": "text",
        "updated_by_name": "text",
        "created_by_name": "text",
        "owner_names": [
          "text"
        ]
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "external_id": "text",
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "lifecycle_management_state": 1,
        "team_id": "text",
        "created_at": "2026-07-19T12:46:46.939Z",
        "updated_at": "2026-07-19T12:46:46.939Z",
        "vendor": {},
        "extractors_datasource_status": 1,
        "discoverers_datasource_status": 1,
        "team_name": "text",
        "type_summary": "text",
        "owners": [
          "text"
        ],
        "labels": [
          "text"
        ],
        "secret_references": [
          {
            "id": "text",
            "secret_id": "text",
            "secret_mapping": {
              "type": 1,
              "mapping": "text"
            },
            "vault_id": "text",
            "vault": {
              "id": "text",
              "name": "text",
              "vault_provider": "text",
              "insight_point_id": "text",
              "deleted": true
            }
          }
        ],
        "updated_by": "text",
        "created_by": "text",
        "rbac_id": "text",
        "updated_by_name": "text",
        "created_by_name": "text",
        "owner_names": [
          "text"
        ]
      }
    }

    Cloud Platforms and Data Providers

    Operations for listing, adding, and modifying cloud provider configurations

    You can manage Veza integrations using the management API and a Veza admin API key.

    Use these operations to configure and manage cloud platform integrations including AWS, Azure, Google Cloud, Snowflake, SQL Server, and Trino providers. Each provider type has specific configuration requirements and optional parameters for controlling discovery scope.

    Provider Types

    Use the List provider types endpoint to retrieve all provider types available in your tenant, including both Veza-managed integrations and custom OAA provider types.

    Authentication

    You will need an API token with administrator permissions to manage provider configurations. See API Authentication for details.

    Common Provider Properties

    All provider configurations share these common properties:

    • id (String): Unique identifier for the provider configuration

    • vendor_id (String): Provider-specific identifier (e.g., AWS account ID)

    • name (String): Display name for the provider

    • type (String): Provider type (AWS, AZURE, GOOGLE_CLOUD, etc.)

    • state (String): Current state (ENABLED, DISABLED)

    • data_plane_id (String): Insight Point ID used for discovery

    • status (String): Last discovery status (SUCCESS, PENDING, ERROR)

    AWS provider configurations include account credentials, regions, and service-specific settings:

    • account_id (String): AWS account ID (12-digit number)

    • credentials_type (String): Authentication method - STATIC, EC2_INSTANCE_PROFILE, or ASSUME_CUSTOMER_ROLE

    Available service values for the services array:

    • IAM: Identity and Access Management

    • S3: Simple Storage Service

    • RDS: Relational Database Service

    Use allow/deny lists to control which resources are discovered:

    • s3_bucket_allow_list: S3 bucket names to include (supports wildcards)

    • s3_bucket_deny_list: S3 bucket names to exclude

    • rds_database_allow_list: RDS database names to include

    For detailed AWS setup instructions, see .

    Azure provider configurations include tenant authentication and service settings:

    • tenant_id (String): Azure Active Directory tenant ID

    • client_id (String): Application (client) ID for service principal

    • client_secret (String): Client secret for authentication

    For detailed Azure setup instructions, see .

    Google Cloud provider configurations include service account credentials and project settings:

    • credentials_json (String): Service account key JSON

    • customer_id (String): Google Workspace customer ID

    • workspace_email (String): Workspace user email for service account impersonation

    For detailed Google Cloud setup instructions, see .

    Snowflake provider configurations include connection details and database filtering:

    • account_locator (String): Snowflake account locator (e.g., "xy12345")

    • region (String): Cloud region for the Snowflake account

    • cloud (String): Cloud provider ("aws", "azure", or "gcp")

    For detailed Snowflake setup instructions, see .

    SQL Server provider configurations include connection details and database filtering:

    • host (String): SQL Server hostname or IP address

    • port (Integer): Port number (typically 1433)

    • username (String): SQL Server username

    For detailed SQL Server setup instructions, see .

    Trino provider configurations include cluster connection details and S3 access control file settings:

    • host (String): Trino coordinator hostname

    • port (Integer): Trino coordinator port (typically 8080 or 8443)

    • username (String): Trino username

    The aws_s3_object_config object contains:

    • access_key (String): AWS access key ID

    • secret_key (String): AWS secret access key

    • region (String): S3 bucket region

    For detailed Trino setup instructions, see .

    All provider API operations return standard HTTP status codes:

    • 200 OK: Request successful

    • 400 Bad Request: Invalid request parameters or payload

    • 401 Unauthorized: Invalid or missing API token

    Error responses include a descriptive message and error code:

    When managing provider configurations:

    1. Use descriptive names that identify the environment and purpose

    2. Implement least privilege by configuring only necessary services and resources

    3. Use allow lists rather than deny lists when possible for better security

    access_key_id (String): Access key ID for static credentials

  • secret_key (String): Secret access key for static credentials

  • assume_role_name (String): IAM role name for assume role authentication

  • assume_role_external_id (String): External ID for assume role authentication

  • regions (Array): List of AWS regions to discover

  • db_user (String): Database username for RDS/Redshift connections

  • services (Array): Specific AWS services to discover (empty array = all services)

  • REDSHIFT: Redshift data warehouses

  • EC2: Elastic Compute Cloud

  • LAMBDA: Lambda functions

  • EKS: Elastic Kubernetes Service

  • COGNITO: Cognito user pools

  • SECRETS_MANAGER: Secrets Manager

  • KMS: Key Management Service

  • DYNAMODB: DynamoDB tables

  • rds_database_deny_list: RDS database names to exclude

  • redshift_database_allow_list: Redshift database ARNs to include

  • redshift_database_deny_list: Redshift database ARNs to exclude

  • auth_certificate (String): Certificate for SharePoint app-only access

  • auth_certificate_password (String): Certificate password

  • services (Array): Azure services to discover

  • gather_guest_users (Boolean): Include guest users in discovery

  • gather_disabled_users (Boolean): Include disabled users

  • gather_personal_sites (Boolean): Include personal SharePoint sites

  • domains (Array): Specific domains to discover

  • project_allow_list (Array): GCP project names to include

  • project_deny_list (Array): GCP project names to exclude

  • domain_allow_list (Array): Workspace domains to include

  • domain_deny_list (Array): Workspace domains to exclude

  • dataset_allow_list (Array): BigQuery dataset names to include

  • dataset_deny_list (Array): BigQuery dataset names to exclude

  • user (String): Snowflake username for authentication

  • password (String): Password for the Snowflake user

  • role (String): Snowflake role to use for queries

  • warehouse (String): Default warehouse for compute

  • database_allow_list (Array): Database names to include

  • database_deny_list (Array): Database names to exclude

  • password (String): Password for authentication

  • database_allow_list (Array): Database names to include

  • database_deny_list (Array): Database names to exclude

  • schema_allow_list (Array): Schema names to include

  • schema_deny_list (Array): Schema names to exclude

  • password (String): Password for authentication

  • aws_s3_object_config (Object): S3 configuration for access control file

  • ssl_certificate (String): TLS certificate for secure connections

  • bucket (String): S3 bucket name

  • object (String): Path to access control file

  • credentials_type (String): Authentication method

  • assume_role_name (String): IAM role name (for assume role)

  • assume_role_external_id (String): External ID for assume role

  • account_id (String): AWS account ID

  • 403 Forbidden: Insufficient permissions
  • 404 Not Found: Provider configuration not found

  • 409 Conflict: Provider configuration already exists

  • 500 Internal Server Error: Server error

  • Test configurations in development environments before production
  • Monitor discovery status regularly to ensure successful data collection

  • Rotate credentials according to your organization's security policies

  • Use assume role authentication for AWS providers when possible

  • Configure resource filtering to limit discovery scope and improve performance

  • Use secrets vaults to store sensitive credentials in your private network instead of in Veza. See

  • {
      "id": "883dd869-8762-4187-8767-1c387de14b4b",
      "vendor_id": "123456789010",
      "name": "AWS-Production",
      "type": "AWS",
      "state": "ENABLED",
      "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
      "status": "SUCCESS",
      "account_id": "123456789010",
      "credentials_type": "ASSUME_CUSTOMER_ROLE",
      "access_key_id": "AKIA6FRNZGGIOEBZ6BEA",
      "assume_role_name": "VezaDiscoveryRole",
      "assume_role_external_id": "veza-external-id",
      "regions": [
        "us-east-1",
        "us-west-2",
        "eu-west-1"
      ],
      "db_user": "veza_user",
      "services": [
        "IAM",
        "S3",
        "RDS",
        "REDSHIFT"
      ],
      "s3_bucket_allow_list": ["prod-data-*"],
      "s3_bucket_deny_list": ["temp-*", "test-*"],
      "rds_database_allow_list": ["production"],
      "rds_database_deny_list": ["temp"]
    }
    {
      "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
      "vendor_id": "contoso.onmicrosoft.com",
      "name": "Azure-Production",
      "type": "AZURE",
      "state": "ENABLED",
      "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
      "status": "SUCCESS",
      "tenant_id": "12345678-1234-1234-1234-123456789012",
      "client_id": "87654321-4321-4321-4321-210987654321",
      "services": [
        "AZUREAD",
        "SHAREPOINT",
        "SQLSERVER"
      ],
      "gather_guest_users": true,
      "gather_disabled_users": false,
      "gather_personal_sites": true,
      "domains": ["contoso.com"],
      "sql_server_database_allow_list": ["production"],
      "sql_server_database_deny_list": ["temp"]
    }
    {
      "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
      "vendor_id": "gcp-project-id",
      "name": "GCP-Production",
      "type": "GOOGLE_CLOUD",
      "state": "ENABLED",
      "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
      "status": "SUCCESS",
      "customer_id": "C01234567",
      "workspace_email": "service-account@project.iam.gserviceaccount.com",
      "project_allow_list": ["prod-project-1", "prod-project-2"],
      "project_deny_list": ["test-*"],
      "domain_allow_list": ["company.com"],
      "domain_deny_list": [],
      "services": [
        "IAM",
        "STORAGE",
        "COMPUTE",
        "WORKSPACE",
        "BIGQUERY"
      ],
      "dataset_allow_list": ["analytics", "reporting"],
      "dataset_deny_list": ["temp_*"]
    }
    {
      "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
      "vendor_id": "xy12345.us-east-1",
      "name": "Snowflake-Production",
      "type": "SNOWFLAKE",
      "state": "ENABLED",
      "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
      "status": "SUCCESS",
      "account_locator": "xy12345",
      "region": "us-east-1",
      "cloud": "aws",
      "user": "veza_user",
      "role": "VEZA_ROLE",
      "warehouse": "COMPUTE_WH",
      "database_allow_list": ["PROD_DB", "ANALYTICS_DB"],
      "database_deny_list": ["TEMP_DB", "TEST_DB"]
    }
    {
      "id": "90112ed7-47e7-48e6-9f05-c02d19d7f137",
      "vendor_id": "sqlserver.company.com",
      "name": "SQL-Production",
      "type": "SQL_SERVER",
      "state": "ENABLED",
      "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
      "status": "SUCCESS",
      "host": "sqlserver.company.com",
      "port": 1433,
      "username": "veza_user",
      "database_allow_list": ["ProductionDB", "AnalyticsDB"],
      "database_deny_list": ["TempDB", "TestDB"],
      "schema_allow_list": ["dbo", "analytics"],
      "schema_deny_list": ["temp"]
    }
    {
      "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
      "vendor_id": "trino.company.com",
      "name": "Trino-Production",
      "type": "TRINO",
      "state": "ENABLED",
      "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
      "status": "SUCCESS",
      "host": "trino.company.com",
      "port": 8080,
      "username": "veza_user",
      "aws_s3_object_config": {
        "access_key": "AKIA...",
        "region": "us-east-1",
        "bucket": "trino-config",
        "object": "access-control.properties",
        "credentials_type": "STATIC",
        "assume_role_name": "",
        "account_id": ""
      },
      "ssl_certificate": "-----BEGIN CERTIFICATE-----\n..."
    }
    {
      "error": {
        "code": "INVALID_CREDENTIALS",
        "message": "The provided credentials are invalid or expired",
        "details": "AWS STS AssumeRole failed with error: Access denied"
      }
    }

    AWS Providers

    AWS Provider Object Schema

    AWS Configuration Fields

    AWS Service Discovery Options

    AWS Resource Filtering

    AWS API Operations

    List AWS Providers

    Create AWS Provider

    Get AWS Provider

    Update AWS Provider

    Delete AWS Provider

    Get AWS Trust Policy

    Check AWS Policy

    Azure Providers

    Azure Provider Object Schema

    Azure Configuration Fields

    Azure API Operations

    List Azure Providers

    Create Azure Provider

    Get Azure Provider

    Update Azure Provider

    Delete Azure Provider

    Google Cloud Providers

    Google Cloud Provider Object Schema

    Google Cloud Configuration Fields

    Google Cloud API Operations

    List Google Cloud Providers

    Create Google Cloud Provider

    Get Google Cloud Provider

    Update Google Cloud Provider

    Delete Google Cloud Provider

    Snowflake Providers

    Snowflake Provider Object Schema

    Snowflake Configuration Fields

    Snowflake API Operations

    List Snowflake Providers

    Create Snowflake Provider

    Get Snowflake Provider

    Update Snowflake Provider

    Delete Snowflake Provider

    SQL Server Providers

    SQL Server Provider Object Schema

    SQL Server Configuration Fields

    SQL Server API Operations

    List SQL Server Providers

    Create SQL Server Provider

    Get SQL Server Provider

    Update SQL Server Provider

    Delete SQL Server Provider

    Trino Providers

    Trino Provider Object Schema

    Trino Configuration Fields

    S3 Object Configuration

    Trino API Operations

    List Trino Providers

    Create Trino Provider

    Get Trino Provider

    Update Trino Provider

    Delete Trino Provider

    Error Handling

    Best Practices

    Related Documentation

    Amazon Web Services Integration
    Azure Integration
    Google Cloud Integration
    Snowflake Integration
    SQL Server Integration
    Trino Integration
    Provider Enable/Disable APIs
    API Authentication
    Integration Guides
    Secrets Vaults
    Secrets Vaults
    Insight Points
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    redshift_database_allow_liststring[]Optional
    redshift_database_deny_liststring[]Optional
    rds_database_allow_liststring[]Optional
    rds_database_deny_liststring[]Optional
    s3_bucket_allow_liststring[]Optional
    s3_bucket_deny_liststring[]Optional
    extraction_policy_namestringOptional
    gather_system_tablesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    gather_rds_oracle_system_schemasbooleanOptional
    team_idstringOptional
    rds_db_level_onlybooleanOptional
    rbac_idstringOptional
    account_idstringOptional
    credentials_typeinteger · enumOptional
    access_key_idstringOptional
    assume_role_namestringOptional
    regionsstring[]Optional
    db_userstringOptional
    redshift_userstringOptional
    rds_mysql_userstringOptional
    rds_postgres_userstringOptional
    rds_oracle_userstringOptional
    servicesinteger · enum[]Optional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    audit_log_cloud_trail_namestringOptional
    audit_log_cloud_trail_regionstringOptional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    client_idstringOptional
    client_secretstringOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    provisioning_identity_store_idstringOptional
    provisioning_scim_endpointstringOptional
    audit_log_extract_for_orgbooleanOptional
    audit_log_skip_extractionbooleanOptional
    gather_all_iam_policiesbooleanOptional
    documentdb_userstringOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/aws
    post
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Body
    namestringOptional
    account_idstringOptional
    regionsstring[]Optional
    data_plane_idstringOptional
    credentials_typeinteger · enumOptional
    access_key_idstringOptional
    secret_keystringOptional
    assume_role_namestringOptional
    assume_role_external_idstringOptional
    db_userstringOptional
    rds_postgres_userstringOptional
    rds_mysql_userstringOptional
    rds_oracle_userstringOptional
    rds_oracle_passwordstringOptional
    redshift_userstringOptional
    itemsinteger · enumOptionalPossible values:
    redshift_database_allow_liststring[]Optional
    redshift_database_deny_liststring[]Optional
    rds_database_allow_liststring[]Optional
    rds_database_deny_liststring[]Optional
    s3_bucket_allow_liststring[]Optional
    s3_bucket_deny_liststring[]Optional
    extraction_policy_namestringOptional
    gather_system_tablesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    gather_rds_oracle_system_schemasbooleanOptional
    rds_db_level_onlybooleanOptional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    client_idstringOptional
    client_secretstringOptional
    provisioningbooleanOptional
    provisioning_identity_store_idstringOptional
    provisioning_scim_endpointstringOptional
    provisioning_scim_tokenstringOptional
    gather_all_iam_policiesbooleanOptional
    documentdb_userstringOptional
    documentdb_passwordstringOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    redshift_database_allow_liststring[]Optional
    redshift_database_deny_liststring[]Optional
    rds_database_allow_liststring[]Optional
    rds_database_deny_liststring[]Optional
    s3_bucket_allow_liststring[]Optional
    s3_bucket_deny_liststring[]Optional
    extraction_policy_namestringOptional
    gather_system_tablesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    gather_rds_oracle_system_schemasbooleanOptional
    team_idstringOptional
    rds_db_level_onlybooleanOptional
    rbac_idstringOptional
    account_idstringOptional
    credentials_typeinteger · enumOptional
    access_key_idstringOptional
    assume_role_namestringOptional
    regionsstring[]Optional
    db_userstringOptional
    redshift_userstringOptional
    rds_mysql_userstringOptional
    rds_postgres_userstringOptional
    rds_oracle_userstringOptional
    servicesinteger · enum[]Optional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    audit_log_cloud_trail_namestringOptional
    audit_log_cloud_trail_regionstringOptional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    client_idstringOptional
    client_secretstringOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    provisioning_identity_store_idstringOptional
    provisioning_scim_endpointstringOptional
    audit_log_extract_for_orgbooleanOptional
    audit_log_skip_extractionbooleanOptional
    gather_all_iam_policiesbooleanOptional
    documentdb_userstringOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    post/api/v1/providers/aws
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    redshift_database_allow_liststring[]Optional
    redshift_database_deny_liststring[]Optional
    rds_database_allow_liststring[]Optional
    rds_database_deny_liststring[]Optional
    s3_bucket_allow_liststring[]Optional
    s3_bucket_deny_liststring[]Optional
    extraction_policy_namestringOptional
    gather_system_tablesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    gather_rds_oracle_system_schemasbooleanOptional
    team_idstringOptional
    rds_db_level_onlybooleanOptional
    rbac_idstringOptional
    account_idstringOptional
    credentials_typeinteger · enumOptional
    access_key_idstringOptional
    assume_role_namestringOptional
    regionsstring[]Optional
    db_userstringOptional
    redshift_userstringOptional
    rds_mysql_userstringOptional
    rds_postgres_userstringOptional
    rds_oracle_userstringOptional
    servicesinteger · enum[]Optional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    audit_log_cloud_trail_namestringOptional
    audit_log_cloud_trail_regionstringOptional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    client_idstringOptional
    client_secretstringOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    provisioning_identity_store_idstringOptional
    provisioning_scim_endpointstringOptional
    audit_log_extract_for_orgbooleanOptional
    audit_log_skip_extractionbooleanOptional
    gather_all_iam_policiesbooleanOptional
    documentdb_userstringOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/aws/{id}
    patch
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    provider.idstringRequired
    Query parameters
    update_maskstring · field-maskOptional
    Body
    idstringOptional
    account_idstringOptional
    credentials_typeinteger · enumOptional
    access_key_idstringOptional
    secret_keystringOptional
    assume_role_namestringOptional
    assume_role_external_idstringOptional
    regionsstring[]Optional
    db_userstringOptional
    redshift_userstringOptional
    rds_mysql_userstringOptional
    rds_postgres_userstringOptional
    rds_oracle_userstringOptional
    rds_oracle_passwordstringOptional
    itemsinteger · enumOptionalPossible values:
    data_plane_idstringOptional
    redshift_database_allow_liststring[]Optional
    redshift_database_deny_liststring[]Optional
    rds_database_allow_liststring[]Optional
    rds_database_deny_liststring[]Optional
    s3_bucket_allow_liststring[]Optional
    s3_bucket_deny_liststring[]Optional
    extraction_policy_namestringOptional
    gather_system_tablesbooleanOptional
    gather_rds_oracle_system_schemasbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    rds_db_level_onlybooleanOptional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    client_idstringOptional
    client_secretstringOptional
    provisioningbooleanOptional
    provisioning_identity_store_idstringOptional
    provisioning_scim_endpointstringOptional
    provisioning_scim_tokenstringOptional
    gather_all_iam_policiesbooleanOptional
    documentdb_userstringOptional
    documentdb_passwordstringOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    redshift_database_allow_liststring[]Optional
    redshift_database_deny_liststring[]Optional
    rds_database_allow_liststring[]Optional
    rds_database_deny_liststring[]Optional
    s3_bucket_allow_liststring[]Optional
    s3_bucket_deny_liststring[]Optional
    extraction_policy_namestringOptional
    gather_system_tablesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    gather_rds_oracle_system_schemasbooleanOptional
    team_idstringOptional
    rds_db_level_onlybooleanOptional
    rbac_idstringOptional
    account_idstringOptional
    credentials_typeinteger · enumOptional
    access_key_idstringOptional
    assume_role_namestringOptional
    regionsstring[]Optional
    db_userstringOptional
    redshift_userstringOptional
    rds_mysql_userstringOptional
    rds_postgres_userstringOptional
    rds_oracle_userstringOptional
    servicesinteger · enum[]Optional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    audit_log_cloud_trail_namestringOptional
    audit_log_cloud_trail_regionstringOptional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    client_idstringOptional
    client_secretstringOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    provisioning_identity_store_idstringOptional
    provisioning_scim_endpointstringOptional
    audit_log_extract_for_orgbooleanOptional
    audit_log_skip_extractionbooleanOptional
    gather_all_iam_policiesbooleanOptional
    documentdb_userstringOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    patch/api/v1/providers/aws/{provider.id}
    delete
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    object · DeleteAwsProviderResponseOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    delete/api/v1/providers/aws/{id}
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Query parameters
    assume_role_external_idstringOptional
    assume_role_namestringOptionalDeprecated
    Responses
    200

    OK

    application/json
    trust_policy_jsonstringOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/aws:trustpolicy
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    requires_updatebooleanOptional
    aws_account_idstringOptional
    current_policystringOptional
    required_policystringOptional
    required_actionsstring[]Optional
    overprivileged_actionsstring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/aws/{id}:checkpolicy
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    gather_guest_usersbooleanOptional
    gather_disabled_usersbooleanOptional
    domainsstring[]Optional
    gather_personal_sitesbooleanOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    government_cloudinteger · enumOptional
    extract_pim_eligibilitybooleanOptional
    dynamics365_environmentsstring[]Optional
    team_idstringOptional
    dynamics_erp_environmentsstring[]Optional
    authentication_typeinteger · enumOptional
    account_idstringOptional
    tenant_idstringOptional
    client_idstringOptional
    servicesinteger · enum[]Optional
    sql_server_database_allow_liststring[]Optional
    sql_server_database_deny_liststring[]Optional
    sql_server_schema_allow_liststring[]Optional
    sql_server_schema_deny_liststring[]Optional
    sql_server_gather_system_databasesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    postgresql_usernamestringOptional
    postgresql_passwordstringOptional
    postgresql_database_allow_liststring[]Optional
    postgresql_database_deny_liststring[]Optional
    postgresql_schema_allow_liststring[]Optional
    postgresql_schema_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    sharepoint_site_allow_liststring[]Optional
    sharepoint_site_deny_liststring[]Optional
    rbac_idstringOptional
    skip_mailbox_foldersbooleanOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    sharepoint_provisioningbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    gather_group_extra_infobooleanOptional
    gather_group_owner_detailsbooleanOptional
    log_analytics_workspace_idstringOptional
    separate_group_app_role_assignment_paginationbooleanOptional
    subscription_id_allow_liststring[]Optional
    subscription_id_deny_liststring[]Optional
    storage_account_name_allow_liststring[]Optional
    storage_account_name_deny_liststring[]Optional
    blob_container_name_allow_liststring[]Optional
    blob_container_name_deny_liststring[]Optional
    m365_agents_refresh_tokenstringOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/azure
    post
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Body
    namestringOptional
    tenant_idstringOptional
    client_idstringOptional
    client_secretstringOptional
    data_plane_idstringOptional
    auth_certificatestringOptional
    auth_certificate_passwordstringOptional
    itemsinteger · enumOptionalPossible values:
    gather_guest_usersbooleanOptional
    gather_disabled_usersbooleanOptional
    domainsstring[]Optional
    gather_personal_sitesbooleanOptional
    government_cloudinteger · enumOptional
    extract_pim_eligibilitybooleanOptional
    dynamics365_environmentsstring[]Optional
    dynamics_erp_environmentsstring[]Optional
    authentication_typeinteger · enumOptional
    sql_server_database_allow_liststring[]Optional
    sql_server_database_deny_liststring[]Optional
    sql_server_schema_allow_liststring[]Optional
    sql_server_schema_deny_liststring[]Optional
    sql_server_gather_system_databasesbooleanOptional
    postgresql_usernamestringOptional
    postgresql_passwordstringOptional
    postgresql_database_allow_liststring[]Optional
    postgresql_database_deny_liststring[]Optional
    postgresql_schema_allow_liststring[]Optional
    postgresql_schema_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    sharepoint_site_allow_liststring[]Optional
    sharepoint_site_deny_liststring[]Optional
    gather_postgresql_system_schemasbooleanOptional
    skip_mailbox_foldersbooleanOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    provisioningbooleanOptional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    sharepoint_provisioningbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    gather_group_extra_infobooleanOptional
    gather_group_owner_detailsbooleanOptional
    log_analytics_workspace_idstringOptional
    separate_group_app_role_assignment_paginationbooleanOptional
    subscription_id_allow_liststring[]Optional
    subscription_id_deny_liststring[]Optional
    storage_account_name_allow_liststring[]Optional
    storage_account_name_deny_liststring[]Optional
    blob_container_name_allow_liststring[]Optional
    blob_container_name_deny_liststring[]Optional
    m365_agents_refresh_tokenstringOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    gather_guest_usersbooleanOptional
    gather_disabled_usersbooleanOptional
    domainsstring[]Optional
    gather_personal_sitesbooleanOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    government_cloudinteger · enumOptional
    extract_pim_eligibilitybooleanOptional
    dynamics365_environmentsstring[]Optional
    team_idstringOptional
    dynamics_erp_environmentsstring[]Optional
    authentication_typeinteger · enumOptional
    account_idstringOptional
    tenant_idstringOptional
    client_idstringOptional
    servicesinteger · enum[]Optional
    sql_server_database_allow_liststring[]Optional
    sql_server_database_deny_liststring[]Optional
    sql_server_schema_allow_liststring[]Optional
    sql_server_schema_deny_liststring[]Optional
    sql_server_gather_system_databasesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    postgresql_usernamestringOptional
    postgresql_passwordstringOptional
    postgresql_database_allow_liststring[]Optional
    postgresql_database_deny_liststring[]Optional
    postgresql_schema_allow_liststring[]Optional
    postgresql_schema_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    sharepoint_site_allow_liststring[]Optional
    sharepoint_site_deny_liststring[]Optional
    rbac_idstringOptional
    skip_mailbox_foldersbooleanOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    sharepoint_provisioningbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    gather_group_extra_infobooleanOptional
    gather_group_owner_detailsbooleanOptional
    log_analytics_workspace_idstringOptional
    separate_group_app_role_assignment_paginationbooleanOptional
    subscription_id_allow_liststring[]Optional
    subscription_id_deny_liststring[]Optional
    storage_account_name_allow_liststring[]Optional
    storage_account_name_deny_liststring[]Optional
    blob_container_name_allow_liststring[]Optional
    blob_container_name_deny_liststring[]Optional
    m365_agents_refresh_tokenstringOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    post/api/v1/providers/azure
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    gather_guest_usersbooleanOptional
    gather_disabled_usersbooleanOptional
    domainsstring[]Optional
    gather_personal_sitesbooleanOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    government_cloudinteger · enumOptional
    extract_pim_eligibilitybooleanOptional
    dynamics365_environmentsstring[]Optional
    team_idstringOptional
    dynamics_erp_environmentsstring[]Optional
    authentication_typeinteger · enumOptional
    account_idstringOptional
    tenant_idstringOptional
    client_idstringOptional
    servicesinteger · enum[]Optional
    sql_server_database_allow_liststring[]Optional
    sql_server_database_deny_liststring[]Optional
    sql_server_schema_allow_liststring[]Optional
    sql_server_schema_deny_liststring[]Optional
    sql_server_gather_system_databasesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    postgresql_usernamestringOptional
    postgresql_passwordstringOptional
    postgresql_database_allow_liststring[]Optional
    postgresql_database_deny_liststring[]Optional
    postgresql_schema_allow_liststring[]Optional
    postgresql_schema_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    sharepoint_site_allow_liststring[]Optional
    sharepoint_site_deny_liststring[]Optional
    rbac_idstringOptional
    skip_mailbox_foldersbooleanOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    sharepoint_provisioningbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    gather_group_extra_infobooleanOptional
    gather_group_owner_detailsbooleanOptional
    log_analytics_workspace_idstringOptional
    separate_group_app_role_assignment_paginationbooleanOptional
    subscription_id_allow_liststring[]Optional
    subscription_id_deny_liststring[]Optional
    storage_account_name_allow_liststring[]Optional
    storage_account_name_deny_liststring[]Optional
    blob_container_name_allow_liststring[]Optional
    blob_container_name_deny_liststring[]Optional
    m365_agents_refresh_tokenstringOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/azure/{id}
    patch
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    provider.idstringRequired
    Query parameters
    update_maskstring · field-maskOptional
    Body
    idstringOptional
    tenant_idstringOptional
    client_idstringOptional
    client_secretstringOptional
    auth_certificatestringOptional
    auth_certificate_passwordstringOptional
    itemsinteger · enumOptionalPossible values:
    gather_guest_usersbooleanOptional
    gather_disabled_usersbooleanOptional
    domainsstring[]Optional
    gather_personal_sitesbooleanOptional
    government_cloudinteger · enumOptional
    extract_pim_eligibilitybooleanOptional
    dynamics365_environmentsstring[]Optional
    dynamics_erp_environmentsstring[]Optional
    authentication_typeinteger · enumOptional
    sql_server_database_allow_liststring[]Optional
    sql_server_database_deny_liststring[]Optional
    sql_server_schema_allow_liststring[]Optional
    sql_server_schema_deny_liststring[]Optional
    sql_server_gather_system_databasesbooleanOptional
    postgresql_usernamestringOptional
    postgresql_passwordstringOptional
    postgresql_database_allow_liststring[]Optional
    postgresql_database_deny_liststring[]Optional
    postgresql_schema_allow_liststring[]Optional
    postgresql_schema_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    sharepoint_site_allow_liststring[]Optional
    sharepoint_site_deny_liststring[]Optional
    gather_postgresql_system_schemasbooleanOptional
    skip_mailbox_foldersbooleanOptional
    data_plane_idstringOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    provisioningbooleanOptional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    sharepoint_provisioningbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    gather_group_extra_infobooleanOptional
    gather_group_owner_detailsbooleanOptional
    log_analytics_workspace_idstringOptional
    separate_group_app_role_assignment_paginationbooleanOptional
    subscription_id_allow_liststring[]Optional
    subscription_id_deny_liststring[]Optional
    storage_account_name_allow_liststring[]Optional
    storage_account_name_deny_liststring[]Optional
    blob_container_name_allow_liststring[]Optional
    blob_container_name_deny_liststring[]Optional
    m365_agents_refresh_tokenstringOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    gather_guest_usersbooleanOptional
    gather_disabled_usersbooleanOptional
    domainsstring[]Optional
    gather_personal_sitesbooleanOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    government_cloudinteger · enumOptional
    extract_pim_eligibilitybooleanOptional
    dynamics365_environmentsstring[]Optional
    team_idstringOptional
    dynamics_erp_environmentsstring[]Optional
    authentication_typeinteger · enumOptional
    account_idstringOptional
    tenant_idstringOptional
    client_idstringOptional
    servicesinteger · enum[]Optional
    sql_server_database_allow_liststring[]Optional
    sql_server_database_deny_liststring[]Optional
    sql_server_schema_allow_liststring[]Optional
    sql_server_schema_deny_liststring[]Optional
    sql_server_gather_system_databasesbooleanOptional
    gather_postgresql_system_schemasbooleanOptional
    postgresql_usernamestringOptional
    postgresql_passwordstringOptional
    postgresql_database_allow_liststring[]Optional
    postgresql_database_deny_liststring[]Optional
    postgresql_schema_allow_liststring[]Optional
    postgresql_schema_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    sharepoint_site_allow_liststring[]Optional
    sharepoint_site_deny_liststring[]Optional
    rbac_idstringOptional
    skip_mailbox_foldersbooleanOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    idstringRead-onlyOptional
    secret_idstringOptional
    typeinteger · enumOptional
    mappingstringOptional
    vault_idstringOptional
    idstringRead-onlyOptional
    namestringOptional

    Must be unique within an insight point

    vault_providerstringOptional

    Provider type: "azure_key_vault", "aws_secrets_manager", etc.

    insight_point_idstringOptional

    Owning insight point ID, or "internal" for control plane vaults

    deletedbooleanOptional

    Soft-deleted flag for external vaults; restored by re-registering (internal vaults are hard-deleted)

    sharepoint_provisioningbooleanOptional
    namestringOptional
    typeinteger · enumOptional
    lcm_unique_identifierbooleanOptional
    gather_group_extra_infobooleanOptional
    gather_group_owner_detailsbooleanOptional
    log_analytics_workspace_idstringOptional
    separate_group_app_role_assignment_paginationbooleanOptional
    subscription_id_allow_liststring[]Optional
    subscription_id_deny_liststring[]Optional
    storage_account_name_allow_liststring[]Optional
    storage_account_name_deny_liststring[]Optional
    blob_container_name_allow_liststring[]Optional
    blob_container_name_deny_liststring[]Optional
    m365_agents_refresh_tokenstringOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    patch/api/v1/providers/azure/{provider.id}
    delete
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    object · DeleteAzureProviderResponseOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    delete/api/v1/providers/azure/{id}
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    workspace_emailstringOptional
    customer_idstringOptional
    servicesinteger · enum[]Optional
    project_allow_liststring[]Optional
    project_deny_liststring[]Optional
    domain_allow_liststring[]Optional
    domain_deny_liststring[]Optional
    dataset_allow_liststring[]Optional
    dataset_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    location_allow_liststring[]Optional
    location_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/google_cloud
    post
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Body
    namestringOptional
    credentials_jsonstring · bytesOptional
    data_plane_idstringOptional
    workspace_emailstringOptional
    customer_idstringOptional
    project_allow_liststring[]Optional
    project_deny_liststring[]Optional
    domain_allow_liststring[]Optional
    domain_deny_liststring[]Optional
    itemsinteger · enumOptionalPossible values:
    dataset_allow_liststring[]Optional
    dataset_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    location_allow_liststring[]Optional
    location_deny_liststring[]Optional
    oauth_configstring · bytesOptional
    oauth_tokenstring · bytesOptional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    provisioningbooleanOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    workspace_emailstringOptional
    customer_idstringOptional
    servicesinteger · enum[]Optional
    project_allow_liststring[]Optional
    project_deny_liststring[]Optional
    domain_allow_liststring[]Optional
    domain_deny_liststring[]Optional
    dataset_allow_liststring[]Optional
    dataset_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    location_allow_liststring[]Optional
    location_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    post/api/v1/providers/google_cloud
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    workspace_emailstringOptional
    customer_idstringOptional
    servicesinteger · enum[]Optional
    project_allow_liststring[]Optional
    project_deny_liststring[]Optional
    domain_allow_liststring[]Optional
    domain_deny_liststring[]Optional
    dataset_allow_liststring[]Optional
    dataset_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    location_allow_liststring[]Optional
    location_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/google_cloud/{id}
    patch
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    provider.idstringRequired
    Query parameters
    update_maskstring · field-maskOptional
    Body
    idstringOptional
    credentials_jsonstring · bytesOptional
    workspace_emailstringOptional
    customer_idstringOptional
    project_allow_liststring[]Optional
    project_deny_liststring[]Optional
    domain_allow_liststring[]Optional
    domain_deny_liststring[]Optional
    itemsinteger · enumOptionalPossible values:
    data_plane_idstringOptional
    dataset_allow_liststring[]Optional
    dataset_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    location_allow_liststring[]Optional
    location_deny_liststring[]Optional
    oauth_configstring · bytesOptional
    oauth_tokenstring · bytesOptional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    provisioningbooleanOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    workspace_emailstringOptional
    customer_idstringOptional
    servicesinteger · enum[]Optional
    project_allow_liststring[]Optional
    project_deny_liststring[]Optional
    domain_allow_liststring[]Optional
    domain_deny_liststring[]Optional
    dataset_allow_liststring[]Optional
    dataset_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    location_allow_liststring[]Optional
    location_deny_liststring[]Optional
    account_idstringOptional
    tag_name_collector_clusterstringOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    destination_datasource_typestringOptional
    destination_datasource_oaa_app_typestringOptional
    typeinteger · enumOptional
    modeinteger · enumOptional
    transformationsinteger · enum[]Optional
    custom_valuestringOptional
    source_propertyinteger · enumOptional
    destination_propertyinteger · enumOptional
    custom_source_propertystringOptional
    custom_destination_propertystringOptional
    source_idstringOptional
    destination_idstringOptional
    typestringOptional
    oaa_app_typestringOptional
    property_match_operatorinteger · enumOptional
    use_emailbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    patch/api/v1/providers/google_cloud/{provider.id}
    delete
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    object · DeleteGoogleCloudProviderResponseOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    delete/api/v1/providers/google_cloud/{id}
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    account_locatorstringOptional
    regionstringOptional
    cloudstringOptional
    userstringOptional
    rolestringOptional
    warehousestringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    alternative_database_namestringOptional
    authentication_methodinteger · enumOptional
    extract_tagsbooleanOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    export_databasestringOptional
    export_schemastringOptional
    export_userstringOptional
    export_rolestringOptional
    export_authentication_methodinteger · enumOptional
    organization_accountbooleanOptional
    connection_typeinteger · enumOptional
    account_namestringOptional
    org_namestringOptional
    private_linkbooleanOptional
    alternative_account_usage_schema_namestringOptional
    gather_masking_policiesbooleanOptional
    gather_row_access_policiesbooleanOptional
    gather_network_policiesbooleanOptional
    gather_projection_policiesbooleanOptional
    gather_password_policiesbooleanOptional
    gather_login_source_ipbooleanOptional
    external_oauth_aws_regionstringOptional

    External OAuth specific fields

    external_oauth_ida_provider_uristringOptional
    external_oauth_ida_resource_uristringOptional
    external_oauth_c2c_audience_uristringOptional
    account_allow_liststring[]Optional

    Organization account filtering

    account_deny_liststring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/snowflake
    post
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Body
    namestringOptional
    account_locatorstringOptional
    regionstringOptional
    cloudstringOptional
    userstringOptional
    passwordstringOptional
    rolestringOptional
    warehousestringOptional
    data_plane_idstringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    alternative_database_namestringOptional
    authentication_methodinteger · enumOptional
    private_keystringOptional
    private_key_passwordstringOptional
    extract_tagsbooleanOptional
    export_databasestringOptional
    export_schemastringOptional
    export_userstringOptional
    export_rolestringOptional
    export_authentication_methodinteger · enumOptional
    export_private_keystringOptional
    export_private_key_passwordstringOptional
    export_passwordstringOptional
    provisioningbooleanOptional
    connection_typeinteger · enumOptional
    account_namestringOptional
    org_namestringOptional
    private_linkbooleanOptional
    alternative_account_usage_schema_namestringOptional
    gather_masking_policiesbooleanOptional
    gather_row_access_policiesbooleanOptional
    gather_network_policiesbooleanOptional
    gather_projection_policiesbooleanOptional
    organization_accountbooleanOptional
    gather_password_policiesbooleanOptional
    gather_login_source_ipbooleanOptional
    external_oauth_aws_regionstringOptional

    External OAuth specific fields

    external_oauth_ida_provider_uristringOptional
    external_oauth_ida_resource_uristringOptional
    external_oauth_c2c_audience_uristringOptional
    account_allow_liststring[]Optional

    Organization account filtering

    account_deny_liststring[]Optional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    account_locatorstringOptional
    regionstringOptional
    cloudstringOptional
    userstringOptional
    rolestringOptional
    warehousestringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    alternative_database_namestringOptional
    authentication_methodinteger · enumOptional
    extract_tagsbooleanOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    export_databasestringOptional
    export_schemastringOptional
    export_userstringOptional
    export_rolestringOptional
    export_authentication_methodinteger · enumOptional
    organization_accountbooleanOptional
    connection_typeinteger · enumOptional
    account_namestringOptional
    org_namestringOptional
    private_linkbooleanOptional
    alternative_account_usage_schema_namestringOptional
    gather_masking_policiesbooleanOptional
    gather_row_access_policiesbooleanOptional
    gather_network_policiesbooleanOptional
    gather_projection_policiesbooleanOptional
    gather_password_policiesbooleanOptional
    gather_login_source_ipbooleanOptional
    external_oauth_aws_regionstringOptional

    External OAuth specific fields

    external_oauth_ida_provider_uristringOptional
    external_oauth_ida_resource_uristringOptional
    external_oauth_c2c_audience_uristringOptional
    account_allow_liststring[]Optional

    Organization account filtering

    account_deny_liststring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    post/api/v1/providers/snowflake
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    account_locatorstringOptional
    regionstringOptional
    cloudstringOptional
    userstringOptional
    rolestringOptional
    warehousestringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    alternative_database_namestringOptional
    authentication_methodinteger · enumOptional
    extract_tagsbooleanOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    export_databasestringOptional
    export_schemastringOptional
    export_userstringOptional
    export_rolestringOptional
    export_authentication_methodinteger · enumOptional
    organization_accountbooleanOptional
    connection_typeinteger · enumOptional
    account_namestringOptional
    org_namestringOptional
    private_linkbooleanOptional
    alternative_account_usage_schema_namestringOptional
    gather_masking_policiesbooleanOptional
    gather_row_access_policiesbooleanOptional
    gather_network_policiesbooleanOptional
    gather_projection_policiesbooleanOptional
    gather_password_policiesbooleanOptional
    gather_login_source_ipbooleanOptional
    external_oauth_aws_regionstringOptional

    External OAuth specific fields

    external_oauth_ida_provider_uristringOptional
    external_oauth_ida_resource_uristringOptional
    external_oauth_c2c_audience_uristringOptional
    account_allow_liststring[]Optional

    Organization account filtering

    account_deny_liststring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/snowflake/{id}
    patch
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    provider.idstringRequired
    Query parameters
    update_maskstring · field-maskOptional
    Body
    idstringOptional
    account_locatorstringOptional
    regionstringOptional
    cloudstringOptional
    userstringOptional
    passwordstringOptional
    rolestringOptional
    warehousestringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    alternative_database_namestringOptional
    authentication_methodinteger · enumOptional
    private_keystringOptional
    private_key_passwordstringOptional
    extract_tagsbooleanOptional
    data_plane_idstringOptional
    export_databasestringOptional
    export_schemastringOptional
    export_userstringOptional
    export_rolestringOptional
    export_authentication_methodinteger · enumOptional
    export_private_keystringOptional
    export_private_key_passwordstringOptional
    export_passwordstringOptional
    gather_masking_policiesbooleanOptional
    gather_row_access_policiesbooleanOptional
    gather_projection_policiesbooleanOptional
    organization_accountbooleanOptional
    gather_password_policiesbooleanOptional
    gather_login_source_ipbooleanOptional
    provisioningbooleanOptional
    connection_typeinteger · enumOptional
    account_namestringOptional
    org_namestringOptional
    private_linkbooleanOptional
    alternative_account_usage_schema_namestringOptional
    gather_network_policiesbooleanOptional
    external_oauth_aws_regionstringOptional

    External OAuth specific fields

    external_oauth_ida_provider_uristringOptional
    external_oauth_ida_resource_uristringOptional
    external_oauth_c2c_audience_uristringOptional
    account_allow_liststring[]Optional

    Organization account filtering

    account_deny_liststring[]Optional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    account_locatorstringOptional
    regionstringOptional
    cloudstringOptional
    userstringOptional
    rolestringOptional
    warehousestringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    stateinteger · enumOptional
    statusinteger · enumOptional
    cursorstring · date-timeOptional
    synced_atstring · date-timeOptional
    alternative_database_namestringOptional
    authentication_methodinteger · enumOptional
    extract_tagsbooleanOptional
    provisioningbooleanOptional
    lifecycle_management_stateinteger · enumOptional
    export_databasestringOptional
    export_schemastringOptional
    export_userstringOptional
    export_rolestringOptional
    export_authentication_methodinteger · enumOptional
    organization_accountbooleanOptional
    connection_typeinteger · enumOptional
    account_namestringOptional
    org_namestringOptional
    private_linkbooleanOptional
    alternative_account_usage_schema_namestringOptional
    gather_masking_policiesbooleanOptional
    gather_row_access_policiesbooleanOptional
    gather_network_policiesbooleanOptional
    gather_projection_policiesbooleanOptional
    gather_password_policiesbooleanOptional
    gather_login_source_ipbooleanOptional
    external_oauth_aws_regionstringOptional

    External OAuth specific fields

    external_oauth_ida_provider_uristringOptional
    external_oauth_ida_resource_uristringOptional
    external_oauth_c2c_audience_uristringOptional
    account_allow_liststring[]Optional

    Organization account filtering

    account_deny_liststring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    patch/api/v1/providers/snowflake/{provider.id}
    delete
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    object · DeleteSnowflakeProviderResponseOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    delete/api/v1/providers/snowflake/{id}
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    gather_system_databasesbooleanOptional
    instance_namestringOptional
    use_tls_connectorbooleanOptional
    use_legacy_tls_ciphersbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/sqlserver
    post
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Body
    namestringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    passwordstringOptional
    data_plane_idstringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    gather_system_databasesbooleanOptional
    instance_namestringOptional
    use_tls_connectorbooleanOptional
    use_legacy_tls_ciphersbooleanOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    post/api/v1/providers/sqlserver
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    gather_system_databasesbooleanOptional
    instance_namestringOptional
    use_tls_connectorbooleanOptional
    use_legacy_tls_ciphersbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/sqlserver/{id}
    patch
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    provider.idstringRequired
    Query parameters
    update_maskstring · field-maskOptional
    Body
    idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    passwordstringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    gather_system_databasesbooleanOptional
    instance_namestringOptional
    use_tls_connectorbooleanOptional
    use_legacy_tls_ciphersbooleanOptional
    data_plane_idstringOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    database_allow_liststring[]Optional
    database_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    gather_system_databasesbooleanOptional
    instance_namestringOptional
    use_tls_connectorbooleanOptional
    use_legacy_tls_ciphersbooleanOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    patch/api/v1/providers/sqlserver/{provider.id}
    delete
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    object · DeleteSQLServerProviderResponseOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    delete/api/v1/providers/sqlserver/{id}
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    access_keystringOptional
    regionstringOptional
    bucketstringOptional
    objectstringOptional
    credentials_typeinteger · enumOptional
    assume_role_namestringOptional
    account_idstringOptional
    ssl_certificatestringOptional
    catalog_allow_liststring[]Optional
    catalog_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/trino
    post
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Body
    namestringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    passwordstringOptional
    data_plane_idstringOptional
    access_keystringOptional
    secret_keystringOptional
    regionstringOptional
    bucketstringOptional
    objectstringOptional
    credentials_typeinteger · enumOptional
    assume_role_namestringOptional
    assume_role_external_idstringOptional
    account_idstringOptional
    ssl_certificatestringOptional
    catalog_allow_liststring[]Optional
    catalog_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    access_keystringOptional
    regionstringOptional
    bucketstringOptional
    objectstringOptional
    credentials_typeinteger · enumOptional
    assume_role_namestringOptional
    account_idstringOptional
    ssl_certificatestringOptional
    catalog_allow_liststring[]Optional
    catalog_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    post/api/v1/providers/trino
    get
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    access_keystringOptional
    regionstringOptional
    bucketstringOptional
    objectstringOptional
    credentials_typeinteger · enumOptional
    assume_role_namestringOptional
    account_idstringOptional
    ssl_certificatestringOptional
    catalog_allow_liststring[]Optional
    catalog_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    get/api/v1/providers/trino/{id}
    patch
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    provider.idstringRequired
    Query parameters
    update_maskstring · field-maskOptional
    Body
    idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    passwordstringOptional
    access_keystringOptional
    secret_keystringOptional
    regionstringOptional
    bucketstringOptional
    objectstringOptional
    credentials_typeinteger · enumOptional
    assume_role_namestringOptional
    assume_role_external_idstringOptional
    account_idstringOptional
    ssl_certificatestringOptional
    catalog_allow_liststring[]Optional
    catalog_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    data_plane_idstringOptional
    Responses
    200

    OK

    application/json
    idstringOptional
    vendor_idstringOptional
    namestringOptional
    typeinteger · enumOptional
    stateinteger · enumOptional
    data_plane_idstringOptional
    statusinteger · enumOptional
    team_idstringOptional
    rbac_idstringOptional
    hoststringOptional
    portinteger · int32Optional
    usernamestringOptional
    access_keystringOptional
    regionstringOptional
    bucketstringOptional
    objectstringOptional
    credentials_typeinteger · enumOptional
    assume_role_namestringOptional
    account_idstringOptional
    ssl_certificatestringOptional
    catalog_allow_liststring[]Optional
    catalog_deny_liststring[]Optional
    schema_allow_liststring[]Optional
    schema_deny_liststring[]Optional
    table_allow_liststring[]Optional
    table_deny_liststring[]Optional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    patch/api/v1/providers/trino/{provider.id}
    delete
    Authorizations
    AuthorizationstringRequired

    Veza API key for authentication. Generate keys in Administration > API Keys.

    Path parameters
    idstringRequired
    Responses
    200

    OK

    application/json
    object · DeleteTrinoProviderResponseOptional
    default

    Default error response

    application/json

    The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

    codeinteger · int32Optional

    The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

    messagestringOptional

    A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

    @typestringOptional

    The type of the serialized message.

    Other propertiesanyOptional
    delete/api/v1/providers/trino/{id}
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "redshift_database_allow_list": [
          "text"
        ],
        "redshift_database_deny_list": [
          "text"
        ],
        "rds_database_allow_list": [
          "text"
        ],
        "rds_database_deny_list": [
          "text"
        ],
        "s3_bucket_allow_list": [
          "text"
        ],
        "s3_bucket_deny_list": [
          "text"
        ],
        "extraction_policy_name": "text",
        "gather_system_tables": true,
        "gather_postgresql_system_schemas": true,
        "gather_rds_oracle_system_schemas": true,
        "team_id": "text",
        "rds_db_level_only": true,
        "rbac_id": "text",
        "account_id": "text",
        "credentials_type": 1,
        "access_key_id": "text",
        "assume_role_name": "text",
        "regions": [
          "text"
        ],
        "db_user": "text",
        "redshift_user": "text",
        "rds_mysql_user": "text",
        "rds_postgres_user": "text",
        "rds_oracle_user": "text",
        "services": [
          1
        ],
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "audit_log_cloud_trail_name": "text",
        "audit_log_cloud_trail_region": "text",
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "databricks_oauth_m2m_credentials": {
          "client_id": "text",
          "client_secret": "text"
        },
        "provisioning": true,
        "lifecycle_management_state": 1,
        "provisioning_identity_store_id": "text",
        "provisioning_scim_endpoint": "text",
        "audit_log_extract_for_org": true,
        "audit_log_skip_extraction": true,
        "gather_all_iam_policies": true,
        "documentdb_user": "text",
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        }
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "redshift_database_allow_list": [
          "text"
        ],
        "redshift_database_deny_list": [
          "text"
        ],
        "rds_database_allow_list": [
          "text"
        ],
        "rds_database_deny_list": [
          "text"
        ],
        "s3_bucket_allow_list": [
          "text"
        ],
        "s3_bucket_deny_list": [
          "text"
        ],
        "extraction_policy_name": "text",
        "gather_system_tables": true,
        "gather_postgresql_system_schemas": true,
        "gather_rds_oracle_system_schemas": true,
        "team_id": "text",
        "rds_db_level_only": true,
        "rbac_id": "text",
        "account_id": "text",
        "credentials_type": 1,
        "access_key_id": "text",
        "assume_role_name": "text",
        "regions": [
          "text"
        ],
        "db_user": "text",
        "redshift_user": "text",
        "rds_mysql_user": "text",
        "rds_postgres_user": "text",
        "rds_oracle_user": "text",
        "services": [
          1
        ],
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "audit_log_cloud_trail_name": "text",
        "audit_log_cloud_trail_region": "text",
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "databricks_oauth_m2m_credentials": {
          "client_id": "text",
          "client_secret": "text"
        },
        "provisioning": true,
        "lifecycle_management_state": 1,
        "provisioning_identity_store_id": "text",
        "provisioning_scim_endpoint": "text",
        "audit_log_extract_for_org": true,
        "audit_log_skip_extraction": true,
        "gather_all_iam_policies": true,
        "documentdb_user": "text",
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        }
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "gather_guest_users": true,
        "gather_disabled_users": true,
        "domains": [
          "text"
        ],
        "gather_personal_sites": true,
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "government_cloud": 1,
        "extract_pim_eligibility": true,
        "dynamics365_environments": [
          "text"
        ],
        "team_id": "text",
        "dynamics_erp_environments": [
          "text"
        ],
        "authentication_type": 1,
        "account_id": "text",
        "tenant_id": "text",
        "client_id": "text",
        "services": [
          1
        ],
        "sql_server_database_allow_list": [
          "text"
        ],
        "sql_server_database_deny_list": [
          "text"
        ],
        "sql_server_schema_allow_list": [
          "text"
        ],
        "sql_server_schema_deny_list": [
          "text"
        ],
        "sql_server_gather_system_databases": true,
        "gather_postgresql_system_schemas": true,
        "postgresql_username": "text",
        "postgresql_password": "text",
        "postgresql_database_allow_list": [
          "text"
        ],
        "postgresql_database_deny_list": [
          "text"
        ],
        "postgresql_schema_allow_list": [
          "text"
        ],
        "postgresql_schema_deny_list": [
          "text"
        ],
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "sharepoint_site_allow_list": [
          "text"
        ],
        "sharepoint_site_deny_list": [
          "text"
        ],
        "rbac_id": "text",
        "skip_mailbox_folders": true,
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        },
        "user_custom_properties": [
          {
            "name": "text",
            "type": 1,
            "lcm_unique_identifier": true
          }
        ],
        "provisioning": true,
        "lifecycle_management_state": 1,
        "secret_references": [
          {
            "id": "text",
            "secret_id": "text",
            "secret_mapping": {
              "type": 1,
              "mapping": "text"
            },
            "vault_id": "text",
            "vault": {
              "id": "text",
              "name": "text",
              "vault_provider": "text",
              "insight_point_id": "text",
              "deleted": true
            }
          }
        ],
        "sharepoint_provisioning": true,
        "user_extra_properties": [
          {
            "name": "text",
            "type": 1,
            "lcm_unique_identifier": true
          }
        ],
        "gather_group_extra_info": true,
        "gather_group_owner_details": true,
        "log_analytics_workspace_id": "text",
        "separate_group_app_role_assignment_pagination": true,
        "subscription_id_allow_list": [
          "text"
        ],
        "subscription_id_deny_list": [
          "text"
        ],
        "storage_account_name_allow_list": [
          "text"
        ],
        "storage_account_name_deny_list": [
          "text"
        ],
        "blob_container_name_allow_list": [
          "text"
        ],
        "blob_container_name_deny_list": [
          "text"
        ],
        "m365_agents_refresh_token": "text"
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "gather_guest_users": true,
        "gather_disabled_users": true,
        "domains": [
          "text"
        ],
        "gather_personal_sites": true,
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "government_cloud": 1,
        "extract_pim_eligibility": true,
        "dynamics365_environments": [
          "text"
        ],
        "team_id": "text",
        "dynamics_erp_environments": [
          "text"
        ],
        "authentication_type": 1,
        "account_id": "text",
        "tenant_id": "text",
        "client_id": "text",
        "services": [
          1
        ],
        "sql_server_database_allow_list": [
          "text"
        ],
        "sql_server_database_deny_list": [
          "text"
        ],
        "sql_server_schema_allow_list": [
          "text"
        ],
        "sql_server_schema_deny_list": [
          "text"
        ],
        "sql_server_gather_system_databases": true,
        "gather_postgresql_system_schemas": true,
        "postgresql_username": "text",
        "postgresql_password": "text",
        "postgresql_database_allow_list": [
          "text"
        ],
        "postgresql_database_deny_list": [
          "text"
        ],
        "postgresql_schema_allow_list": [
          "text"
        ],
        "postgresql_schema_deny_list": [
          "text"
        ],
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "sharepoint_site_allow_list": [
          "text"
        ],
        "sharepoint_site_deny_list": [
          "text"
        ],
        "rbac_id": "text",
        "skip_mailbox_folders": true,
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        },
        "user_custom_properties": [
          {
            "name": "text",
            "type": 1,
            "lcm_unique_identifier": true
          }
        ],
        "provisioning": true,
        "lifecycle_management_state": 1,
        "secret_references": [
          {
            "id": "text",
            "secret_id": "text",
            "secret_mapping": {
              "type": 1,
              "mapping": "text"
            },
            "vault_id": "text",
            "vault": {
              "id": "text",
              "name": "text",
              "vault_provider": "text",
              "insight_point_id": "text",
              "deleted": true
            }
          }
        ],
        "sharepoint_provisioning": true,
        "user_extra_properties": [
          {
            "name": "text",
            "type": 1,
            "lcm_unique_identifier": true
          }
        ],
        "gather_group_extra_info": true,
        "gather_group_owner_details": true,
        "log_analytics_workspace_id": "text",
        "separate_group_app_role_assignment_pagination": true,
        "subscription_id_allow_list": [
          "text"
        ],
        "subscription_id_deny_list": [
          "text"
        ],
        "storage_account_name_allow_list": [
          "text"
        ],
        "storage_account_name_deny_list": [
          "text"
        ],
        "blob_container_name_allow_list": [
          "text"
        ],
        "blob_container_name_deny_list": [
          "text"
        ],
        "m365_agents_refresh_token": "text"
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "workspace_email": "text",
        "customer_id": "text",
        "services": [
          1
        ],
        "project_allow_list": [
          "text"
        ],
        "project_deny_list": [
          "text"
        ],
        "domain_allow_list": [
          "text"
        ],
        "domain_deny_list": [
          "text"
        ],
        "dataset_allow_list": [
          "text"
        ],
        "dataset_deny_list": [
          "text"
        ],
        "table_allow_list": [
          "text"
        ],
        "table_deny_list": [
          "text"
        ],
        "location_allow_list": [
          "text"
        ],
        "location_deny_list": [
          "text"
        ],
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "provisioning": true,
        "lifecycle_management_state": 1,
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        }
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "workspace_email": "text",
        "customer_id": "text",
        "services": [
          1
        ],
        "project_allow_list": [
          "text"
        ],
        "project_deny_list": [
          "text"
        ],
        "domain_allow_list": [
          "text"
        ],
        "domain_deny_list": [
          "text"
        ],
        "dataset_allow_list": [
          "text"
        ],
        "dataset_deny_list": [
          "text"
        ],
        "table_allow_list": [
          "text"
        ],
        "table_deny_list": [
          "text"
        ],
        "location_allow_list": [
          "text"
        ],
        "location_deny_list": [
          "text"
        ],
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "provisioning": true,
        "lifecycle_management_state": 1,
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        }
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "account_locator": "text",
        "region": "text",
        "cloud": "text",
        "user": "text",
        "role": "text",
        "warehouse": "text",
        "database_allow_list": [
          "text"
        ],
        "database_deny_list": [
          "text"
        ],
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "alternative_database_name": "text",
        "authentication_method": 1,
        "extract_tags": true,
        "provisioning": true,
        "lifecycle_management_state": 1,
        "export_database": "text",
        "export_schema": "text",
        "export_user": "text",
        "export_role": "text",
        "export_authentication_method": 1,
        "organization_account": true,
        "connection_type": 1,
        "account_name": "text",
        "org_name": "text",
        "private_link": true,
        "alternative_account_usage_schema_name": "text",
        "gather_masking_policies": true,
        "gather_row_access_policies": true,
        "gather_network_policies": true,
        "gather_projection_policies": true,
        "gather_password_policies": true,
        "gather_login_source_ip": true,
        "external_oauth_aws_region": "text",
        "external_oauth_ida_provider_uri": "text",
        "external_oauth_ida_resource_uri": "text",
        "external_oauth_c2c_audience_uri": "text",
        "account_allow_list": [
          "text"
        ],
        "account_deny_list": [
          "text"
        ]
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "account_locator": "text",
        "region": "text",
        "cloud": "text",
        "user": "text",
        "role": "text",
        "warehouse": "text",
        "database_allow_list": [
          "text"
        ],
        "database_deny_list": [
          "text"
        ],
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "alternative_database_name": "text",
        "authentication_method": 1,
        "extract_tags": true,
        "provisioning": true,
        "lifecycle_management_state": 1,
        "export_database": "text",
        "export_schema": "text",
        "export_user": "text",
        "export_role": "text",
        "export_authentication_method": 1,
        "organization_account": true,
        "connection_type": 1,
        "account_name": "text",
        "org_name": "text",
        "private_link": true,
        "alternative_account_usage_schema_name": "text",
        "gather_masking_policies": true,
        "gather_row_access_policies": true,
        "gather_network_policies": true,
        "gather_projection_policies": true,
        "gather_password_policies": true,
        "gather_login_source_ip": true,
        "external_oauth_aws_region": "text",
        "external_oauth_ida_provider_uri": "text",
        "external_oauth_ida_resource_uri": "text",
        "external_oauth_c2c_audience_uri": "text",
        "account_allow_list": [
          "text"
        ],
        "account_deny_list": [
          "text"
        ]
      }
    }
    {
      "id": "text"
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "host": "text",
        "port": 1,
        "username": "text",
        "database_allow_list": [
          "text"
        ],
        "database_deny_list": [
          "text"
        ],
        "schema_allow_list": [
          "text"
        ],
        "schema_deny_list": [
          "text"
        ],
        "gather_system_databases": true,
        "instance_name": "text",
        "use_tls_connector": true,
        "use_legacy_tls_ciphers": true
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "host": "text",
        "port": 1,
        "username": "text",
        "aws_s3_object_config": {
          "access_key": "text",
          "region": "text",
          "bucket": "text",
          "object": "text",
          "credentials_type": 1,
          "assume_role_name": "text",
          "account_id": "text"
        },
        "ssl_certificate": "text",
        "catalog_allow_list": [
          "text"
        ],
        "catalog_deny_list": [
          "text"
        ],
        "schema_allow_list": [
          "text"
        ],
        "schema_deny_list": [
          "text"
        ],
        "table_allow_list": [
          "text"
        ],
        "table_deny_list": [
          "text"
        ]
      }
    }
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "host": "text",
        "port": 1,
        "username": "text",
        "aws_s3_object_config": {
          "access_key": "text",
          "region": "text",
          "bucket": "text",
          "object": "text",
          "credentials_type": 1,
          "assume_role_name": "text",
          "account_id": "text"
        },
        "ssl_certificate": "text",
        "catalog_allow_list": [
          "text"
        ],
        "catalog_deny_list": [
          "text"
        ],
        "schema_allow_list": [
          "text"
        ],
        "schema_deny_list": [
          "text"
        ],
        "table_allow_list": [
          "text"
        ],
        "table_deny_list": [
          "text"
        ]
      }
    }
    GET /api/v1/providers/aws HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "values": [
        {
          "id": "text",
          "vendor_id": "text",
          "name": "text",
          "type": 1,
          "state": 1,
          "data_plane_id": "text",
          "status": 1,
          "redshift_database_allow_list": [
            "text"
          ],
          "redshift_database_deny_list": [
            "text"
          ],
          "rds_database_allow_list": [
            "text"
          ],
          "rds_database_deny_list": [
            "text"
          ],
          "s3_bucket_allow_list": [
            "text"
          ],
          "s3_bucket_deny_list": [
            "text"
          ],
          "extraction_policy_name": "text",
          "gather_system_tables": true,
          "gather_postgresql_system_schemas": true,
          "gather_rds_oracle_system_schemas": true,
          "team_id": "text",
          "rds_db_level_only": true,
          "rbac_id": "text",
          "account_id": "text",
          "credentials_type": 1,
          "access_key_id": "text",
          "assume_role_name": "text",
          "regions": [
            "text"
          ],
          "db_user": "text",
          "redshift_user": "text",
          "rds_mysql_user": "text",
          "rds_postgres_user": "text",
          "rds_oracle_user": "text",
          "services": [
            1
          ],
          "audit_log": {
            "state": 1,
            "status": 1,
            "cursor": "2026-07-19T12:46:46.939Z",
            "synced_at": "2026-07-19T12:46:46.939Z"
          },
          "audit_log_cloud_trail_name": "text",
          "audit_log_cloud_trail_region": "text",
          "databricks_cloud_config": {
            "account_id": "text",
            "tag_name_collector_cluster": "text"
          },
          "databricks_oauth_m2m_credentials": {
            "client_id": "text",
            "client_secret": "text"
          },
          "provisioning": true,
          "lifecycle_management_state": 1,
          "provisioning_identity_store_id": "text",
          "provisioning_scim_endpoint": "text",
          "audit_log_extract_for_org": true,
          "audit_log_skip_extraction": true,
          "gather_all_iam_policies": true,
          "documentdb_user": "text",
          "identity_mapping_configuration": {
            "mappings": [
              {
                "destination_datasource_type": "text",
                "destination_datasource_oaa_app_type": "text",
                "type": 1,
                "mode": 1,
                "transformations": [
                  1
                ],
                "custom_value": "text",
                "property_matchers": [
                  {
                    "source_property": 1,
                    "destination_property": 1,
                    "custom_source_property": "text",
                    "custom_destination_property": "text"
                  }
                ],
                "id_matchers": [
                  {
                    "source_id": "text",
                    "destination_id": "text"
                  }
                ],
                "destination_datasources": [
                  {
                    "type": "text",
                    "oaa_app_type": "text"
                  }
                ],
                "property_match_operator": 1
              }
            ],
            "use_email": true
          }
        }
      ]
    }
    POST /api/v1/providers/aws HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 1617
    
    {
      "name": "text",
      "account_id": "text",
      "regions": [
        "text"
      ],
      "data_plane_id": "text",
      "credentials_type": 1,
      "access_key_id": "text",
      "secret_key": "text",
      "assume_role_name": "text",
      "assume_role_external_id": "text",
      "db_user": "text",
      "rds_postgres_user": "text",
      "rds_mysql_user": "text",
      "rds_oracle_user": "text",
      "rds_oracle_password": "text",
      "redshift_user": "text",
      "services": [
        1
      ],
      "redshift_database_allow_list": [
        "text"
      ],
      "redshift_database_deny_list": [
        "text"
      ],
      "rds_database_allow_list": [
        "text"
      ],
      "rds_database_deny_list": [
        "text"
      ],
      "s3_bucket_allow_list": [
        "text"
      ],
      "s3_bucket_deny_list": [
        "text"
      ],
      "extraction_policy_name": "text",
      "gather_system_tables": true,
      "gather_postgresql_system_schemas": true,
      "gather_rds_oracle_system_schemas": true,
      "rds_db_level_only": true,
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "databricks_oauth_m2m_credentials": {
        "client_id": "text",
        "client_secret": "text"
      },
      "provisioning": true,
      "provisioning_identity_store_id": "text",
      "provisioning_scim_endpoint": "text",
      "provisioning_scim_token": "text",
      "gather_all_iam_policies": true,
      "documentdb_user": "text",
      "documentdb_password": "text",
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ],
            "property_match_operator": 1
          }
        ],
        "use_email": true
      }
    }
    GET /api/v1/providers/aws/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "redshift_database_allow_list": [
          "text"
        ],
        "redshift_database_deny_list": [
          "text"
        ],
        "rds_database_allow_list": [
          "text"
        ],
        "rds_database_deny_list": [
          "text"
        ],
        "s3_bucket_allow_list": [
          "text"
        ],
        "s3_bucket_deny_list": [
          "text"
        ],
        "extraction_policy_name": "text",
        "gather_system_tables": true,
        "gather_postgresql_system_schemas": true,
        "gather_rds_oracle_system_schemas": true,
        "team_id": "text",
        "rds_db_level_only": true,
        "rbac_id": "text",
        "account_id": "text",
        "credentials_type": 1,
        "access_key_id": "text",
        "assume_role_name": "text",
        "regions": [
          "text"
        ],
        "db_user": "text",
        "redshift_user": "text",
        "rds_mysql_user": "text",
        "rds_postgres_user": "text",
        "rds_oracle_user": "text",
        "services": [
          1
        ],
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "audit_log_cloud_trail_name": "text",
        "audit_log_cloud_trail_region": "text",
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "databricks_oauth_m2m_credentials": {
          "client_id": "text",
          "client_secret": "text"
        },
        "provisioning": true,
        "lifecycle_management_state": 1,
        "provisioning_identity_store_id": "text",
        "provisioning_scim_endpoint": "text",
        "audit_log_extract_for_org": true,
        "audit_log_skip_extraction": true,
        "gather_all_iam_policies": true,
        "documentdb_user": "text",
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        }
      }
    }
    PATCH /api/v1/providers/aws/{provider.id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 1615
    
    {
      "id": "text",
      "account_id": "text",
      "credentials_type": 1,
      "access_key_id": "text",
      "secret_key": "text",
      "assume_role_name": "text",
      "assume_role_external_id": "text",
      "regions": [
        "text"
      ],
      "db_user": "text",
      "redshift_user": "text",
      "rds_mysql_user": "text",
      "rds_postgres_user": "text",
      "rds_oracle_user": "text",
      "rds_oracle_password": "text",
      "services": [
        1
      ],
      "data_plane_id": "text",
      "redshift_database_allow_list": [
        "text"
      ],
      "redshift_database_deny_list": [
        "text"
      ],
      "rds_database_allow_list": [
        "text"
      ],
      "rds_database_deny_list": [
        "text"
      ],
      "s3_bucket_allow_list": [
        "text"
      ],
      "s3_bucket_deny_list": [
        "text"
      ],
      "extraction_policy_name": "text",
      "gather_system_tables": true,
      "gather_rds_oracle_system_schemas": true,
      "gather_postgresql_system_schemas": true,
      "rds_db_level_only": true,
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "databricks_oauth_m2m_credentials": {
        "client_id": "text",
        "client_secret": "text"
      },
      "provisioning": true,
      "provisioning_identity_store_id": "text",
      "provisioning_scim_endpoint": "text",
      "provisioning_scim_token": "text",
      "gather_all_iam_policies": true,
      "documentdb_user": "text",
      "documentdb_password": "text",
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ],
            "property_match_operator": 1
          }
        ],
        "use_email": true
      }
    }
    DELETE /api/v1/providers/aws/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {}
    GET /api/v1/providers/aws:trustpolicy HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "trust_policy_json": "text"
    }
    GET /api/v1/providers/aws/{id}:checkpolicy HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "requires_update": true,
      "aws_account_id": "text",
      "current_policy": "text",
      "required_policy": "text",
      "required_actions": [
        "text"
      ],
      "overprivileged_actions": [
        "text"
      ]
    }
    GET /api/v1/providers/azure HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "values": [
        {
          "id": "text",
          "vendor_id": "text",
          "name": "text",
          "type": 1,
          "state": 1,
          "data_plane_id": "text",
          "status": 1,
          "gather_guest_users": true,
          "gather_disabled_users": true,
          "domains": [
            "text"
          ],
          "gather_personal_sites": true,
          "audit_log": {
            "state": 1,
            "status": 1,
            "cursor": "2026-07-19T12:46:46.939Z",
            "synced_at": "2026-07-19T12:46:46.939Z"
          },
          "government_cloud": 1,
          "extract_pim_eligibility": true,
          "dynamics365_environments": [
            "text"
          ],
          "team_id": "text",
          "dynamics_erp_environments": [
            "text"
          ],
          "authentication_type": 1,
          "account_id": "text",
          "tenant_id": "text",
          "client_id": "text",
          "services": [
            1
          ],
          "sql_server_database_allow_list": [
            "text"
          ],
          "sql_server_database_deny_list": [
            "text"
          ],
          "sql_server_schema_allow_list": [
            "text"
          ],
          "sql_server_schema_deny_list": [
            "text"
          ],
          "sql_server_gather_system_databases": true,
          "gather_postgresql_system_schemas": true,
          "postgresql_username": "text",
          "postgresql_password": "text",
          "postgresql_database_allow_list": [
            "text"
          ],
          "postgresql_database_deny_list": [
            "text"
          ],
          "postgresql_schema_allow_list": [
            "text"
          ],
          "postgresql_schema_deny_list": [
            "text"
          ],
          "databricks_cloud_config": {
            "account_id": "text",
            "tag_name_collector_cluster": "text"
          },
          "sharepoint_site_allow_list": [
            "text"
          ],
          "sharepoint_site_deny_list": [
            "text"
          ],
          "rbac_id": "text",
          "skip_mailbox_folders": true,
          "identity_mapping_configuration": {
            "mappings": [
              {
                "destination_datasource_type": "text",
                "destination_datasource_oaa_app_type": "text",
                "type": 1,
                "mode": 1,
                "transformations": [
                  1
                ],
                "custom_value": "text",
                "property_matchers": [
                  {
                    "source_property": 1,
                    "destination_property": 1,
                    "custom_source_property": "text",
                    "custom_destination_property": "text"
                  }
                ],
                "id_matchers": [
                  {
                    "source_id": "text",
                    "destination_id": "text"
                  }
                ],
                "destination_datasources": [
                  {
                    "type": "text",
                    "oaa_app_type": "text"
                  }
                ],
                "property_match_operator": 1
              }
            ],
            "use_email": true
          },
          "user_custom_properties": [
            {
              "name": "text",
              "type": 1,
              "lcm_unique_identifier": true
            }
          ],
          "provisioning": true,
          "lifecycle_management_state": 1,
          "secret_references": [
            {
              "id": "text",
              "secret_id": "text",
              "secret_mapping": {
                "type": 1,
                "mapping": "text"
              },
              "vault_id": "text",
              "vault": {
                "id": "text",
                "name": "text",
                "vault_provider": "text",
                "insight_point_id": "text",
                "deleted": true
              }
            }
          ],
          "sharepoint_provisioning": true,
          "user_extra_properties": [
            {
              "name": "text",
              "type": 1,
              "lcm_unique_identifier": true
            }
          ],
          "gather_group_extra_info": true,
          "gather_group_owner_details": true,
          "log_analytics_workspace_id": "text",
          "separate_group_app_role_assignment_pagination": true,
          "subscription_id_allow_list": [
            "text"
          ],
          "subscription_id_deny_list": [
            "text"
          ],
          "storage_account_name_allow_list": [
            "text"
          ],
          "storage_account_name_deny_list": [
            "text"
          ],
          "blob_container_name_allow_list": [
            "text"
          ],
          "blob_container_name_deny_list": [
            "text"
          ],
          "m365_agents_refresh_token": "text"
        }
      ]
    }
    POST /api/v1/providers/azure HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 2332
    
    {
      "name": "text",
      "tenant_id": "text",
      "client_id": "text",
      "client_secret": "text",
      "data_plane_id": "text",
      "auth_certificate": "text",
      "auth_certificate_password": "text",
      "services": [
        1
      ],
      "gather_guest_users": true,
      "gather_disabled_users": true,
      "domains": [
        "text"
      ],
      "gather_personal_sites": true,
      "government_cloud": 1,
      "extract_pim_eligibility": true,
      "dynamics365_environments": [
        "text"
      ],
      "dynamics_erp_environments": [
        "text"
      ],
      "authentication_type": 1,
      "sql_server_database_allow_list": [
        "text"
      ],
      "sql_server_database_deny_list": [
        "text"
      ],
      "sql_server_schema_allow_list": [
        "text"
      ],
      "sql_server_schema_deny_list": [
        "text"
      ],
      "sql_server_gather_system_databases": true,
      "postgresql_username": "text",
      "postgresql_password": "text",
      "postgresql_database_allow_list": [
        "text"
      ],
      "postgresql_database_deny_list": [
        "text"
      ],
      "postgresql_schema_allow_list": [
        "text"
      ],
      "postgresql_schema_deny_list": [
        "text"
      ],
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "sharepoint_site_allow_list": [
        "text"
      ],
      "sharepoint_site_deny_list": [
        "text"
      ],
      "gather_postgresql_system_schemas": true,
      "skip_mailbox_folders": true,
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ],
            "property_match_operator": 1
          }
        ],
        "use_email": true
      },
      "user_custom_properties": [
        {
          "name": "text",
          "type": 1,
          "lcm_unique_identifier": true
        }
      ],
      "provisioning": true,
      "secret_references": [
        {
          "secret_id": "text",
          "secret_mapping": {
            "type": 1,
            "mapping": "text"
          },
          "vault_id": "text"
        }
      ],
      "sharepoint_provisioning": true,
      "user_extra_properties": [
        {
          "name": "text",
          "type": 1,
          "lcm_unique_identifier": true
        }
      ],
      "gather_group_extra_info": true,
      "gather_group_owner_details": true,
      "log_analytics_workspace_id": "text",
      "separate_group_app_role_assignment_pagination": true,
      "subscription_id_allow_list": [
        "text"
      ],
      "subscription_id_deny_list": [
        "text"
      ],
      "storage_account_name_allow_list": [
        "text"
      ],
      "storage_account_name_deny_list": [
        "text"
      ],
      "blob_container_name_allow_list": [
        "text"
      ],
      "blob_container_name_deny_list": [
        "text"
      ],
      "m365_agents_refresh_token": "text"
    }
    GET /api/v1/providers/azure/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "gather_guest_users": true,
        "gather_disabled_users": true,
        "domains": [
          "text"
        ],
        "gather_personal_sites": true,
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "government_cloud": 1,
        "extract_pim_eligibility": true,
        "dynamics365_environments": [
          "text"
        ],
        "team_id": "text",
        "dynamics_erp_environments": [
          "text"
        ],
        "authentication_type": 1,
        "account_id": "text",
        "tenant_id": "text",
        "client_id": "text",
        "services": [
          1
        ],
        "sql_server_database_allow_list": [
          "text"
        ],
        "sql_server_database_deny_list": [
          "text"
        ],
        "sql_server_schema_allow_list": [
          "text"
        ],
        "sql_server_schema_deny_list": [
          "text"
        ],
        "sql_server_gather_system_databases": true,
        "gather_postgresql_system_schemas": true,
        "postgresql_username": "text",
        "postgresql_password": "text",
        "postgresql_database_allow_list": [
          "text"
        ],
        "postgresql_database_deny_list": [
          "text"
        ],
        "postgresql_schema_allow_list": [
          "text"
        ],
        "postgresql_schema_deny_list": [
          "text"
        ],
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "sharepoint_site_allow_list": [
          "text"
        ],
        "sharepoint_site_deny_list": [
          "text"
        ],
        "rbac_id": "text",
        "skip_mailbox_folders": true,
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        },
        "user_custom_properties": [
          {
            "name": "text",
            "type": 1,
            "lcm_unique_identifier": true
          }
        ],
        "provisioning": true,
        "lifecycle_management_state": 1,
        "secret_references": [
          {
            "id": "text",
            "secret_id": "text",
            "secret_mapping": {
              "type": 1,
              "mapping": "text"
            },
            "vault_id": "text",
            "vault": {
              "id": "text",
              "name": "text",
              "vault_provider": "text",
              "insight_point_id": "text",
              "deleted": true
            }
          }
        ],
        "sharepoint_provisioning": true,
        "user_extra_properties": [
          {
            "name": "text",
            "type": 1,
            "lcm_unique_identifier": true
          }
        ],
        "gather_group_extra_info": true,
        "gather_group_owner_details": true,
        "log_analytics_workspace_id": "text",
        "separate_group_app_role_assignment_pagination": true,
        "subscription_id_allow_list": [
          "text"
        ],
        "subscription_id_deny_list": [
          "text"
        ],
        "storage_account_name_allow_list": [
          "text"
        ],
        "storage_account_name_deny_list": [
          "text"
        ],
        "blob_container_name_allow_list": [
          "text"
        ],
        "blob_container_name_deny_list": [
          "text"
        ],
        "m365_agents_refresh_token": "text"
      }
    }
    PATCH /api/v1/providers/azure/{provider.id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 2330
    
    {
      "id": "text",
      "tenant_id": "text",
      "client_id": "text",
      "client_secret": "text",
      "auth_certificate": "text",
      "auth_certificate_password": "text",
      "services": [
        1
      ],
      "gather_guest_users": true,
      "gather_disabled_users": true,
      "domains": [
        "text"
      ],
      "gather_personal_sites": true,
      "government_cloud": 1,
      "extract_pim_eligibility": true,
      "dynamics365_environments": [
        "text"
      ],
      "dynamics_erp_environments": [
        "text"
      ],
      "authentication_type": 1,
      "sql_server_database_allow_list": [
        "text"
      ],
      "sql_server_database_deny_list": [
        "text"
      ],
      "sql_server_schema_allow_list": [
        "text"
      ],
      "sql_server_schema_deny_list": [
        "text"
      ],
      "sql_server_gather_system_databases": true,
      "postgresql_username": "text",
      "postgresql_password": "text",
      "postgresql_database_allow_list": [
        "text"
      ],
      "postgresql_database_deny_list": [
        "text"
      ],
      "postgresql_schema_allow_list": [
        "text"
      ],
      "postgresql_schema_deny_list": [
        "text"
      ],
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "sharepoint_site_allow_list": [
        "text"
      ],
      "sharepoint_site_deny_list": [
        "text"
      ],
      "gather_postgresql_system_schemas": true,
      "skip_mailbox_folders": true,
      "data_plane_id": "text",
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ],
            "property_match_operator": 1
          }
        ],
        "use_email": true
      },
      "user_custom_properties": [
        {
          "name": "text",
          "type": 1,
          "lcm_unique_identifier": true
        }
      ],
      "provisioning": true,
      "secret_references": [
        {
          "secret_id": "text",
          "secret_mapping": {
            "type": 1,
            "mapping": "text"
          },
          "vault_id": "text"
        }
      ],
      "sharepoint_provisioning": true,
      "user_extra_properties": [
        {
          "name": "text",
          "type": 1,
          "lcm_unique_identifier": true
        }
      ],
      "gather_group_extra_info": true,
      "gather_group_owner_details": true,
      "log_analytics_workspace_id": "text",
      "separate_group_app_role_assignment_pagination": true,
      "subscription_id_allow_list": [
        "text"
      ],
      "subscription_id_deny_list": [
        "text"
      ],
      "storage_account_name_allow_list": [
        "text"
      ],
      "storage_account_name_deny_list": [
        "text"
      ],
      "blob_container_name_allow_list": [
        "text"
      ],
      "blob_container_name_deny_list": [
        "text"
      ],
      "m365_agents_refresh_token": "text"
    }
    DELETE /api/v1/providers/azure/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {}
    GET /api/v1/providers/google_cloud HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "values": [
        {
          "id": "text",
          "vendor_id": "text",
          "name": "text",
          "type": 1,
          "state": 1,
          "data_plane_id": "text",
          "status": 1,
          "team_id": "text",
          "rbac_id": "text",
          "workspace_email": "text",
          "customer_id": "text",
          "services": [
            1
          ],
          "project_allow_list": [
            "text"
          ],
          "project_deny_list": [
            "text"
          ],
          "domain_allow_list": [
            "text"
          ],
          "domain_deny_list": [
            "text"
          ],
          "dataset_allow_list": [
            "text"
          ],
          "dataset_deny_list": [
            "text"
          ],
          "table_allow_list": [
            "text"
          ],
          "table_deny_list": [
            "text"
          ],
          "location_allow_list": [
            "text"
          ],
          "location_deny_list": [
            "text"
          ],
          "databricks_cloud_config": {
            "account_id": "text",
            "tag_name_collector_cluster": "text"
          },
          "provisioning": true,
          "lifecycle_management_state": 1,
          "audit_log": {
            "state": 1,
            "status": 1,
            "cursor": "2026-07-19T12:46:46.939Z",
            "synced_at": "2026-07-19T12:46:46.939Z"
          },
          "identity_mapping_configuration": {
            "mappings": [
              {
                "destination_datasource_type": "text",
                "destination_datasource_oaa_app_type": "text",
                "type": 1,
                "mode": 1,
                "transformations": [
                  1
                ],
                "custom_value": "text",
                "property_matchers": [
                  {
                    "source_property": 1,
                    "destination_property": 1,
                    "custom_source_property": "text",
                    "custom_destination_property": "text"
                  }
                ],
                "id_matchers": [
                  {
                    "source_id": "text",
                    "destination_id": "text"
                  }
                ],
                "destination_datasources": [
                  {
                    "type": "text",
                    "oaa_app_type": "text"
                  }
                ],
                "property_match_operator": 1
              }
            ],
            "use_email": true
          }
        }
      ]
    }
    POST /api/v1/providers/google_cloud HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 1067
    
    {
      "name": "text",
      "credentials_json": "text",
      "data_plane_id": "text",
      "workspace_email": "text",
      "customer_id": "text",
      "project_allow_list": [
        "text"
      ],
      "project_deny_list": [
        "text"
      ],
      "domain_allow_list": [
        "text"
      ],
      "domain_deny_list": [
        "text"
      ],
      "services": [
        1
      ],
      "dataset_allow_list": [
        "text"
      ],
      "dataset_deny_list": [
        "text"
      ],
      "table_allow_list": [
        "text"
      ],
      "table_deny_list": [
        "text"
      ],
      "location_allow_list": [
        "text"
      ],
      "location_deny_list": [
        "text"
      ],
      "oauth_config": "text",
      "oauth_token": "text",
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "provisioning": true,
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ],
            "property_match_operator": 1
          }
        ],
        "use_email": true
      }
    }
    GET /api/v1/providers/google_cloud/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "workspace_email": "text",
        "customer_id": "text",
        "services": [
          1
        ],
        "project_allow_list": [
          "text"
        ],
        "project_deny_list": [
          "text"
        ],
        "domain_allow_list": [
          "text"
        ],
        "domain_deny_list": [
          "text"
        ],
        "dataset_allow_list": [
          "text"
        ],
        "dataset_deny_list": [
          "text"
        ],
        "table_allow_list": [
          "text"
        ],
        "table_deny_list": [
          "text"
        ],
        "location_allow_list": [
          "text"
        ],
        "location_deny_list": [
          "text"
        ],
        "databricks_cloud_config": {
          "account_id": "text",
          "tag_name_collector_cluster": "text"
        },
        "provisioning": true,
        "lifecycle_management_state": 1,
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "identity_mapping_configuration": {
          "mappings": [
            {
              "destination_datasource_type": "text",
              "destination_datasource_oaa_app_type": "text",
              "type": 1,
              "mode": 1,
              "transformations": [
                1
              ],
              "custom_value": "text",
              "property_matchers": [
                {
                  "source_property": 1,
                  "destination_property": 1,
                  "custom_source_property": "text",
                  "custom_destination_property": "text"
                }
              ],
              "id_matchers": [
                {
                  "source_id": "text",
                  "destination_id": "text"
                }
              ],
              "destination_datasources": [
                {
                  "type": "text",
                  "oaa_app_type": "text"
                }
              ],
              "property_match_operator": 1
            }
          ],
          "use_email": true
        }
      }
    }
    PATCH /api/v1/providers/google_cloud/{provider.id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 1065
    
    {
      "id": "text",
      "credentials_json": "text",
      "workspace_email": "text",
      "customer_id": "text",
      "project_allow_list": [
        "text"
      ],
      "project_deny_list": [
        "text"
      ],
      "domain_allow_list": [
        "text"
      ],
      "domain_deny_list": [
        "text"
      ],
      "services": [
        1
      ],
      "data_plane_id": "text",
      "dataset_allow_list": [
        "text"
      ],
      "dataset_deny_list": [
        "text"
      ],
      "table_allow_list": [
        "text"
      ],
      "table_deny_list": [
        "text"
      ],
      "location_allow_list": [
        "text"
      ],
      "location_deny_list": [
        "text"
      ],
      "oauth_config": "text",
      "oauth_token": "text",
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "provisioning": true,
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ],
            "property_match_operator": 1
          }
        ],
        "use_email": true
      }
    }
    DELETE /api/v1/providers/google_cloud/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {}
    GET /api/v1/providers/snowflake HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "values": [
        {
          "id": "text",
          "vendor_id": "text",
          "name": "text",
          "type": 1,
          "state": 1,
          "data_plane_id": "text",
          "status": 1,
          "team_id": "text",
          "rbac_id": "text",
          "account_locator": "text",
          "region": "text",
          "cloud": "text",
          "user": "text",
          "role": "text",
          "warehouse": "text",
          "database_allow_list": [
            "text"
          ],
          "database_deny_list": [
            "text"
          ],
          "audit_log": {
            "state": 1,
            "status": 1,
            "cursor": "2026-07-19T12:46:46.939Z",
            "synced_at": "2026-07-19T12:46:46.939Z"
          },
          "alternative_database_name": "text",
          "authentication_method": 1,
          "extract_tags": true,
          "provisioning": true,
          "lifecycle_management_state": 1,
          "export_database": "text",
          "export_schema": "text",
          "export_user": "text",
          "export_role": "text",
          "export_authentication_method": 1,
          "organization_account": true,
          "connection_type": 1,
          "account_name": "text",
          "org_name": "text",
          "private_link": true,
          "alternative_account_usage_schema_name": "text",
          "gather_masking_policies": true,
          "gather_row_access_policies": true,
          "gather_network_policies": true,
          "gather_projection_policies": true,
          "gather_password_policies": true,
          "gather_login_source_ip": true,
          "external_oauth_aws_region": "text",
          "external_oauth_ida_provider_uri": "text",
          "external_oauth_ida_resource_uri": "text",
          "external_oauth_c2c_audience_uri": "text",
          "account_allow_list": [
            "text"
          ],
          "account_deny_list": [
            "text"
          ]
        }
      ]
    }
    POST /api/v1/providers/snowflake HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 1149
    
    {
      "name": "text",
      "account_locator": "text",
      "region": "text",
      "cloud": "text",
      "user": "text",
      "password": "text",
      "role": "text",
      "warehouse": "text",
      "data_plane_id": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "alternative_database_name": "text",
      "authentication_method": 1,
      "private_key": "text",
      "private_key_password": "text",
      "extract_tags": true,
      "export_database": "text",
      "export_schema": "text",
      "export_user": "text",
      "export_role": "text",
      "export_authentication_method": 1,
      "export_private_key": "text",
      "export_private_key_password": "text",
      "export_password": "text",
      "provisioning": true,
      "connection_type": 1,
      "account_name": "text",
      "org_name": "text",
      "private_link": true,
      "alternative_account_usage_schema_name": "text",
      "gather_masking_policies": true,
      "gather_row_access_policies": true,
      "gather_network_policies": true,
      "gather_projection_policies": true,
      "organization_account": true,
      "gather_password_policies": true,
      "gather_login_source_ip": true,
      "external_oauth_aws_region": "text",
      "external_oauth_ida_provider_uri": "text",
      "external_oauth_ida_resource_uri": "text",
      "external_oauth_c2c_audience_uri": "text",
      "account_allow_list": [
        "text"
      ],
      "account_deny_list": [
        "text"
      ]
    }
    GET /api/v1/providers/snowflake/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "account_locator": "text",
        "region": "text",
        "cloud": "text",
        "user": "text",
        "role": "text",
        "warehouse": "text",
        "database_allow_list": [
          "text"
        ],
        "database_deny_list": [
          "text"
        ],
        "audit_log": {
          "state": 1,
          "status": 1,
          "cursor": "2026-07-19T12:46:46.939Z",
          "synced_at": "2026-07-19T12:46:46.939Z"
        },
        "alternative_database_name": "text",
        "authentication_method": 1,
        "extract_tags": true,
        "provisioning": true,
        "lifecycle_management_state": 1,
        "export_database": "text",
        "export_schema": "text",
        "export_user": "text",
        "export_role": "text",
        "export_authentication_method": 1,
        "organization_account": true,
        "connection_type": 1,
        "account_name": "text",
        "org_name": "text",
        "private_link": true,
        "alternative_account_usage_schema_name": "text",
        "gather_masking_policies": true,
        "gather_row_access_policies": true,
        "gather_network_policies": true,
        "gather_projection_policies": true,
        "gather_password_policies": true,
        "gather_login_source_ip": true,
        "external_oauth_aws_region": "text",
        "external_oauth_ida_provider_uri": "text",
        "external_oauth_ida_resource_uri": "text",
        "external_oauth_c2c_audience_uri": "text",
        "account_allow_list": [
          "text"
        ],
        "account_deny_list": [
          "text"
        ]
      }
    }
    PATCH /api/v1/providers/snowflake/{provider.id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 1147
    
    {
      "id": "text",
      "account_locator": "text",
      "region": "text",
      "cloud": "text",
      "user": "text",
      "password": "text",
      "role": "text",
      "warehouse": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "alternative_database_name": "text",
      "authentication_method": 1,
      "private_key": "text",
      "private_key_password": "text",
      "extract_tags": true,
      "data_plane_id": "text",
      "export_database": "text",
      "export_schema": "text",
      "export_user": "text",
      "export_role": "text",
      "export_authentication_method": 1,
      "export_private_key": "text",
      "export_private_key_password": "text",
      "export_password": "text",
      "gather_masking_policies": true,
      "gather_row_access_policies": true,
      "gather_projection_policies": true,
      "organization_account": true,
      "gather_password_policies": true,
      "gather_login_source_ip": true,
      "provisioning": true,
      "connection_type": 1,
      "account_name": "text",
      "org_name": "text",
      "private_link": true,
      "alternative_account_usage_schema_name": "text",
      "gather_network_policies": true,
      "external_oauth_aws_region": "text",
      "external_oauth_ida_provider_uri": "text",
      "external_oauth_ida_resource_uri": "text",
      "external_oauth_c2c_audience_uri": "text",
      "account_allow_list": [
        "text"
      ],
      "account_deny_list": [
        "text"
      ]
    }
    DELETE /api/v1/providers/snowflake/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {}
    GET /api/v1/providers/sqlserver HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "values": [
        {
          "id": "text",
          "vendor_id": "text",
          "name": "text",
          "type": 1,
          "state": 1,
          "data_plane_id": "text",
          "status": 1,
          "team_id": "text",
          "rbac_id": "text",
          "host": "text",
          "port": 1,
          "username": "text",
          "database_allow_list": [
            "text"
          ],
          "database_deny_list": [
            "text"
          ],
          "schema_allow_list": [
            "text"
          ],
          "schema_deny_list": [
            "text"
          ],
          "gather_system_databases": true,
          "instance_name": "text",
          "use_tls_connector": true,
          "use_legacy_tls_ciphers": true
        }
      ]
    }
    POST /api/v1/providers/sqlserver HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 324
    
    {
      "name": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "password": "text",
      "data_plane_id": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "gather_system_databases": true,
      "instance_name": "text",
      "use_tls_connector": true,
      "use_legacy_tls_ciphers": true
    }
    GET /api/v1/providers/sqlserver/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "rbac_id": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "gather_system_databases": true,
      "instance_name": "text",
      "use_tls_connector": true,
      "use_legacy_tls_ciphers": true
    }
    PATCH /api/v1/providers/sqlserver/{provider.id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 322
    
    {
      "id": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "password": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "gather_system_databases": true,
      "instance_name": "text",
      "use_tls_connector": true,
      "use_legacy_tls_ciphers": true,
      "data_plane_id": "text"
    }
    DELETE /api/v1/providers/sqlserver/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {}
    GET /api/v1/providers/trino HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "values": [
        {
          "id": "text",
          "vendor_id": "text",
          "name": "text",
          "type": 1,
          "state": 1,
          "data_plane_id": "text",
          "status": 1,
          "team_id": "text",
          "rbac_id": "text",
          "host": "text",
          "port": 1,
          "username": "text",
          "aws_s3_object_config": {
            "access_key": "text",
            "region": "text",
            "bucket": "text",
            "object": "text",
            "credentials_type": 1,
            "assume_role_name": "text",
            "account_id": "text"
          },
          "ssl_certificate": "text",
          "catalog_allow_list": [
            "text"
          ],
          "catalog_deny_list": [
            "text"
          ],
          "schema_allow_list": [
            "text"
          ],
          "schema_deny_list": [
            "text"
          ],
          "table_allow_list": [
            "text"
          ],
          "table_deny_list": [
            "text"
          ]
        }
      ]
    }
    POST /api/v1/providers/trino HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 506
    
    {
      "name": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "password": "text",
      "data_plane_id": "text",
      "aws_s3_object_config": {
        "access_key": "text",
        "secret_key": "text",
        "region": "text",
        "bucket": "text",
        "object": "text",
        "credentials_type": 1,
        "assume_role_name": "text",
        "assume_role_external_id": "text",
        "account_id": "text"
      },
      "ssl_certificate": "text",
      "catalog_allow_list": [
        "text"
      ],
      "catalog_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "table_allow_list": [
        "text"
      ],
      "table_deny_list": [
        "text"
      ]
    }
    GET /api/v1/providers/trino/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {
      "value": {
        "id": "text",
        "vendor_id": "text",
        "name": "text",
        "type": 1,
        "state": 1,
        "data_plane_id": "text",
        "status": 1,
        "team_id": "text",
        "rbac_id": "text",
        "host": "text",
        "port": 1,
        "username": "text",
        "aws_s3_object_config": {
          "access_key": "text",
          "region": "text",
          "bucket": "text",
          "object": "text",
          "credentials_type": 1,
          "assume_role_name": "text",
          "account_id": "text"
        },
        "ssl_certificate": "text",
        "catalog_allow_list": [
          "text"
        ],
        "catalog_deny_list": [
          "text"
        ],
        "schema_allow_list": [
          "text"
        ],
        "schema_deny_list": [
          "text"
        ],
        "table_allow_list": [
          "text"
        ],
        "table_deny_list": [
          "text"
        ]
      }
    }
    PATCH /api/v1/providers/trino/{provider.id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Content-Type: application/json
    Accept: */*
    Content-Length: 504
    
    {
      "id": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "password": "text",
      "aws_s3_object_config": {
        "access_key": "text",
        "secret_key": "text",
        "region": "text",
        "bucket": "text",
        "object": "text",
        "credentials_type": 1,
        "assume_role_name": "text",
        "assume_role_external_id": "text",
        "account_id": "text"
      },
      "ssl_certificate": "text",
      "catalog_allow_list": [
        "text"
      ],
      "catalog_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "table_allow_list": [
        "text"
      ],
      "table_deny_list": [
        "text"
      ],
      "data_plane_id": "text"
    }
    DELETE /api/v1/providers/trino/{id} HTTP/1.1
    Host: your-tenant.vezacloud.com
    Authorization: Bearer YOUR_SECRET_TOKEN
    Accept: */*
    
    {}

    Identity Providers

    API endpoints for configuring Okta and OneLogin

    You can manage Veza Identity Provider integrations using the management API and a Veza admin API key.

    AzureAD and Google Workspace identities are discovered by adding the associated Google Cloud account or Azure tenant as a .

    • providers/activedirectory

      • List Active Directory Providers

    See the configuration guide for the prerequisite steps to integrate with Veza. An AD configuration has the following parameters:

    List Active Directory Providers

    The response will include all existing configurations, in the format:

    Create Active Directory Provider

    Get Active Directory Provider

    Delete Active Directory Provider

    Update Active Directory Provider

    An Okta configuration includes connection information and credentials, as well as any limits on apps and domains to extract:

    See the integration guide for more details on retrieving an Okta API token and registering your domain with Veza.

    List Okta Providers

    GET {{vezaURL}}/api/v1/providers/okta

    Get the configuration and status for all configured Okta integrations.

    * indicates a required field.

    Create Okta Provider

    POST {{vezaURL}}/api/v1/providers/okta

    Submit a new Okta provider configuration.

    * indicates a required field.

    Name
    Type
    Description

    Get Okta Provider

    GET {{vezaURL}}/api/v1/providers/okta/{id}

    Get an individual Okta provider configuration.

    * indicates a required field.

    Name
    Type
    Description

    Delete Okta Provider

    DELETE {{vezaURL}}/api/v1/providers/okta/{id}

    Delete an Okta provider, removing all associated entities from Veza.

    * indicates a required field.

    Name
    Type
    Description

    Update Okta Provider

    PATCH {{vezaURL}}/api/v1/providers/okta/{id}

    Update an existing provider configuration with new properties.

    * indicates a required field.

    Name
    Type
    Description
    Name
    Type
    Description
    Name
    Type
    Description

    A OneLogin configuration includes the domain, region, and credentials to use for the connection:

    See for steps to generate credentials for Veza-OneLogin API access.

    List OneLogin Providers

    GET {{vezaURL}}/api/v1/providers/onelogin

    Gets all configured OneLogin providers.

    * indicates a required field.

    Create OneLogin Provider

    POST {{vezaURL}}/api/v1/providers/onelogin

    Submit a new OneLogin provider configuration. See

    for more information about enabling Veza access to OneLogin metadata.

    * indicates a required field.

    Name
    Type
    Description

    Get OneLogin Provider

    GET {{vezaURL}}/api/v1/providers/onelogin/{id}

    Return the status and configuration for a single OneLogin provider configuration.

    * indicates a required field.

    Name
    Type
    Description

    Delete OneLogin Provider

    DELETE {{vezaURL}}/api/v1/providers/onelogin/{id}

    Delete a OneLogin configuration and its discovered entities.

    * indicates a required field.

    Name
    Type
    Description

    Update OneLogin Provider

    PATCH {{VezaURL}}/api/v1/providers/onelogin/{id}

    Update a OneLogin provider configuration. You can provide field mask paths to only update specific fields.

    * indicates a required field.

    Name
    Type
    Description
    Name
    Type
    Description
    Name
    Type
    Description
    Get Okta Provider
  • Delete Okta Provider

  • Update OneLogin Provider

  • Get OneLogin Provider
  • Delete OneLogin Provider

  • Update OneLogin Provider

  • region*

    string

    The Okta region

    us

    data_plane_id

    string

    Provide if connecting via an Insight Point

    token*

    string

    Okta API token

    gather_all_applications

    boolean

    Whether to extract all apps or only selected

    domain_allow_list

    string list

    Domains to explicitly allow

    domain_deny_list

    string list

    Domains to exclude from discovery

    app_allow_list

    string list

    Apps to explicitly allow

    app_deny_list

    string list

    Apps to exclude from discovery

    token

    string

    region*

    string

    The region of the Onelogin instance, e.g.

    us

    client_id*

    string

    Client ID for the OneLogin key pair

    client_secret*

    string

    Client Secret for the OneLogin ID pair

    data_plane_id

    string

    Insight Point ID to use for the connection

    region*

    string

    client_id*

    string

    client_secret*

    string

    data_plane_id

    string

    name*

    string

    Name for the Okta Provider

    domain*

    string

    Okta domain

    id*

    string

    The Okta provider configuration ID

    id

    string

    ID of the configuration to delete

    {id}*

    string

    The Okta provider configuration ID

    update_mask.paths

    array[string]

    the set of field mask paths

    domain

    string

    region

    string

    name*

    string

    The name to show in Veza

    domain*

    string

    Your company's OneLogin domain

    id*

    string

    OneLogin provider ID

    id*

    string

    The OneLogin configuration to delete

    {id}*

    string

    ID of the OneLogin configuration to update

    update_mask.paths

    array[string]

    The set of field mask paths

    name*

    string

    domain*

    string

    providers/activedirectory

    providers/okta

    List Okta Providers

    Create Okta Provider

    Request Body

    Get Okta Provider

    Path Parameters

    Delete Okta Provider

    Path Parameters

    Update Okta Provider

    Path Parameters

    Query Parameters

    Request Body

    providers/onelogin

    List OneLogin Providers

    Create OneLogin Provider

    Path Parameters

    Get OneLogin Provider

    Path Parameters

    Delete Onelogin Provider

    Path Parameters

    Update OneLogin Provider

    Path Parameters

    Query Parameters

    Request Body

    Create Active Directory Provider:
    Get Active Directory Provider
    Delete Active Directory Provider
    Update Active Directory Provider
    providers/okta
    List Okta Providers
    Create Okta Provider
    providers/onelogin
    List OneLogin Providers
    Create OneLogin Provider
    Active Directory
    Okta
    connecting to OneLogin
    OneLogin
    cloud provider
    {
      "ad_fqdn": "FQDN.NAME.ON.CERT",
      "name": "Test-AD",
      "host": "FQDN.FOR.DOMAIN.CONTROLLER",
      "port": 636,
      "ldaps_certificate": "Base64 Encoded String of PEM format",
      "username": "ADMIN",
      "password": "PASSWORD",
      "domains": ["FQDN.OF.DOMAIN"],
      "data_plane_id": "DATAPLAN_ID"
    }
    curl --location --request GET '/api/v1/providers/activedirectory' \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer TOKEN'
    {
        "values": [
            {
                "id": "interation-GUID",
                "vendor_id": "domain.controller.FQDN",
                "name": "ad_cct01",
                "type": "ACTIVE_DIRECTORY",
                "state": "ENABLED",
                "data_plane_id": "insight-point-GUID",
                "status": "SUCCESS",
                "host": "domain.controller.FQDN",
                "port": 636,
                "username": "read.only",
                "domains": [
                    "corp.cookie.ai"
                ],
                "ad_fqdn": "cct01-ad-01.corp.cookie.ai",
                "identity_mapping_configuration": null
            }
        ]
    }
    curl --location --request POST '/api/v1/providers/activedirectory' \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer TOKEN' \
    --header 'Content-Type: application/json' \
    --data-raw '{
      "ad_fqdn": "FQDN.NAME.ON.CERT",
      "name": "Test-AD",
      "host": "FQDN.FOR.DOMAIN.CONTROLLER",
      "port": 636,
      "ldaps_certificate": "Base64 Encoded String of PEM format",
      "username": "ADMIN",
      "password": "PASSWORD",
      "domains": ["FQDN.OF.DOMAIN"],
      "data_plane_id": "DATAPLAN_ID"
    }'
    curl --location --request POST '/api/v1/providers/activedirectory' \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer TOKEN' \
    --header 'Content-Type: application/json' \
    --data-raw '{
      "ad_fqdn": "FQDN.NAME.ON.CERT",
      "name": "Test-AD",
      "host": "FQDN.FOR.DOMAIN.CONTROLLER",
      "port": 636,
      "ldaps_certificate": "Base64 Encoded String of PEM format",
      "username": "ADMIN",
      "password": "PASSWORD",
      "domains": ["FQDN.OF.DOMAIN"],
      "data_plane_id": "DATAPLAN_ID"
    }'
    curl --location --request DELETE '/api/v1/providers/activedirectory/{{provider_id}}' \
    --header 'Authorization: Bearer TOKEN'
    curl --location --request PATCH '/api/v1/providers/azure/{{provider_id}}' \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer TOKEN' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "port": 636
    }'
    {
      "id": "string",
      "domain": "string",
      "region": "string",
      "token": "string",
      "gather_all_applications": true,
      "domain_allow_list": [
        "string"
      ],
      "domain_deny_list": [
        "string"
      ],
      "app_allow_list": [
        "string"
      ],
      "app_deny_list": [
        "string"
      ]
    }
    {
      "values": [
        {
          "id": "string",
          "vendor_id": "string",
          "name": "string",
          "type": "UNKNOWN_PROVIDER",
          "state": "STARTED",
          "data_plane_id": "string",
          "status": "PENDING",
          "domain": "string"
        }
      ]
    }
    {
      "values": [
        {
          "id": "string",
          "vendor_id": "string",
          "name": "string",
          "type": "UNKNOWN_PROVIDER",
          "state": "STARTED",
          "data_plane_id": "string",
          "status": "PENDING",
          "domain": "string"
        }
      ]
    }
    {
      "value": {
        "id": "string",
        "vendor_id": "string",
        "name": "string",
        "type": "UNKNOWN_PROVIDER",
        "state": "STARTED",
        "data_plane_id": "string",
        "status": "PENDING",
        "domain": "string"
      }
    }
    {}
    {
      "value": {
        "id": "string",
        "vendor_id": "string",
        "name": "string",
        "type": "UNKNOWN_PROVIDER",
        "state": "STARTED",
        "data_plane_id": "string",
        "status": "PENDING",
        "domain": "string"
      }
    }
    {
      "name": "string",
      "domain": "string",
      "region": "string",
      "client_id": "string",
      "client_secret": "string",
      "data_plane_id": "string"
    }
    {
      "values": [
        {
          "id": "string",
          "vendor_id": "string",
          "name": "string",
          "type": "UNKNOWN_PROVIDER",
          "state": "STARTED",
          "data_plane_id": "string",
          "status": "PENDING",
          "domain": "string",
          "region": "string",
          "client_id": "string"
        }
      ]
    }
    {
      "value": {
        "id": "string",
        "vendor_id": "string",
        "name": "string",
        "type": "UNKNOWN_PROVIDER",
        "state": "STARTED",
        "data_plane_id": "string",
        "status": "PENDING",
        "domain": "string",
        "region": "string",
        "client_id": "string"
      }
    }
    {
      "value": {
        "id": "string",
        "vendor_id": "string",
        "name": "string",
        "type": "UNKNOWN_PROVIDER",
        "state": "STARTED",
        "data_plane_id": "string",
        "status": "PENDING",
        "domain": "string",
        "region": "string",
        "client_id": "string"
      }
    }
    {}
    {
      "values": [
        {
          "id": "string",
          "vendor_id": "string",
          "name": "string",
          "type": "UNKNOWN_PROVIDER",
          "state": "STARTED",
          "data_plane_id": "string",
          "status": "PENDING",
          "domain": "string",
          "region": "string",
          "client_id": "string"
        }
      ]
    }