Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Update the labels assigned to an access profile
PATCH /api/private/lifecycle_management/access_profiles/{id}Updates the labels assigned to a specific access profile. Labels help categorize and organize access profiles for easier management and filtering.
Common label usage patterns:
Categorization (e.g., "development", "production", "sensitive")
Request workflow (e.g., "requestable", "auto-approved")
Business function (e.g., "finance", "engineering", "sales")
id
string
Required
Unique identifier of the access profile
labels
array
Required
Array of label strings to assign to the access profile
curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/3a2371b6-95ec-4d9e-b95c-d75d51daa39b" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"labels": ["requestable", "salesforce", "development"]
}'{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Salesforce Developer",
"state": 1,
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"current_version": 1,
"integrations": ["SALESFORCE"],
"provider_ids": ["sf-dev-org-12345"],
"labels": ["requestable", "salesforce", "development"],
"created_at": "2024-07-15T16:20:15.123456789Z",
"updated_at": "2024-07-15T16:35:22.456789123Z"
}
}Programmatic identity lifecycle management for access profiles, policies, and provisioning workflows
Veza's Lifecycle Management APIs enable programmatic management of identity lifecycle processes for your organization. Use these APIs to automate provisioning, access changes, and deprovisioning through Access Profiles and Policy-based workflows.
The Lifecycle Management APIs help you:
Create and manage Access Profiles that define collections of entitlements
Build Policy workflows with conditional logic based on identity attributes
Automate identity synchronization across systems
Test policy configurations against specific identities
Manage datasources available for lifecycle operations
See the product documentation for information about the basic components of Lifecycle Management, such as Policies, Access Profiles, and available actions for Lifecycle Management Integrations.
These endpoints are available under {{VezaURL}}/api/private/ for private APIs and {{VezaURL}}/api/v1/ for stable APIs. You must use the appropriate prefix when calling the API, for example:
To get started with the Lifecycle Management APIs:
Discover available datasources - Use the to identify which datasources support lifecycle management
Configure authentication - Ensure you have the required API authentication configured (a personal API key for a Veza Root Team Administrator)
Create access profiles - Review the for creating and manage access collections
For conceptual information about Lifecycle Management, see the .
For managing datasources that support lifecycle management capabilities:
- Core datasource management operations
- Discover lifecycle-enabled datasources
Development Status: The Veza Lifecycle Management APIs are in active development and subject to change. These APIs are provided under the /private API collection, and specifications may evolve as capabilities are added or modified.
Retrieve all policies in your Lifecycle Management configuration with filtering options
Retrieve a list of all policies in your Veza Lifecycle Management configuration. This endpoint returns policies across all states (active, inactive, draft) and provides essential metadata for each policy including creation time, last modification, and current state.
Use this endpoint to:
Test configurations - Use the Dry Run capabilities before deploying to production
curl -X GET 'https://your-org.vezacloud.com/api/private/lifecycle_management/policies'Get an overview of all configured policies
Filter policies by state or other criteria
Build policy management interfaces
Audit policy configurations across your organization
GET /api/private/lifecycle_management/policiescurl -X GET "https://your-tenant.vezacloud.com/api/private/lifecycle_management/policies?limit=50&state=active" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"{
"data": [
{
"id": "policy-123e4567-e89b-12d3-a456-426614174000",
"name": "Onboarding Access Policy",
"description": "Automatically provision access for new employees",
"state": "active",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-02-01T14:22:00Z",
"created_by": "[email protected]",
"configuration": {
"conditions": [
{
"type": "user_attribute",
"attribute": "department",
"operator": "equals",
"value": "Engineering"
}
],
"actions": [
{
"type": "grant_access",
"resource": "development-tools",
"access_level": "read_write"
}
]
}
}
],
"pagination": {
"total": 25,
"limit": 50,
"offset": 0,
"has_more": false
}
}Retrieve details for a specific policy by ID
List all integrations available for use with access profiles
View complete policy configuration details
Debug policy execution issues
Audit policy changes and history
Export policy configurations for backup or replication
GET /api/private/lifecycle_management/policies/{policy_id}curl -X GET "https://your-tenant.vezacloud.com/api/private/lifecycle_management/policies/policy-123e4567-e89b-12d3-a456-426614174000?include_history=true" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"{
"data": {
"id": "policy-123e4567-e89b-12d3-a456-426614174000",
"name": "Onboarding Access Policy",
"description": "Automatically provision access for new employees",
"state": "active",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-02-01T14:22:00Z",
"created_by": "[email protected]",
"last_executed": "2024-02-15T09:15:00Z",
"configuration": {
"conditions": [
{
"id": "condition-1",
"type": "user_attribute",
"attribute": "department",
"operator": "equals",
"value": "Engineering",
"created_at": "2024-01-15T10:30:00Z"
}
],
"actions": [
{
"id": "action-1",
"type": "grant_access",
"resource": "development-tools",
"access_level": "read_write",
"created_at": "2024-01-15T10:30:00Z"
}
],
"approval_required": false
},
"execution_history": [
{
"execution_id": "exec-abc123",
"executed_at": "2024-02-15T09:15:00Z",
"status": "success",
"affected_users": 3,
"actions_taken": 5
}
],
"metrics": {
"total_executions": 25,
"successful_executions": 24,
"failed_executions": 1,
"average_execution_time_ms": 1250,
"last_30_days": {
"executions": 12,
"affected_users": 8
}
}
}
}Discover which integration types are supported in your environment
Verify that required integrations are available before creating access profiles
Plan access profile configurations across different systems
GET /api/private/lifecycle_management/access_profiles:available_integrationscurl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles:available_integrations" \
-H "authorization: Bearer $VEZA_TOKEN"{
"integrations": [
"ACTIVE_DIRECTORY",
"AWS",
"AZURE",
"GOOGLE",
"OKTA",
"SALESFORCE",
"WORKDAY"
]
}Create a new policy for identity lifecycle management with conditions and actions
Create a new policy in your Veza Lifecycle Management configuration. Policies define the main object for controlling Lifecycle Management operations and include descriptions. Each policy has multiple versions, one of which is live and up to one of which is in draft mode, with all others being historical.
Use this endpoint to:
Change policy state to control execution behavior (enable, disable, pause)
Change the state of a policy to control its execution behavior. Policy states determine whether the policy actively processes events and executes actions. This endpoint provides a quick way to enable, disable, or pause policy execution without modifying the policy configuration.
Use this endpoint to:
Add a new action to an existing policy's configuration to define automated responses
Create new lifecycle management policies
Define data source connections for identity management
Configure notification settings for policy events
Set up safety limits and retry behavior
name
string
Yes
Human-readable name for the policy
description
string
No
Detailed description of the policy's purpose
state
string
No
Complex Field Details
Event Notification Settings: The event_notification_settings array contains objects that define when and how to send notifications:
event_type
string
The type of event that triggers the notification
notification_settings
object
Configuration for how notifications are sent
Secondary Source of Identity: The secondary_source_of_identities array allows enriching the primary source of identity:
datasource_ids
array[string]
Data sources for the secondary identity source
correlation_attribute_names
object
Key-value pairs mapping primary to secondary attributes
only_enrich_existing
boolean
If true, only enriches existing identities, doesn't create new ones
Identity Attribute Mappings: The identity_attribute_mappings array maps identity attributes to entity attributes:
identity_attribute
string
The identity attribute type (EMAIL, TITLE, EMPLOYEE_ID, DEPARTMENT, MANAGER_IDS)
entity_attribute_name
string
The name of the entity attribute to map to
Safety Limit Settings: The safety_limit_settings object prevents mass changes:
enable_change_limit
boolean
Enable stopping changes when safety limit is reached
enable_predictive_change_limit
boolean
Enable blocking all changes if predicted to exceed limit
max_identities_affected_percentage
float
Maximum percentage of identities that can be affected (0-100)
max_identities_affected_count
integer
Maximum number of identities that can be affected
POST /api/private/lifecycle_management/policiescurl -X POST "https://your-tenant.vezacloud.com/api/private/lifecycle_management/policies" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Employee Onboarding Policy",
"description": "Automated access provisioning for new employees",
"state": "INITIAL",
"datasource_ids": ["549a4b5e-0328-4c87-a19d-ee8a2926d1aa"]
}'{
"value": {
"access_profiles_used": [],
"created_at": "2024-07-15T16:14:05.810837840Z",
"created_by": "eacb938c-431b-4023-93b1-417eb16b9fdf",
"current_version": {
"policy_id": "d5af38e8-df8e-416b-80cc-3aafb6bef594",
"version_number": 1,
"state": "DRAFT",
"config": {
"workflows": [],
"actions": [],
"attribute_common_transformers": []
}
},
"current_version_number": 1,
"datasource_ids": [
"549a4b5e-0328-4c87-a19d-ee8a2926d1aa"
],
"description": "Automated access provisioning for new employees",
"draft_version_number": 0,
"entity_type": "WorkdayWorker",
"event_notification_settings": [],
"id": "d5af38e8-df8e-416b-80cc-3aafb6bef594",
"initial_complete": false,
"name": "Employee Onboarding Policy",
"provider_external_ids": [
"https://wd5-impl-services1.workday.com/veza_preview"
],
"secondary_source_of_identities": [],
"state": "INITIAL",
"updated_at": "2024-07-15T16:14:05.810837840Z"
}
}Activate draft policies for production use
Temporarily disable policies during maintenance
Pause problematic policies for troubleshooting
Archive obsolete policies without deletion
policy_id
string
Yes
Unique identifier of the policy to update
state
string
Yes
New state for the policy: active, inactive, draft
reason
string
No
Optional reason for the state change (for audit trail)
draft
Policy is being developed or tested
Does not execute, can be freely modified
active
Policy is running in production
Actively processes events and executes actions
inactive
Policy is temporarily disabled
Does not execute, but configuration is preserved
PATCH /api/private/lifecycle_management/policies/{policy_id}curl -X PATCH "https://your-tenant.vezacloud.com/api/private/lifecycle_management/policies/policy-123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"state": "active",
"reason": "Policy testing completed, ready for production"
}'{
"data": {
"id": "policy-123e4567-e89b-12d3-a456-426614174000",
"name": "Onboarding Access Policy",
"description": "Automatically provision access for new employees",
"state": "active",
"previous_state": "draft",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-02-15T14:22:00Z",
"created_by": "[email protected]",
"updated_by": "[email protected]",
"state_change_history": [
{
"from_state": "draft",
"to_state": "active",
"changed_at": "2024-02-15T14:22:00Z",
"changed_by": "[email protected]",
"reason": "Policy testing completed, ready for production"
}
]
}
}New actions are immediately active for policies in the active state. Actions execute in the order they were added to the policy.
policy_id
string
Yes
Unique identifier of the policy
version_number
integer
Yes
Version number of the policy version to modify
workflow
string
Yes
Name of the workflow to add the action to
condition
string
Yes
Name of the condition within the workflow to add the action to
action
object
Yes
Action Object Fields
name
string
Yes
Name of the action
description
string
No
Description of the action
type
string
Yes
Actions in Veza Lifecycle Management support various operation types. The config field contains action-specific configuration parameters that vary based on the action type. Common action types include:
SYNC_IDENTITIES - Synchronize identity information
MANAGE_RELATIONSHIPS - Manage identity relationships
CREATE_EMAIL - Send email notifications
DEPROVISION_IDENTITY - Remove or deactivate identities
WRITE_BACK_EMAIL - Write back email information
PAUSE - Pause workflow execution
SEND_NOTIFICATION - Send various types of notifications
CUSTOM_ACTION - Execute custom action logic
CREATE_ACCESS_REVIEW - Initiate access review workflows
Each action type requires specific configuration parameters in the config field.
POST /api/private/lifecycle_management/policies/{policy_id}/versions/{version_number}:add_actionOK
Default error response
OK
Default error response
Retrieve all access profiles with optional filtering and detailed entity information
GET /api/private/lifecycle_management/access_profilesLists all Veza Access Profiles in your organization with support for filtering and optional detailed entity information. You can filter results using SCIM-format filter expressions and request additional entity details to understand the relationships each profile contains.
Veza uses the SCIM filter format including AND/OR logical operations. Examples:
Complex filters can be created using logical operators:
Update entity relationships of a specific access profile version
PATCH /api/private/lifecycle_management/access_profiles/{id}/versions/{version}Updates the details of a specific version of an Access Profile. This endpoint allows you to modify the entity relationships and inheritance configuration of an access profile version.
Note that updates to relationships must be made to the version, not the profile itself. This versioning system allows you to draft changes before publishing them to users.
Entity Object Schema
OK
Default error response
OK
Default error response
The version that is currently live and running
The version that is being edited and in draft form (0 if there is none)
The access request policy that is associated with the access profile
Last time the profile was synced with the target
Sets if this profile is allowed to sync or not, this is only allowed if the type's create_entitlement_based_on_profile is true
The Job IDs for the last time it was synced
The identity that created the access profile
If the sync job failed what is the error message
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"current_version_number": 1,
"draft_version_number": 1,
"used_by_workflow": true,
"integrations": [
"text"
],
"current_version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:07:04.310Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
},
"access_profiles_inherited": [
"text"
],
"access_profiles_inherited_by": [
"text"
],
"inherits_from_other_profiles": true,
"inherited_by_other_profiles": true,
"labels": [
"text"
],
"provider_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"datasource_ids": [
"text"
],
"rbac_id": "text",
"member_details": [
{
"access_profile_id": "text",
"access_profile_name": "text",
"identity_id": "text",
"identity_name": "text",
"created_from": 1,
"workflow": "text"
}
],
"requestable": true,
"require_approval_to_start": true,
"started_at": "2025-08-26T13:07:04.310Z",
"started_by": "text",
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"access_request_policy_id": "text",
"created_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"last_synced_at": "2025-08-26T13:07:04.310Z",
"sync_allowed": true,
"last_sync_job_ids": [
"text"
],
"identity_created_by": "text",
"last_sync_error_message": "text",
"profile_type_rbac_id": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
}PATCH /api/private/lifecycle_management/access_profiles/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 350
{
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"labels": [
"text"
],
"datasource_ids": [
"text"
],
"require_approval_to_start": true,
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"profile_type_rbac_id": "text",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"current_version_number": 1,
"draft_version_number": 1,
"entity_type": "text",
"datasource_ids": [
"text"
],
"access_profiles_used": [
"text"
],
"provider_external_ids": [
"text"
],
"current_version": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
},
"initial_complete": true,
"secondary_source_of_identities": [
{
"entity_type": "text",
"datasource_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"correlation_attribute_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"only_enrich_existing": true
}
],
"sync_only_when_source_changes": true,
"time_before_sync_if_no_source_changes_in_minutes": 1,
"identity_attribute_mappings": [
{
"identity_attribute": 1,
"entity_attribute_name": "text"
}
],
"safety_limit_settings": {
"enable_change_limit": true,
"enable_predictive_change_limit": true,
"max_identities_affected_percentage": 1,
"max_identities_affected_count": "text",
"warning_email_addresses": [
"text"
]
},
"safety_limit_warning": {
"warning_type": 1,
"occurred_at": "2025-08-26T13:07:04.310Z",
"caused_by_extraction_event": {
"id": "text",
"data_source_id": "text",
"provider_id": "text",
"provider_type": "text",
"state": 1,
"provider_external_id": "text",
"agent_type": 1,
"error_message": "text",
"extracted_at": "2025-08-26T13:07:04.310Z",
"policy_id": "text",
"event_type": 1,
"number_of_identities_affected": "text",
"disregard_change_limit": true
},
"identities_changed_count": "text",
"predicted_identities_changed_count": "text"
},
"no_retry_for_failed_workflow": true,
"max_retries_for_failed_workflow": 1,
"event_notification_settings": [
{
"event_type": 1,
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z"
}
],
"next_page_token": "text",
"has_more": true
}GET /api/private/lifecycle_management/policies HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"current_version_number": 1,
"draft_version_number": 1,
"entity_type": "text",
"datasource_ids": [
"text"
],
"access_profiles_used": [
"text"
],
"provider_external_ids": [
"text"
],
"current_version": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
},
"initial_complete": true,
"secondary_source_of_identities": [
{
"entity_type": "text",
"datasource_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"correlation_attribute_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"only_enrich_existing": true
}
],
"sync_only_when_source_changes": true,
"time_before_sync_if_no_source_changes_in_minutes": 1,
"identity_attribute_mappings": [
{
"identity_attribute": 1,
"entity_attribute_name": "text"
}
],
"safety_limit_settings": {
"enable_change_limit": true,
"enable_predictive_change_limit": true,
"max_identities_affected_percentage": 1,
"max_identities_affected_count": "text",
"warning_email_addresses": [
"text"
]
},
"safety_limit_warning": {
"warning_type": 1,
"occurred_at": "2025-08-26T13:07:04.310Z",
"caused_by_extraction_event": {
"id": "text",
"data_source_id": "text",
"provider_id": "text",
"provider_type": "text",
"state": 1,
"provider_external_id": "text",
"agent_type": 1,
"error_message": "text",
"extracted_at": "2025-08-26T13:07:04.310Z",
"policy_id": "text",
"event_type": 1,
"number_of_identities_affected": "text",
"disregard_change_limit": true
},
"identities_changed_count": "text",
"predicted_identities_changed_count": "text"
},
"no_retry_for_failed_workflow": true,
"max_retries_for_failed_workflow": 1,
"event_notification_settings": [
{
"event_type": 1,
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z"
}
}GET /api/private/lifecycle_management/policies/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"{
"integrations": [
"text"
]
}GET /api/private/lifecycle_management/access_profiles:available_integrations HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"profile_type eq "13ddf132-0868-4330-a0a3-41b088f6a4dc"
Exact match on profile type
?filter=profile_type+eq+%2213ddf132-0868-4330-a0a3-41b088f6a4dc%22
List all access profiles:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN"List profiles with detailed entity information:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles?entity_extra_info=true" \
-H "authorization: Bearer $VEZA_TOKEN"Filter by integration type:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles?filter=integrations+co+%22SALESFORCE%22" \
-H "authorization: Bearer $VEZA_TOKEN"Filter by multiple criteria:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles?filter=%28integrations+co+%22SALESFORCE%22+or+integrations+co+%22AWS%22%29+and+profile_type+eq+%22a730b9cd-d600-4fb7-a803-8ab5b697c0b9%22" \
-H "authorization: Bearer $VEZA_TOKEN"Filter by labels:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles?filter=labels+co+%22requestable%22" \
-H "authorization: Bearer $VEZA_TOKEN"Standard list response:
{
"has_more": false,
"next_page_token": "",
"values": [
{
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Developer",
"current_version_number": 1,
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"access_profiles_inherited": [
"software-developers-profile-id"
],
"access_profiles_inherited_by": [],
"created_at": "2024-04-12T15:29:36.709931506Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"current_version": {
"access_profile_id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"created_at": "2024-04-12T15:29:36.711717422Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-datasource-id",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
}
],
"inherit_entities_from_access_profiles": [
"software-developers-profile-id"
],
"state": "PUBLISHED",
"updated_at": "2024-04-12T15:29:36.711717422Z",
"version_number": 1
},
"description": "",
"draft_version_number": 0,
"inherited_by_other_profiles": false,
"inherits_from_other_profiles": true,
"integrations": [
"SALESFORCE"
],
"provider_ids": ["sf-provider-id"],
"provider_external_ids": ["external-sf-id"],
"labels": ["requestable", "development"],
"updated_at": "2024-04-12T15:29:36.743000797Z",
"used_by_workflow": false
}
]
}Response with entity_extra_info=true:
OK
Default error response
filter
string
Optional
SCIM filter expression to filter results
entity_extra_info
boolean
Optional
When true, includes additional entity relationship details with provider names and external IDs
integrations co "SALESFORCE"
Contains SALESFORCE in integrations
?filter=integrations+co+%22SALESFORCE%22
integrations eq "SALESFORCE"
Exact match on SALESFORCE
?filter=integrations+eq+%22SALESFORCE%22
provider_ids co "3cedc292-4014-45e9-b7d9-8cb1695e1454"
Contains provider ID
?filter=provider_ids+co+%223cedc292-4014-45e9-b7d9-8cb1695e1454%22
labels co "requestable"
Contains label
(integrations co "SALESFORCE" or integrations co "AWS") and profile_type eq "13ddf132-0868-4330-a0a3-41b088f6a4dc"curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"?filter=labels+co+%22requestable%22
sync_identity_action
object
Optional
Action to use when creating an identity for this entity
Update direct entity relationships:
curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/3a2371b6-95ec-4d9e-b95c-d75d51daa39b/versions/1" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
},
{
"entity_type": "SalesforcePermissionSet",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
},
{
"entity_type": "SalesforceRole",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1"
}
],
"inherit_entities_from_access_profiles": []
}'Update access profile inheritance:
curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/business-role-id/versions/2" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"entities_to_create_relationships_to": [],
"inherit_entities_from_access_profiles": [
"base-developer-profile-id",
"salesforce-access-profile-id"
]
}'Update both relationships and inheritance:
curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/combined-profile-id/versions/1" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"entities_to_create_relationships_to": [
{
"entity_type": "ActiveDirectoryGroup",
"datasource_id": "ad-datasource-id",
"entity_id": "ad-dev-group-123"
}
],
"inherit_entities_from_access_profiles": [
"base-permissions-profile-id"
]
}'id
string
Required
Unique identifier of the access profile
version
string
Required
Version number of the access profile to update
entities_to_create_relationships_to
array
Optional
Array of entity objects to create direct relationships to
inherit_entities_from_access_profiles
array
Optional
Array of access profile IDs to inherit entities from
entity_type
string
Required
Type of the entity (e.g., "SalesforceGroup", "ActiveDirectoryGroup")
datasource_id
string
Required
ID of the lifecycle manager datasource containing the entity
entity_id
string
Required
{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"version": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
},
{
"entity_type": "SalesforcePermissionSet",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
},
{
"entity_type": "SalesforceRole",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1"
}
],
"inherit_entities_from_access_profiles": [],
"updated_at": "2024-07-15T16:45:30.789123456Z"
}
}Unique identifier of the entity within the datasource
Initial policy state: INITIAL, RUNNING, PAUSED, DRY_RUN, PENDING (default: INITIAL)
datasource_ids
array[string]
Yes
The source of truth data source(s) for this policy (must have one and must be of the same type)
event_notification_settings
array[object]
No
What notifications are to be sent when an event occurs
secondary_source_of_identities
array[object]
No
Allows the ability to enrich the primary source of identity
sync_only_when_source_changes
boolean
No
If true will only sync if the source of identity changes
time_before_sync_if_no_source_changes_in_minutes
integer
No
If sync_only_when_source_changes is true, how quickly (in minutes) to run a check when no changes are detected (default is 1 day 1440)
identity_attribute_mappings
array[object]
No
Mappings between the Identity attributes and the SOI attribute
safety_limit_settings
object
No
Settings that determine when to block changes and send warnings
no_retry_for_failed_workflow
boolean
No
If true will not retry failed workflows
max_retries_for_failed_workflow
integer
No
How many times we will retry a failed workflow (default is 10)
warning_email_addresses
array[string]
Email addresses to notify when safety limits are triggered
The source of truth data source(s) for this policy (must have one and must be of the same type)
If true will only sync if the source of identity changes
If sync_only_when_source_changes is true, how quickly (in minutes) to run a check when no changes are detected (default is 1 day 1440)
Settings that determine when to block changes and send warnings
if true will not retry failed workflows
how many times we will retry a failed workflow (default is 10)
OK
Default error response
The source of truth data source(s) for this policy (must have one and must be of the same type)
If true will only sync if the source of identity changes
If sync_only_when_source_changes is true, how quickly (in minutes) to run a check when no changes are detected (default is 1 day 1440)
Settings that determine when to block changes and send warnings
if true will not retry failed workflows
how many times we will retry a failed workflow (default is 10)
OK
Default error response
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"Action object to add
Action type (see ActionType enum values)
config
object
Yes
Configuration specific to the action type
conditions_on_success
array[object]
No
Conditions to run after successful action execution
action_notification_settings
array[object]
No
Notification settings for this action
state
string
No
Action state: ENABLED, DISABLED
run_once
boolean
No
Whether this action should only run once per identity
OK
Default error response
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"The main object for controlling the policy it includes descriptions Has multiple versions of it if, one of which is live and up to one of which is in draft mode, all others are historical
The version that is currently live and running
The version that is being edited and in draft form (0 if there is none)
The entity type to use for this policy (derived from the data sources passed in)
The source of identity data source(s) for this policy (must have one and must be of the same type)
List of the access profiles that are
List of the providers used by this policy (derived from the data sources passed in)
If true will only sync if the source of identity changes
If sync_only_when_source_changes is true, how quickly (in minutes) to run a check when no changes are detected (default is 1 day 1440)
Settings that determine when to block changes and send warnings
Provides information about the most recent safety limit warning, cleared when an extraction is fully processed
if true will not retry failed workflows
how many times we will retry a failed workflow (default is 10)
OK
Default error response
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"Create and manage automated provisioning policies with conditions and actions for identity lifecycle
Lifecycle Management Policies enable automated identity lifecycle processes through rule-based workflows. These APIs allow you to create, manage, and test policies that govern how identity attributes trigger actions across systems, enabling automated workflows for employee lifecycle events like onboarding, role changes, and offboarding.
These APIs provide ways to:
Create automated provisioning and deprovisioning workflows
Configure conditional logic based on identity attributes
Define actions that execute when workflow conditions are met
Test policy configurations against specific identities without making changes
Manage policy states and versioning for controlled deployments
A Lifecycle Management Policy consists of two main components:
Base Policy - Contains metadata such as name, description, state, and data source information
Policy Configuration - Contains the workflows, conditions, and actions that define how the policy operates
Policies are versioned, allowing for change management and testing of configurations before deployment.
Policies can be in different operational states:
Newly created policy, not yet active. Use this state when first creating policies to configure them before activation.
Policy runs in test mode, showing what would happen without making changes. Essential for testing policy logic before production deployment.
Policy is active and executing actions. Workflows will trigger and perform configured actions when conditions are met.
Policy execution is temporarily stopped. Use this to halt policy operations without losing configuration.
Use the following endpoints to interact with Lifecycle Management Policies:
Policies contain workflows that define:
Trigger Conditions - SCIM filter expressions that determine when the workflow activates
Success Conditions - Additional conditions evaluated when the trigger is met
Actions - Operations executed when conditions are satisfied
Transformers - Optional attribute transformations
All Policy API requests require authentication. See for details on how to authenticate with Veza APIs.
To get started with Policy APIs:
with basic metadata and datasource information
to define workflows, conditions, and actions
to verify the policy works as expected
to activate the policy for production use
For a comprehensive example of policy configuration, see the documentation.
When moving policies between environments (e.g., sandbox to production), you can export and import policy configurations using the API endpoints.
Get the base policy information:
Extract the current policy configuration:
From the response, use the current_version.config object which contains the complete policy logic including workflows, conditions, actions, and transformers.
Create the base policy in the destination environment:
Update the policy configuration with your exported configuration:
When moving policies between environments, you'll need to update:
Access Profile IDs referenced in actions
Datasource IDs that may differ between environments
Test First: Always set the imported policy to DRY_RUN state initially to test in the new environment
Verify IDs: Ensure all referenced Access Profile IDs and datasource IDs exist in the target environment
Update Conditions: Review trigger strings and condition strings for environment-specific values
For more information about Policy concepts and features, see:
Execute a policy dry run against a specific identity to preview actions without performing them
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"current_version_number": 1,
"draft_version_number": 1,
"entity_type": "text",
"datasource_ids": [
"text"
],
"access_profiles_used": [
"text"
],
"provider_external_ids": [
"text"
],
"current_version": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
},
"initial_complete": true,
"secondary_source_of_identities": [
{
"entity_type": "text",
"datasource_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"correlation_attribute_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"only_enrich_existing": true
}
],
"sync_only_when_source_changes": true,
"time_before_sync_if_no_source_changes_in_minutes": 1,
"identity_attribute_mappings": [
{
"identity_attribute": 1,
"entity_attribute_name": "text"
}
],
"safety_limit_settings": {
"enable_change_limit": true,
"enable_predictive_change_limit": true,
"max_identities_affected_percentage": 1,
"max_identities_affected_count": "text",
"warning_email_addresses": [
"text"
]
},
"safety_limit_warning": {
"warning_type": 1,
"occurred_at": "2025-08-26T13:07:04.310Z",
"caused_by_extraction_event": {
"id": "text",
"data_source_id": "text",
"provider_id": "text",
"provider_type": "text",
"state": 1,
"provider_external_id": "text",
"agent_type": 1,
"error_message": "text",
"extracted_at": "2025-08-26T13:07:04.310Z",
"policy_id": "text",
"event_type": 1,
"number_of_identities_affected": "text",
"disregard_change_limit": true
},
"identities_changed_count": "text",
"predicted_identities_changed_count": "text"
},
"no_retry_for_failed_workflow": true,
"max_retries_for_failed_workflow": 1,
"event_notification_settings": [
{
"event_type": 1,
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z"
},
"version": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
}
}{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"current_version_number": 1,
"draft_version_number": 1,
"entity_type": "text",
"datasource_ids": [
"text"
],
"access_profiles_used": [
"text"
],
"provider_external_ids": [
"text"
],
"current_version": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
},
"initial_complete": true,
"secondary_source_of_identities": [
{
"entity_type": "text",
"datasource_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"correlation_attribute_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"only_enrich_existing": true
}
],
"sync_only_when_source_changes": true,
"time_before_sync_if_no_source_changes_in_minutes": 1,
"identity_attribute_mappings": [
{
"identity_attribute": 1,
"entity_attribute_name": "text"
}
],
"safety_limit_settings": {
"enable_change_limit": true,
"enable_predictive_change_limit": true,
"max_identities_affected_percentage": 1,
"max_identities_affected_count": "text",
"warning_email_addresses": [
"text"
]
},
"safety_limit_warning": {
"warning_type": 1,
"occurred_at": "2025-08-26T13:07:04.310Z",
"caused_by_extraction_event": {
"id": "text",
"data_source_id": "text",
"provider_id": "text",
"provider_type": "text",
"state": 1,
"provider_external_id": "text",
"agent_type": 1,
"error_message": "text",
"extracted_at": "2025-08-26T13:07:04.310Z",
"policy_id": "text",
"event_type": 1,
"number_of_identities_affected": "text",
"disregard_change_limit": true
},
"identities_changed_count": "text",
"predicted_identities_changed_count": "text"
},
"no_retry_for_failed_workflow": true,
"max_retries_for_failed_workflow": 1,
"event_notification_settings": [
{
"event_type": 1,
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z"
},
"version": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
}
}POST /api/private/lifecycle_management/policies HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 910
{
"name": "text",
"description": "text",
"state": 1,
"datasource_ids": [
"text"
],
"event_notification_settings": [
{
"event_type": 1,
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"secondary_source_of_identities": [
{
"datasource_ids": [
"text"
],
"correlation_attribute_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"only_enrich_existing": true
}
],
"sync_only_when_source_changes": true,
"time_before_sync_if_no_source_changes_in_minutes": 1,
"identity_attribute_mappings": [
{
"identity_attribute": 1,
"entity_attribute_name": "text"
}
],
"safety_limit_settings": {
"enable_change_limit": true,
"enable_predictive_change_limit": true,
"max_identities_affected_percentage": 1,
"max_identities_affected_count": "text",
"warning_email_addresses": [
"text"
]
},
"no_retry_for_failed_workflow": true,
"max_retries_for_failed_workflow": 1
}POST /api/private/lifecycle_management/policies HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 910
{
"name": "text",
"description": "text",
"state": 1,
"datasource_ids": [
"text"
],
"event_notification_settings": [
{
"event_type": 1,
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"secondary_source_of_identities": [
{
"datasource_ids": [
"text"
],
"correlation_attribute_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"only_enrich_existing": true
}
],
"sync_only_when_source_changes": true,
"time_before_sync_if_no_source_changes_in_minutes": 1,
"identity_attribute_mappings": [
{
"identity_attribute": 1,
"entity_attribute_name": "text"
}
],
"safety_limit_settings": {
"enable_change_limit": true,
"enable_predictive_change_limit": true,
"max_identities_affected_percentage": 1,
"max_identities_affected_count": "text",
"warning_email_addresses": [
"text"
]
},
"no_retry_for_failed_workflow": true,
"max_retries_for_failed_workflow": 1
}{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"current_version_number": 1,
"draft_version_number": 1,
"entity_type": "text",
"datasource_ids": [
"text"
],
"access_profiles_used": [
"text"
],
"provider_external_ids": [
"text"
],
"current_version": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
},
"initial_complete": true,
"secondary_source_of_identities": [
{
"entity_type": "text",
"datasource_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"correlation_attribute_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"only_enrich_existing": true
}
],
"sync_only_when_source_changes": true,
"time_before_sync_if_no_source_changes_in_minutes": 1,
"identity_attribute_mappings": [
{
"identity_attribute": 1,
"entity_attribute_name": "text"
}
],
"safety_limit_settings": {
"enable_change_limit": true,
"enable_predictive_change_limit": true,
"max_identities_affected_percentage": 1,
"max_identities_affected_count": "text",
"warning_email_addresses": [
"text"
]
},
"safety_limit_warning": {
"warning_type": 1,
"occurred_at": "2025-08-26T13:07:04.310Z",
"caused_by_extraction_event": {
"id": "text",
"data_source_id": "text",
"provider_id": "text",
"provider_type": "text",
"state": 1,
"provider_external_id": "text",
"agent_type": 1,
"error_message": "text",
"extracted_at": "2025-08-26T13:07:04.310Z",
"policy_id": "text",
"event_type": 1,
"number_of_identities_affected": "text",
"disregard_change_limit": true
},
"identities_changed_count": "text",
"predicted_identities_changed_count": "text"
},
"no_retry_for_failed_workflow": true,
"max_retries_for_failed_workflow": 1,
"event_notification_settings": [
{
"event_type": 1,
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z"
}
}PATCH /api/private/lifecycle_management/policies/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 910
{
"name": "text",
"description": "text",
"state": 1,
"datasource_ids": [
"text"
],
"secondary_source_of_identities": [
{
"datasource_ids": [
"text"
],
"correlation_attribute_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"only_enrich_existing": true
}
],
"sync_only_when_source_changes": true,
"time_before_sync_if_no_source_changes_in_minutes": 1,
"identity_attribute_mappings": [
{
"identity_attribute": 1,
"entity_attribute_name": "text"
}
],
"safety_limit_settings": {
"enable_change_limit": true,
"enable_predictive_change_limit": true,
"max_identities_affected_percentage": 1,
"max_identities_affected_count": "text",
"warning_email_addresses": [
"text"
]
},
"no_retry_for_failed_workflow": true,
"max_retries_for_failed_workflow": 1,
"event_notification_settings": [
{
"event_type": 1,
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
]
}{
"value": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
}
}POST /api/private/lifecycle_management/policies/{policy_id}/versions/{version_number}:add_action HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 612
{
"policy_id": "text",
"version_number": 1,
"workflow": "text",
"condition": "text",
"action": {
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
}Any environment-specific attribute values or conditions
DRY_RUN → INITIAL → RUNNING to ensure proper testingGET
Retrieves all lifecycle management policies
POST
Creates a new lifecycle management policy
GET
Retrieves a specific policy by ID
PATCH
PATCH
Updates the complete configuration of a policy version
POST
Adds a condition to a specific workflow in a policy
POST
Adds an action to a specific condition in a workflow
POST
Tests policy execution against a specific identity without making changes
GET /api/private/lifecycle_management/policies/{policy_id}POST /api/private/lifecycle_management/policiesPATCH /api/private/lifecycle_management/policies/{new_policy_id}/versions/{version_number}Updates the operational state of a policy
GET /api/private/lifecycle_management/access_profiles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
The version of the access profile that includes how it is configured
List of profiles that this one inherits from
List of identities (via id) that are part of the access profile
The access request policy that is associated with the access profile
This is only available if the profile type is doesn't allow entitlements or inherited profiles This is the datasource to use for this profile in the assign application use case, when the profile is assigned it will create a relationship to the datasource
OK
Default error response
PATCH /api/private/lifecycle_management/access_profiles/{value.access_profile_id}/versions/{value.version_number} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 576
{
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
}
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
}
}Test new policies before activating them
Validate policy changes against specific users
Debug why policies are or aren't executing for certain identities
Demonstrate policy behavior to stakeholders
Ensure policy changes won't have unintended consequences
workflows_matched
Array of workflow names that matched the dry run criteria
job_requests
Array of job request objects that would be created
messages
Array of informational messages about the dry run execution
access_profile_ids
Array of access profile IDs that were found in the dry run
POST /api/private/lifecycle_management/policies/{policy_id}/identities/{identity_id}:dry_runcurl -X POST "https://your-tenant.vezacloud.com/api/private/lifecycle_management/policies/policy-123e4567-e89b-12d3-a456-426614174000/identities/identity-456:dry_run" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"policy_id": "policy-123e4567-e89b-12d3-a456-426614174000",
"id": "identity-456",
"version_number": 2,
"state": "NEW"
}'Add a new condition to an existing policy's configuration with logical operators
POST /api/private/lifecycle_management/policies/{policy_id}/versions/{version_number}:add_condition`Add a new condition to an existing policy's configuration. Conditions determine when a policy should execute by evaluating user attributes, system events, or external triggers. Multiple conditions are combined using logical AND operations.
Use this endpoint to:
Add additional triggering criteria to existing policies
Refine policy targeting without replacing entire configuration
Incrementally build complex policy logic
Add new conditions based on changing business requirements
Condition Object Fields
When using condition_type: CONDITION_STRING, you can use SCIM filter expressions to define complex conditions:
department eq "Engineering" - User belongs to Engineering department
is_active eq true and department eq "Sales" - Active user in Sales department
title co "Manager" - User title contains "Manager"
Update policy version configuration including conditions, actions, and settings
{
"values": [
{
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"current_version_number": 1,
"draft_version_number": 1,
"used_by_workflow": true,
"integrations": [
"text"
],
"current_version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:07:04.310Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
},
"access_profiles_inherited": [
"text"
],
"access_profiles_inherited_by": [
"text"
],
"inherits_from_other_profiles": true,
"inherited_by_other_profiles": true,
"labels": [
"text"
],
"provider_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"datasource_ids": [
"text"
],
"rbac_id": "text",
"member_details": [
{
"access_profile_id": "text",
"access_profile_name": "text",
"identity_id": "text",
"identity_name": "text",
"created_from": 1,
"workflow": "text"
}
],
"requestable": true,
"require_approval_to_start": true,
"started_at": "2025-08-26T13:07:04.310Z",
"started_by": "text",
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"access_request_policy_id": "text",
"created_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"last_synced_at": "2025-08-26T13:07:04.310Z",
"sync_allowed": true,
"last_sync_job_ids": [
"text"
],
"identity_created_by": "text",
"last_sync_error_message": "text",
"profile_type_rbac_id": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
],
"next_page_token": "text",
"has_more": true
}{
"value": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:07:04.310Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
}
}name
string
Yes
Name of the condition
continue_actions_if_any_error
boolean
No
Whether to continue with other actions if any action fails
state
string
No
Condition state: ENABLED, DISABLED
startDate gt "2024-01-01" - Start date is after January 1, 2024
department eq "IT" or department eq "Security" - User in IT or Security departments
ew
Ends with
email ew "@company.com"
gt
Greater than
salary gt 50000
ge
Greater than or equal
experience ge 5
lt
Less than
age lt 65
le
Less than or equal
projects le 3
policy_id
string
Yes
Unique identifier of the policy
version_number
integer
Yes
Version number of the policy version to modify
workflow
string
Yes
Name of the workflow to add the condition to
condition
object
Yes
Condition object to add
condition_type
string
Yes
Type of condition: ANY, CONDITION_STRING
condition_string
string
Conditional
SCIM-based condition string (required if condition_type is CONDITION_STRING)
actions_to_run
array[object]
No
eq
Equal
department eq "Finance"
ne
Not equal
status ne "inactive"
co
Contains
title co "Director"
sw
Starts with
Actions that run when this condition is true
email sw "admin"
Modify policy version workflows, conditions, and actions
Update attribute transformers and lookup table references
Adjust password complexity rules and mover properties
Configure transformer functions for the policy version
Configuration changes to active policies take effect immediately. Consider testing changes in a draft policy first, or temporarily setting the policy to inactive during updates.
policy_id
string
Yes
Unique identifier of the policy
version_number
integer
Yes
Version number of the policy version to update
value
object
Yes
The updated PolicyVersion object
update_mask
object
No
Field mask specifying which fields to update
PolicyVersion Object Fields
policy_id
string
Yes
ID of the policy this version belongs to
version_number
integer
No
Version number (output only)
state
string
No
Configuration Object Details
The config field contains the core policy version logic:
workflows
array[object]
Array of workflow objects that define when and how the policy triggers
actions
array[object]
Array of action objects that define what happens when conditions are met
attribute_common_transformers
array[object]
Common attribute transformation rules
lookup_table_references
array[object]
References to lookup tables used by the policy
If you receive a 404 error when attempting to update a policy configuration, verify:
Policy ID is correct: Confirm the policy exists by first calling GET /api/private/lifecycle_management/policies/{policy_id}
Version number exists: Check the current_version_number from the GET response and ensure you're using the correct version
Endpoint path is correct: Ensure you're using /versions/ (plural) in the URL path
Common mistake: Using /version/{number} instead of /versions/{number} in the endpoint path.
If you get errors about version not found:
Always use the current_version_number from the Get Policy response
Policy versions are auto-created and managed by the system - you can't create arbitrary version numbers
If you need to work with a different version, you may need to publish or manage the policy state first
When policy configuration updates fail validation:
Check JSON structure: Ensure your configuration object matches the expected schema
Verify action types: Confirm action type values are valid (e.g., MANAGE_RELATIONSHIPS, SYNC_IDENTITIES)
Validate SCIM expressions: Test trigger strings and condition strings for proper SCIM syntax
Confirm referenced IDs: Ensure access profile IDs and other references exist in your environment
Ensure your request body follows this structure:
The configuration should be nested within a value.config object, not sent as the root object.
PUT /api/private/lifecycle_management/policies/{policy_id}/versions/{version_number}PATCH /api/private/lifecycle_management/policies/{policy_id}/versions/{version_number}{
"value": {
"policy_id": "your-policy-id",
"config": {
"workflows": [...],
"actions": [...],
"attribute_common_transformers": [...]
}
}
}OK
Default error response
OK
Default error response
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"Create a new access profile with specified entitlements and configuration
POST /api/private/lifecycle_management/access_profilesCreates a new Veza Access Profile that defines a collection of entitlements that can be granted to users. Access profiles can contain direct relationships to entities (like groups, roles, or permissions) or can inherit entities from other access profiles, depending on the profile type capabilities.
Access Profiles support versioning, allowing you to draft changes before publishing them to users. An Access Profile contains a version that will be modified after initial creation - the version allows drafts and retired versions in the future.
Entity Object Schema
Sync Identity Action Schema
Simplified Response:
Retrieve all access profile types configured in your organization
GET /api/private/lifecycle_management/access_profiles_typesLists all Access Profile Types that have been configured in your organization. Access Profile Types define the capabilities and configuration options available when creating Access Profiles.
Use this endpoint to:
View all available Access Profile Types
Get type IDs needed when
Review the capabilities each type provides
Understand inheritance and relationship permissions
Standard Response:
{
"workflows_matched": [
"text"
],
"job_requests": [
{
"job_id": "text",
"data_source": {
"id": "text",
"external_id": "text",
"agent_type": "text",
"data_provider_id": "text",
"data_source_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"data_provider_type": 1,
"data_provider_secret_refs": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
]
},
"input_entities": [
{
"table": "text",
"primary_key": [
"text"
],
"constraints": [
{
"type": 1,
"field_names": [
"text"
]
}
]
}
],
"action_type": 1,
"action_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"action_job_id": "text",
"action_name": "text",
"identity_id": "text",
"stop_on_error": true,
"ttl": "text"
}
],
"messages": [
"text"
],
"access_profile_ids": [
"text"
],
"job_request_workflow_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}{
"workflows_matched": [
"text"
],
"job_requests": [
{
"job_id": "text",
"data_source": {
"id": "text",
"external_id": "text",
"agent_type": "text",
"data_provider_id": "text",
"data_source_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"data_provider_type": 1,
"data_provider_secret_refs": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
]
},
"input_entities": [
{
"table": "text",
"primary_key": [
"text"
],
"constraints": [
{
"type": 1,
"field_names": [
"text"
]
}
]
}
],
"action_type": 1,
"action_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"action_job_id": "text",
"action_name": "text",
"identity_id": "text",
"stop_on_error": true,
"ttl": "text"
}
],
"messages": [
"text"
],
"access_profile_ids": [
"text"
],
"job_request_workflow_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:dry_run HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 61
{
"policy_id": "text",
"id": "text",
"version_number": 1,
"state": 1
}POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:dry_run HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 61
{
"policy_id": "text",
"id": "text",
"version_number": 1,
"state": 1
}profile_type
string
Required
ID of the access profile type to use
entities_to_create_relationships_to
array
Optional
Array of entity objects to create direct relationships to
inherit_entities_from_access_profiles
array
Optional
Array of access profile IDs to inherit entities from
labels
array[string]
Optional
Opaque field for customer to add any labels
access_request_policy_id
string
Optional
The access request policy associated with the access profile
application_datasource_id
string
Optional
Datasource to use for this profile in the assign application use case
application_sync_identity_action
object
Optional
Action to use when creating an identity for this datasource
custom_properties
object
Optional
Map of custom properties for the access profile
assigned_to_entity_type
string
Optional
Type of the entity to assign to
assigned_to_entity_id
string
Optional
ID of the entity to assign to
grant_by
string
Optional
How the grant is applied (PolicyRules.GrantBy enum)
created_by_access_profile
boolean
Optional
Whether this entity was created by the access profile
custom_properties
object
Optional
Map of custom properties for the entity
sync_identity_action
object
Optional
Action to use when creating an identity for this entity
condition
object
Optional
Condition to check if identity should be granted access
Create a basic access profile with direct entity relationships:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Salesforce Developer",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
},
{
"entity_type": "SalesforcePermissionSet",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
},
{
"entity_type": "SalesforceRole",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
}
]
}'Create a business role that inherits from other access profiles:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Developer",
"state": "RUNNING",
"profile_type": "business-role-type-id",
"inherit_entities_from_access_profiles": [
"software-developers-profile-id"
]
}'Create an access profile with sync identity actions:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Advanced Salesforce Profile",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-org-datasource-id",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA",
"sync_identity_action": {
"policy_id": "policy-12345",
"name": "salesforce_sync_action"
}
}
],
"labels": ["requestable", "salesforce"]
}'name
string
Required
Name of the access profile
description
string
Optional
Description of the access profile's purpose
state
string
Required
entity_type
string
Required
Type of the entity (e.g., "SalesforceGroup", "ActiveDirectoryGroup")
datasource_id
string
Required
ID of the datasource containing the entity
entity_id
string
Required
policy_id
string
Required
ID of the policy to use for sync action
name
string
Required
Name of the sync identity action
{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Salesforce Developer",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"current_version_number": 1,
"created_at": "2024-04-12T15:29:36.187811047Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"current_version": {
"access_profile_id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"created_at": "2024-04-12T15:29:36.188843505Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
}
],
"inherit_entities_from_access_profiles": [],
"state": "PUBLISHED",
"updated_at": "2024-04-12T15:29:36.188843505Z",
"version_number": 1
},
"description": "",
"draft_version_number": 0,
"inherited_by_other_profiles": false,
"inherits_from_other_profiles": false,
"integrations": [
"SALESFORCE"
],
"provider_ids": [
"sf-dev-org-12345"
],
"provider_external_ids": [
"external-id-123"
],
"labels": [
"requestable",
"salesforce"
],
"state": "RUNNING",
"updated_at": "2024-04-12T15:29:36.217957547Z",
"used_by_workflow": false,
"access_profiles_inherited": [],
"access_profiles_inherited_by": []
}
}{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Salesforce Developer",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"current_version_number": 1,
"integrations": ["SALESFORCE"],
"provider_ids": ["sf-dev-org-12345"],
"labels": ["requestable", "salesforce"],
"created_at": "2024-04-12T15:29:36.187811047Z",
"updated_at": "2024-04-12T15:29:36.217957547Z"
}
}Initial state: INITIAL, RUNNING, PAUSED, DRY_RUN, PENDING
Unique identifier of the entity
OK
Default error response
POST /api/private/lifecycle_management/policies/{policy_id}/versions/{version_number}:add_condition HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 221
{
"policy_id": "text",
"version_number": 1,
"workflow": "text",
"condition": {
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
}Version state: DRAFT, PUBLISHED, RETIRED
config
object
No
Policy version configuration containing workflows, actions, and transformers
mover_properties
array[string]
List of properties that, when changed, mark an identity as a "mover"
password_complexity_rules
array[object]
Password complexity rules for sync operations
transformer_functions
array[object]
Custom transformation functions
A version of a policy, this includes the watcher profile for what starts the policy
This is the version of the config in case it changes in the future
OK
Default error response
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"OK
Default error response
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 3,
"require_single_datasource": false
},
{
"id": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"allow_create_relationships": true,
"allow_inherit_entities": false,
"description": "Basic Access Profile",
"integrations": [],
"name": "Profile",
"profiles_count": 0,
"require_single_datasource": false
}
]
}{
"values": [
{
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"allow_inherited_from_types": [],
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 3,
"require_single_datasource": false,
"require_single_integration": false,
"max_entitlements": 50,
"create_entitlement_based_on_profile": false,
"create_entitlements": [],
"no_entitlements": false,
"on_create_behavior": "INITIAL",
"instructions": "This business role allows users to inherit permissions from multiple technical profiles.",
"time_before_sync_check_in_seconds": 0,
"access_request_policy_id": null,
"allow_overwrite_of_access_request_policy": true,
"name_transformer": null,
"remove_entitlement_on_member_upon_update": false,
"created_at": "2024-07-15T16:10:30.123456789Z",
"updated_at": "2024-07-15T16:10:30.123456789Z"
},
{
"id": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"allow_create_relationships": true,
"allow_inherit_entities": false,
"allow_inherited_from_types": [],
"description": "Basic Access Profile",
"integrations": [],
"name": "Profile",
"profiles_count": 0,
"require_single_datasource": false,
"require_single_integration": false,
"max_entitlements": null,
"create_entitlement_based_on_profile": false,
"create_entitlements": [],
"no_entitlements": false,
"on_create_behavior": "INITIAL",
"instructions": "",
"time_before_sync_check_in_seconds": 0,
"access_request_policy_id": null,
"allow_overwrite_of_access_request_policy": true,
"name_transformer": null,
"remove_entitlement_on_member_upon_update": false,
"created_at": "2024-07-14T10:15:22.987654321Z",
"updated_at": "2024-07-14T10:15:22.987654321Z"
}
]
}Create a new access profile type that defines capabilities and configuration options
POST /api/private/lifecycle_management/access_profiles_typesCreates a new access profile type, which defines how access profiles of this type can be configured and used within your organization. Access profile types determine capabilities such as whether profiles can inherit entities from other profiles or create direct relationships to entities.
Common access profile types include:
Profile - Basic access profiles for direct entity relationships
Business Role - Higher-level profiles that can inherit from other profiles
Standard Response:
Create, manage, and organize access profiles and profile types for identity lifecycle management
Veza Access Profiles are collections of entitlements that can be granted to users as part of their identity lifecycle management. These APIs enable you to create, manage, and organize access profiles and their types, which define what access should be granted in different roles or scenarios across your organization.
Access Profiles help you automate consistent access provisioning with:
Reusable collections of entitlements across multiple systems
Organized access by business roles, departments, or functions
{
"value": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
}
}{
"value": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
},
"config_version": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
}
}PATCH /api/private/lifecycle_management/policies/{value.policy_id}/versions/{value.version_number} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 2130
{
"policy_id": "text",
"state": 1,
"config": {
"workflows": [
{
"trigger_type": 1,
"description": "text",
"trigger_string": "text",
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"continuous_sync": true,
"name": "text",
"state": 1,
"attribute_to_get_execute_date": "text",
"local_time_zone_diff_from_utc": 1,
"local_time_zone_attribute": "text",
"trigger_at_local_time_hour": 1,
"execute_date_time_formatters": [
{
"date_formatter": "text",
"pipeline_functions": "text"
}
],
"grace_period_in_sec": 1,
"skip_trigger_recheck_after_grace_period": true,
"priority": 1
}
],
"actions": [
{
"name": "text",
"description": "text",
"type": 1,
"config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"conditions_on_success": [
{
"condition_type": 1,
"condition_string": "text",
"actions_to_run": [
{
"name": "text",
"type": 1
}
],
"name": "text",
"continue_actions_if_any_error": true,
"state": 1
}
],
"action_notification_settings": [
{
"notification_settings": {
"notification_type": 1,
"notification_id": "text",
"type_settings": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
}
},
"on_success": true,
"on_failure": true
}
],
"state": 1,
"run_once": true
}
],
"attribute_common_transformers": [
{
"name": "text",
"description": "text",
"entity_type": "text",
"entity_attribute_transformers": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
}
],
"lookup_table_references": [
{
"name": "text",
"description": "text",
"column_names": [
"text"
],
"lookup_table_id": "text"
}
],
"mover_properties": [
"text"
],
"password_complexity_rules": [
{
"name": "text",
"length": 1,
"use_special_characters": true,
"use_numbers": true,
"use_uppercase": true,
"use_lowercase": true,
"disallowed_characters": "text"
}
],
"transformer_functions": [
{
"function_expression": "text",
"definition": {
"name": "text",
"description": "text",
"parameters": [
{
"name": "text",
"description": "text",
"type": 1,
"allow_empty": true,
"optional": true,
"valid_values": [
"text"
]
}
],
"require_no_input": true,
"return_multiple_values": true,
"input_is_optional": true
}
}
]
}
}allow_inherited_from_types
array[string]
Optional
List of access profile type IDs that profiles of this type can inherit from
allow_create_relationships
boolean
Optional
Whether profiles of this type can create direct relationships to entities
require_single_datasource
boolean
Optional
Whether profiles of this type must contain entities from only one datasource
require_single_integration
boolean
Optional
Whether profiles can only have access from a single integration (e.g., SNOWFLAKE)
add_integration_prefix_to_access_profile_names
boolean
Optional
Add integration prefix to profile names when require_single_integration is true
max_entitlements
integer
Optional
Maximum number of entitlements that can be added to profiles of this type
create_entitlement_based_on_profile
boolean
Optional
Create new entitlements if not found (only available if require_single_integration is true)
create_entitlements
array[object]
Optional
Entitlements to create based on attribute transformers when creating a profile
no_entitlements
boolean
Optional
If true, will not create any entitlements when creating a profile
on_create_behavior
string
Optional
Determines the state of the profile when created
instructions
string
Optional
Instructions for users when creating a profile of this type (markdown format)
time_before_sync_check_in_seconds
integer
Optional
How often to sync the profile (in seconds) with the target. Only allowed if create_entitlement_based_on_profile is true
access_request_policy_id
string
Optional
The access request policy associated with the access profile when creating a profile of this type
allow_overwrite_of_access_request_policy
boolean
Optional
Whether the access request policy can be overwritten when creating a profile
name_transformer
object
Optional
Name transformer rules for this profile type
remove_entitlement_on_member_upon_update
boolean
Optional
Remove deleted entitlements from members when access profile version is updated
time_before_sync_check_in_seconds
Defines sync frequency with target systems to ensure member lists stay current. Set to 0 to disable syncing.
Inheritance Rules
allow_inherited_from_types
Restricts which other access profile types can be inherited from. An empty array allows inheritance from any type.
allow_overwrite_of_access_request_policy
When false, the access request policy cannot be changed when creating individual profiles.
Create a basic access profile type for direct entity relationships:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Profile",
"description": "Basic Access Profile",
"allow_inherit_entities": false,
"allow_create_relationships": true,
"require_single_datasource": false
}'Create a business role type that can inherit from other profiles:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Business Role",
"description": "Access profile type for business roles that can inherit from other profiles",
"allow_inherit_entities": true,
"allow_create_relationships": false,
"require_single_datasource": false,
"max_entitlements": 50,
"instructions": "This business role allows users to inherit permissions from multiple technical profiles. Use this for high-level organizational roles."
}'Create an advanced profile type with detailed configuration:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Application-Specific Access",
"description": "Profile type for application-specific access with sync capabilities",
"allow_inherit_entities": false,
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"create_entitlement_based_on_profile": true,
"time_before_sync_check_in_seconds": 3600,
"max_entitlements": 25,
"instructions": "Use this type for application-specific profiles that require regular synchronization with target systems."
}'name
string
Required
Name of the access profile type
description
string
Optional
Description of the access profile type purpose
allow_inherit_entities
boolean
Optional
Integration and Entitlement Management
require_single_integration
When true, profiles of this type can only contain entities from a single integration (e.g., SNOWFLAKE, ACTIVE_DIRECTORY, etc.).
create_entitlement_based_on_profile
Automatically creates new entitlements if they don't exist, based on attribute transformers. Only available when require_single_integration is true.
no_entitlements
When true, creating profiles of this type will only create the application connection without any specific entitlements.
Profile Behavior Configuration
on_create_behavior
Controls the initial state when profiles of this type are created (AccessProfile.OnCreateBehavior enum).
{
"value": {
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 0,
"require_single_datasource": false,
"created_at": "2024-07-15T16:10:30.123456789Z",
"updated_at": "2024-07-15T16:10:30.123456789Z"
}
}{
"value": {
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"allow_inherited_from_types": [],
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 0,
"require_single_datasource": false,
"require_single_integration": false,
"max_entitlements": 50,
"create_entitlement_based_on_profile": false,
"create_entitlements": [],
"no_entitlements": false,
"on_create_behavior": "INITIAL",
"instructions": "This business role allows users to inherit permissions from multiple technical profiles. Use this for high-level organizational roles.",
"time_before_sync_check_in_seconds": 0,
"access_request_policy_id": null,
"allow_overwrite_of_access_request_policy": true,
"name_transformer": null,
"remove_entitlement_on_member_upon_update": false,
"created_at": "2024-07-15T16:10:30.123456789Z",
"updated_at": "2024-07-15T16:10:30.123456789Z"
}
}Whether profiles of this type can inherit entities from other access profiles
List of profiles that this one inherits from
The access request policy that is associated with the access profile
This is only available if the profile type is doesn't allow entitlements or inherited profiles This is the datasource to use for this profile in the assign application use case, when the profile is assigned it will create a relationship to the datasource
OK
Default error response
POST /api/private/lifecycle_management/access_profiles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 706
{
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
}
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"labels": [
"text"
],
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}GET /api/private/lifecycle_management/access_profiles_types HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
Managed access profile types with distinct configurations
Versioned profiles for profile lifecycle management
Access Profile Types define categories of access profiles and their capabilities within Veza. They determine how access profiles can be configured and used.
Access Profiles define specific sets of entitlements that can be granted to users. Each profile contains versions that allow for drafting and managing changes over time.
Integrations represent the available systems and platforms that can be used with Access Profiles for access management operations.
Use the following endpoints to interact with Access Profiles, Access Profile Types, and available integrations:
POST
Creates a new access profile type
GET
Retrieves all access profile types
POST
Creates a new access profile
GET
Retrieves all access profiles with filtering options
PATCH
Updates labels assigned to an access profile
PATCH
GET
Lists all members of a specific access profile version
PUT
Adds or removes members from an access profile version
GET
Lists all integrations available for use with access profiles
All Access Profile API requests require authentication. See API Authentication for details on how to authenticate with Veza APIs.
To get started with Access Profile APIs:
List available integrations to see what systems you can manage
List lifecycle management datasources to view enabled systems
Create an access profile type to define how access profiles will be configured
Create access profiles with the entitlements your users need
to grant access to users
Use to automate when access profiles are assigned
For more information about Access Profile concepts and features, see:
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"current_version_number": 1,
"draft_version_number": 1,
"used_by_workflow": true,
"integrations": [
"text"
],
"current_version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:07:04.310Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
},
"access_profiles_inherited": [
"text"
],
"access_profiles_inherited_by": [
"text"
],
"inherits_from_other_profiles": true,
"inherited_by_other_profiles": true,
"labels": [
"text"
],
"provider_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"datasource_ids": [
"text"
],
"rbac_id": "text",
"member_details": [
{
"access_profile_id": "text",
"access_profile_name": "text",
"identity_id": "text",
"identity_name": "text",
"created_from": 1,
"workflow": "text"
}
],
"requestable": true,
"require_approval_to_start": true,
"started_at": "2025-08-26T13:07:04.310Z",
"started_by": "text",
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"access_request_policy_id": "text",
"created_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"last_synced_at": "2025-08-26T13:07:04.310Z",
"sync_allowed": true,
"last_sync_job_ids": [
"text"
],
"identity_created_by": "text",
"last_sync_error_message": "text",
"profile_type_rbac_id": "text",
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
},
"version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:07:04.310Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:07:04.310Z",
"updated_at": "2025-08-26T13:07:04.310Z",
"published_by": "text",
"published_at": "2025-08-26T13:07:04.310Z"
}
}{
"values": [
{
"id": "text",
"name": "text",
"description": "text",
"allow_inherit_entities": true,
"allow_inherited_from_types": [
"text"
],
"profiles_count": 1,
"integrations": [
"text"
],
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"add_integration_prefix_to_access_profile_names": true,
"rbac_id": "text",
"max_entitlements": 1,
"create_entitlement_based_on_profile": true,
"create_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"no_entitlements": true,
"enabled": true,
"on_create_behavior": 1,
"instructions": "text",
"time_before_sync_check_in_seconds": "text",
"access_request_policy_id": "text",
"allow_overwrite_of_access_request_policy": true,
"name_transformer": {
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
},
"remove_entitlement_on_member_upon_update": true
}
],
"next_page_token": "text",
"has_more": true
}Updates a specific version of an access profile
OK
Default error response
POST /api/private/lifecycle_management/access_profiles_types HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 1119
{
"name": "text",
"description": "text",
"allow_inherit_entities": true,
"allow_inherited_from_types": [
"text"
],
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"add_integration_prefix_to_access_profile_names": true,
"max_entitlements": 1,
"create_entitlement_based_on_profile": true,
"create_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
}
}
],
"no_entitlements": true,
"on_create_behavior": 1,
"instructions": "text",
"time_before_sync_check_in_seconds": "text",
"access_request_policy_id": "text",
"allow_overwrite_of_access_request_policy": true,
"name_transformer": {
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
},
"remove_entitlement_on_member_upon_update": true
}{
"value": {
"id": "text",
"name": "text",
"description": "text",
"allow_inherit_entities": true,
"allow_inherited_from_types": [
"text"
],
"profiles_count": 1,
"integrations": [
"text"
],
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"add_integration_prefix_to_access_profile_names": true,
"rbac_id": "text",
"max_entitlements": 1,
"create_entitlement_based_on_profile": true,
"create_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"no_entitlements": true,
"enabled": true,
"on_create_behavior": 1,
"instructions": "text",
"time_before_sync_check_in_seconds": "text",
"access_request_policy_id": "text",
"allow_overwrite_of_access_request_policy": true,
"name_transformer": {
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
},
"remove_entitlement_on_member_upon_update": true
}
}