Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Create, manage, and organize access profiles and profile types for identity lifecycle management
Veza Access Profiles are collections of entitlements that can be granted to users as part of their identity lifecycle management. These APIs enable you to create, manage, and organize access profiles and their types, which define what access should be granted in different roles or scenarios across your organization.
Access Profiles help you automate consistent access provisioning with:
Reusable collections of entitlements across multiple systems
Organized access by business roles, departments, or functions
Managed access profile types with distinct configurations
Versioned profiles for profile lifecycle management
Access Profile Types define categories of access profiles and their capabilities within Veza. They determine how access profiles can be configured and used.
Access Profiles define specific sets of entitlements that can be granted to users. Each profile contains versions that allow for drafting and managing changes over time.
Integrations represent the available systems and platforms that can be used with Access Profiles for access management operations.
Use the following endpoints to interact with Access Profiles, Access Profile Types, and available integrations:
All Access Profile API requests require authentication. See for details on how to authenticate with Veza APIs.
To get started with Access Profile APIs:
to see what systems you can manage
to view enabled systems
to define how access profiles will be configured
with the entitlements your users need
For more information about Access Profile concepts and features, see:
Add members to access profiles to grant access to users
Use policy APIs to automate when access profiles are assigned
POST
Creates a new access profile type
GET
Retrieves all access profile types
POST
Creates a new access profile
GET
Retrieves all access profiles with filtering options
PATCH
Updates labels assigned to an access profile
PATCH
GET
Lists all members of a specific access profile version
PUT
Adds or removes members from an access profile version
GET
Lists all integrations available for use with access profiles
Updates a specific version of an access profile
List all integrations available for use with access profiles
GET /api/private/lifecycle_management/access_profiles:available_integrationsRetrieves a list of all integrations that are available for use with access profiles in your organization. This endpoint shows which systems can be used as targets for access management operations within access profiles.
Use this endpoint to:
Discover which integration types are supported in your environment
Verify that required integrations are available before creating access profiles
Plan access profile configurations across different systems
Categorization (e.g., "development", "production", "sensitive")
Request workflow (e.g., "requestable", "auto-approved")
Business function (e.g., "finance", "engineering", "sales")
id
string
Required
Unique identifier of the access profile
labels
array
Required
Array of label strings to assign to the access profile
PATCH /api/private/lifecycle_management/access_profiles/{id}curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/3a2371b6-95ec-4d9e-b95c-d75d51daa39b" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"labels": ["requestable", "salesforce", "development"]
}'{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Salesforce Developer",
"state": 1,
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"current_version": 1,
"integrations": ["SALESFORCE"],
"provider_ids": ["sf-dev-org-12345"],
"labels": ["requestable", "salesforce", "development"],
"created_at": "2024-07-15T16:20:15.123456789Z",
"updated_at": "2024-07-15T16:35:22.456789123Z"
}
}curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles:available_integrations" \
-H "authorization: Bearer $VEZA_TOKEN"{
"integrations": [
"ACTIVE_DIRECTORY",
"AWS",
"AZURE",
"GOOGLE",
"OKTA",
"SALESFORCE",
"WORKDAY"
]
}Retrieve all access profile types configured in your organization
GET /api/private/lifecycle_management/access_profiles_typesLists all Access Profile Types that have been configured in your organization. Access Profile Types define the capabilities and configuration options available when creating Access Profiles.
Use this endpoint to:
View all available Access Profile Types
Get type IDs needed when
Review the capabilities each type provides
Understand inheritance and relationship permissions
Standard Response:
Create a new access profile type that defines capabilities and configuration options
POST /api/private/lifecycle_management/access_profiles_typesCreates a new access profile type, which defines how access profiles of this type can be configured and used within your organization. Access profile types determine capabilities such as whether profiles can inherit entities from other profiles or create direct relationships to entities.
Common access profile types include:
Profile - Basic access profiles for direct entity relationships
Business Role - Higher-level profiles that can inherit from other profiles
Standard Response:
allow_inherited_from_types
array[string]
Optional
List of access profile type IDs that profiles of this type can inherit from
allow_create_relationships
boolean
Optional
Whether profiles of this type can create direct relationships to entities
require_single_datasource
boolean
Optional
Whether profiles of this type must contain entities from only one datasource
require_single_integration
boolean
Optional
Whether profiles can only have access from a single integration (e.g., SNOWFLAKE)
add_integration_prefix_to_access_profile_names
boolean
Optional
Add integration prefix to profile names when require_single_integration is true
max_entitlements
integer
Optional
Maximum number of entitlements that can be added to profiles of this type
create_entitlement_based_on_profile
boolean
Optional
Create new entitlements if not found (only available if require_single_integration is true)
create_entitlements
array[object]
Optional
Entitlements to create based on attribute transformers when creating a profile
no_entitlements
boolean
Optional
If true, will not create any entitlements when creating a profile
on_create_behavior
string
Optional
Determines the state of the profile when created
instructions
string
Optional
Instructions for users when creating a profile of this type (markdown format)
time_before_sync_check_in_seconds
integer
Optional
How often to sync the profile (in seconds) with the target. Only allowed if create_entitlement_based_on_profile is true
access_request_policy_id
string
Optional
The access request policy associated with the access profile when creating a profile of this type
allow_overwrite_of_access_request_policy
boolean
Optional
Whether the access request policy can be overwritten when creating a profile
name_transformer
object
Optional
Name transformer rules for this profile type
remove_entitlement_on_member_upon_update
boolean
Optional
Remove deleted entitlements from members when access profile version is updated
time_before_sync_check_in_seconds
Defines sync frequency with target systems to ensure member lists stay current. Set to 0 to disable syncing.
Inheritance Rules
allow_inherited_from_types
Restricts which other access profile types can be inherited from. An empty array allows inheritance from any type.
allow_overwrite_of_access_request_policy
When false, the access request policy cannot be changed when creating individual profiles.
Create a basic access profile type for direct entity relationships:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Profile",
"description": "Basic Access Profile",
"allow_inherit_entities": false,
"allow_create_relationships": true,
"require_single_datasource": false
}'Create a business role type that can inherit from other profiles:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Business Role",
"description": "Access profile type for business roles that can inherit from other profiles",
"allow_inherit_entities": true,
"allow_create_relationships": false,
"require_single_datasource": false,
"max_entitlements": 50,
"instructions": "This business role allows users to inherit permissions from multiple technical profiles. Use this for high-level organizational roles."
}'Create an advanced profile type with detailed configuration:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Application-Specific Access",
"description": "Profile type for application-specific access with sync capabilities",
"allow_inherit_entities": false,
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"create_entitlement_based_on_profile": true,
"time_before_sync_check_in_seconds": 3600,
"max_entitlements": 25,
"instructions": "Use this type for application-specific profiles that require regular synchronization with target systems."
}'name
string
Required
Name of the access profile type
description
string
Optional
Description of the access profile type purpose
allow_inherit_entities
boolean
Optional
Integration and Entitlement Management
require_single_integration
When true, profiles of this type can only contain entities from a single integration (e.g., SNOWFLAKE, ACTIVE_DIRECTORY, etc.).
create_entitlement_based_on_profile
Automatically creates new entitlements if they don't exist, based on attribute transformers. Only available when require_single_integration is true.
no_entitlements
When true, creating profiles of this type will only create the application connection without any specific entitlements.
Profile Behavior Configuration
on_create_behavior
Controls the initial state when profiles of this type are created (AccessProfile.OnCreateBehavior enum).
{
"value": {
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 0,
"require_single_datasource": false,
"created_at": "2024-07-15T16:10:30.123456789Z",
"updated_at": "2024-07-15T16:10:30.123456789Z"
}
}{
"value": {
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"allow_inherited_from_types": [],
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 0,
"require_single_datasource": false,
"require_single_integration": false,
"max_entitlements": 50,
"create_entitlement_based_on_profile": false,
"create_entitlements": [],
"no_entitlements": false,
"on_create_behavior": "INITIAL",
"instructions": "This business role allows users to inherit permissions from multiple technical profiles. Use this for high-level organizational roles.",
"time_before_sync_check_in_seconds": 0,
"access_request_policy_id": null,
"allow_overwrite_of_access_request_policy": true,
"name_transformer": null,
"remove_entitlement_on_member_upon_update": false,
"created_at": "2024-07-15T16:10:30.123456789Z",
"updated_at": "2024-07-15T16:10:30.123456789Z"
}
}Whether profiles of this type can inherit entities from other access profiles
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN"{
"values": [
{
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 3,
"require_single_datasource": false
},
{
"id": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"allow_create_relationships": true,
"allow_inherit_entities": false,
"description": "Basic Access Profile",
"integrations": [],
"name": "Profile",
"profiles_count": 0,
"require_single_datasource": false
}
]
}{
"values": [
{
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"allow_inherited_from_types": [],
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 3,
"require_single_datasource": false,
"require_single_integration": false,
"max_entitlements": 50,
"create_entitlement_based_on_profile": false,
"create_entitlements": [],
"no_entitlements": false,
"on_create_behavior": "INITIAL",
"instructions": "This business role allows users to inherit permissions from multiple technical profiles.",
"time_before_sync_check_in_seconds": 0,
"access_request_policy_id": null,
"allow_overwrite_of_access_request_policy": true,
"name_transformer": null,
"remove_entitlement_on_member_upon_update": false,
"created_at": "2024-07-15T16:10:30.123456789Z",
"updated_at": "2024-07-15T16:10:30.123456789Z"
},
{
"id": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"allow_create_relationships": true,
"allow_inherit_entities": false,
"allow_inherited_from_types": [],
"description": "Basic Access Profile",
"integrations": [],
"name": "Profile",
"profiles_count": 0,
"require_single_datasource": false,
"require_single_integration": false,
"max_entitlements": null,
"create_entitlement_based_on_profile": false,
"create_entitlements": [],
"no_entitlements": false,
"on_create_behavior": "INITIAL",
"instructions": "",
"time_before_sync_check_in_seconds": 0,
"access_request_policy_id": null,
"allow_overwrite_of_access_request_policy": true,
"name_transformer": null,
"remove_entitlement_on_member_upon_update": false,
"created_at": "2024-07-14T10:15:22.987654321Z",
"updated_at": "2024-07-14T10:15:22.987654321Z"
}
]
}Important: An update to the entities_to_create_relationships_to and inherit_entities_from_access_profiles needs to happen in the version of the profile, not the actual profile. You will need to get the current_version_number from the access profile first.
Note that updates to relationships must be made to the version, not the profile itself. This versioning system allows you to draft changes before publishing them to users.
id
string
Required
Unique identifier of the access profile
version
string
Required
Version number of the access profile to update
entities_to_create_relationships_to
array
Optional
Array of entity objects to create direct relationships to
inherit_entities_from_access_profiles
array
Optional
Array of access profile IDs to inherit entities from
Entity Object Schema
entity_type
string
Required
Type of the entity (e.g., "SalesforceGroup", "ActiveDirectoryGroup")
datasource_id
string
Required
ID of the lifecycle manager datasource containing the entity
entity_id
string
Required
Update direct entity relationships:
Update access profile inheritance:
Update both relationships and inheritance:
PATCH /api/private/lifecycle_management/access_profiles/{id}/versions/{version}{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"version": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
},
{
"entity_type": "SalesforcePermissionSet",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
},
{
"entity_type": "SalesforceRole",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1"
}
],
"inherit_entities_from_access_profiles": [],
"updated_at": "2024-07-15T16:45:30.789123456Z"
}
}Retrieve all access profiles with optional filtering and detailed entity information
GET /api/private/lifecycle_management/access_profilesLists all Veza Access Profiles in your organization with support for filtering and optional detailed entity information. You can filter results using SCIM-format filter expressions and request additional entity details to understand the relationships each profile contains.
Veza uses the SCIM filter format including AND/OR logical operations. Examples:
Complex filters can be created using logical operators:
profile_type eq "13ddf132-0868-4330-a0a3-41b088f6a4dc"
Exact match on profile type
?filter=profile_type+eq+%2213ddf132-0868-4330-a0a3-41b088f6a4dc%22
List all access profiles:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN"List profiles with detailed entity information:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles?entity_extra_info=true" \
-H "authorization: Bearer $VEZA_TOKEN"Filter by integration type:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles?filter=integrations+co+%22SALESFORCE%22" \
-H "authorization: Bearer $VEZA_TOKEN"Filter by multiple criteria:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles?filter=%28integrations+co+%22SALESFORCE%22+or+integrations+co+%22AWS%22%29+and+profile_type+eq+%22a730b9cd-d600-4fb7-a803-8ab5b697c0b9%22" \
-H "authorization: Bearer $VEZA_TOKEN"Filter by labels:
curl -X GET "$BASE_URL/api/private/lifecycle_management/access_profiles?filter=labels+co+%22requestable%22" \
-H "authorization: Bearer $VEZA_TOKEN"Standard list response:
{
"has_more": false,
"next_page_token": "",
"values": [
{
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Developer",
"current_version_number": 1,
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"access_profiles_inherited": [
"software-developers-profile-id"
],
"access_profiles_inherited_by": [],
"created_at": "2024-04-12T15:29:36.709931506Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"current_version": {
"access_profile_id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"created_at": "2024-04-12T15:29:36.711717422Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-datasource-id",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
}
],
"inherit_entities_from_access_profiles": [
"software-developers-profile-id"
],
"state": "PUBLISHED",
"updated_at": "2024-04-12T15:29:36.711717422Z",
"version_number": 1
},
"description": "",
"draft_version_number": 0,
"inherited_by_other_profiles": false,
"inherits_from_other_profiles": true,
"integrations": [
"SALESFORCE"
],
"provider_ids": ["sf-provider-id"],
"provider_external_ids": ["external-sf-id"],
"labels": ["requestable", "development"],
"updated_at": "2024-04-12T15:29:36.743000797Z",
"used_by_workflow": false
}
]
}Response with entity_extra_info=true:
filter
string
Optional
SCIM filter expression to filter results
entity_extra_info
boolean
Optional
When true, includes additional entity relationship details with provider names and external IDs
integrations co "SALESFORCE"
Contains SALESFORCE in integrations
?filter=integrations+co+%22SALESFORCE%22
integrations eq "SALESFORCE"
Exact match on SALESFORCE
?filter=integrations+eq+%22SALESFORCE%22
provider_ids co "3cedc292-4014-45e9-b7d9-8cb1695e1454"
Contains provider ID
?filter=provider_ids+co+%223cedc292-4014-45e9-b7d9-8cb1695e1454%22
labels co "requestable"
Contains label
(integrations co "SALESFORCE" or integrations co "AWS") and profile_type eq "13ddf132-0868-4330-a0a3-41b088f6a4dc"?filter=labels+co+%22requestable%22
Unique identifier of the entity within the datasource
sync_identity_action
object
Optional
Action to use when creating an identity for this entity
curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/3a2371b6-95ec-4d9e-b95c-d75d51daa39b/versions/1" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
},
{
"entity_type": "SalesforcePermissionSet",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
},
{
"entity_type": "SalesforceRole",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1"
}
],
"inherit_entities_from_access_profiles": []
}'curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/business-role-id/versions/2" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"entities_to_create_relationships_to": [],
"inherit_entities_from_access_profiles": [
"base-developer-profile-id",
"salesforce-access-profile-id"
]
}'curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/combined-profile-id/versions/1" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"entities_to_create_relationships_to": [
{
"entity_type": "ActiveDirectoryGroup",
"datasource_id": "ad-datasource-id",
"entity_id": "ad-dev-group-123"
}
],
"inherit_entities_from_access_profiles": [
"base-permissions-profile-id"
]
}'Create a new access profile with specified entitlements and configuration
POST /api/private/lifecycle_management/access_profilesCreates a new Veza Access Profile that defines a collection of entitlements that can be granted to users. Access profiles can contain direct relationships to entities (like groups, roles, or permissions) or can inherit entities from other access profiles, depending on the profile type capabilities.
Access Profiles support versioning, allowing you to draft changes before publishing them to users. An Access Profile contains a version that will be modified after initial creation - the version allows drafts and retired versions in the future.
Entity Object Schema
Sync Identity Action Schema
Simplified Response:
profile_type
string
Required
ID of the access profile type to use
entities_to_create_relationships_to
array
Optional
Array of entity objects to create direct relationships to
inherit_entities_from_access_profiles
array
Optional
Array of access profile IDs to inherit entities from
labels
array[string]
Optional
Opaque field for customer to add any labels
access_request_policy_id
string
Optional
The access request policy associated with the access profile
application_datasource_id
string
Optional
Datasource to use for this profile in the assign application use case
application_sync_identity_action
object
Optional
Action to use when creating an identity for this datasource
custom_properties
object
Optional
Map of custom properties for the access profile
assigned_to_entity_type
string
Optional
Type of the entity to assign to
assigned_to_entity_id
string
Optional
ID of the entity to assign to
grant_by
string
Optional
How the grant is applied (PolicyRules.GrantBy enum)
created_by_access_profile
boolean
Optional
Whether this entity was created by the access profile
custom_properties
object
Optional
Map of custom properties for the entity
sync_identity_action
object
Optional
Action to use when creating an identity for this entity
condition
object
Optional
Condition to check if identity should be granted access
Create a basic access profile with direct entity relationships:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Salesforce Developer",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
},
{
"entity_type": "SalesforcePermissionSet",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
},
{
"entity_type": "SalesforceRole",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
}
]
}'Create a business role that inherits from other access profiles:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Developer",
"state": "RUNNING",
"profile_type": "business-role-type-id",
"inherit_entities_from_access_profiles": [
"software-developers-profile-id"
]
}'Create an access profile with sync identity actions:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Advanced Salesforce Profile",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-org-datasource-id",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA",
"sync_identity_action": {
"policy_id": "policy-12345",
"name": "salesforce_sync_action"
}
}
],
"labels": ["requestable", "salesforce"]
}'name
string
Required
Name of the access profile
description
string
Optional
Description of the access profile's purpose
state
string
Required
entity_type
string
Required
Type of the entity (e.g., "SalesforceGroup", "ActiveDirectoryGroup")
datasource_id
string
Required
ID of the datasource containing the entity
entity_id
string
Required
policy_id
string
Required
ID of the policy to use for sync action
name
string
Required
Name of the sync identity action
{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Salesforce Developer",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"current_version_number": 1,
"created_at": "2024-04-12T15:29:36.187811047Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"current_version": {
"access_profile_id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"created_at": "2024-04-12T15:29:36.188843505Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
}
],
"inherit_entities_from_access_profiles": [],
"state": "PUBLISHED",
"updated_at": "2024-04-12T15:29:36.188843505Z",
"version_number": 1
},
"description": "",
"draft_version_number": 0,
"inherited_by_other_profiles": false,
"inherits_from_other_profiles": false,
"integrations": [
"SALESFORCE"
],
"provider_ids": [
"sf-dev-org-12345"
],
"provider_external_ids": [
"external-id-123"
],
"labels": [
"requestable",
"salesforce"
],
"state": "RUNNING",
"updated_at": "2024-04-12T15:29:36.217957547Z",
"used_by_workflow": false,
"access_profiles_inherited": [],
"access_profiles_inherited_by": []
}
}{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Salesforce Developer",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"current_version_number": 1,
"integrations": ["SALESFORCE"],
"provider_ids": ["sf-dev-org-12345"],
"labels": ["requestable", "salesforce"],
"created_at": "2024-04-12T15:29:36.187811047Z",
"updated_at": "2024-04-12T15:29:36.217957547Z"
}
}Initial state: INITIAL, RUNNING, PAUSED, DRY_RUN, PENDING
Unique identifier of the entity
curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$BASE_URL/api/preview/keys" \
-H "authorization: Bearer $VEZA_TOKEN"OK
Default error response
The version that is currently live and running
The version that is being edited and in draft form (0 if there is none)
The access request policy that is associated with the access profile
Last time the profile was synced with the target
Sets if this profile is allowed to sync or not, this is only allowed if the type's create_entitlement_based_on_profile is true
The Job IDs for the last time it was synced
The identity that created the access profile
If the sync job failed what is the error message
OK
Default error response
OK
Default error response
OK
Default error response
The version of the access profile that includes how it is configured
List of profiles that this one inherits from
List of identities (via id) that are part of the access profile
The access request policy that is associated with the access profile
This is only available if the profile type is doesn't allow entitlements or inherited profiles This is the datasource to use for this profile in the assign application use case, when the profile is assigned it will create a relationship to the datasource
OK
Default error response
OK
Default error response
List of profiles that this one inherits from
The access request policy that is associated with the access profile
This is only available if the profile type is doesn't allow entitlements or inherited profiles This is the datasource to use for this profile in the assign application use case, when the profile is assigned it will create a relationship to the datasource
OK
Default error response
{
"integrations": [
"text"
]
}GET /api/private/lifecycle_management/access_profiles:available_integrations HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"current_version_number": 1,
"draft_version_number": 1,
"used_by_workflow": true,
"integrations": [
"text"
],
"current_version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:34:51.710Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:34:51.710Z",
"updated_at": "2025-08-26T13:34:51.710Z",
"published_by": "text",
"published_at": "2025-08-26T13:34:51.710Z"
},
"access_profiles_inherited": [
"text"
],
"access_profiles_inherited_by": [
"text"
],
"inherits_from_other_profiles": true,
"inherited_by_other_profiles": true,
"labels": [
"text"
],
"provider_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"datasource_ids": [
"text"
],
"rbac_id": "text",
"member_details": [
{
"access_profile_id": "text",
"access_profile_name": "text",
"identity_id": "text",
"identity_name": "text",
"created_from": 1,
"workflow": "text"
}
],
"requestable": true,
"require_approval_to_start": true,
"started_at": "2025-08-26T13:34:51.710Z",
"started_by": "text",
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"access_request_policy_id": "text",
"created_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"last_synced_at": "2025-08-26T13:34:51.710Z",
"sync_allowed": true,
"last_sync_job_ids": [
"text"
],
"identity_created_by": "text",
"last_sync_error_message": "text",
"profile_type_rbac_id": "text",
"created_by": "text",
"created_at": "2025-08-26T13:34:51.710Z",
"updated_at": "2025-08-26T13:34:51.710Z",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
}PATCH /api/private/lifecycle_management/access_profiles/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 350
{
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"labels": [
"text"
],
"datasource_ids": [
"text"
],
"require_approval_to_start": true,
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"profile_type_rbac_id": "text",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}{
"values": [
{
"id": "text",
"name": "text",
"description": "text",
"allow_inherit_entities": true,
"allow_inherited_from_types": [
"text"
],
"profiles_count": 1,
"integrations": [
"text"
],
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"add_integration_prefix_to_access_profile_names": true,
"rbac_id": "text",
"max_entitlements": 1,
"create_entitlement_based_on_profile": true,
"create_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"no_entitlements": true,
"enabled": true,
"on_create_behavior": 1,
"instructions": "text",
"time_before_sync_check_in_seconds": "text",
"access_request_policy_id": "text",
"allow_overwrite_of_access_request_policy": true,
"name_transformer": {
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
},
"remove_entitlement_on_member_upon_update": true
}
],
"next_page_token": "text",
"has_more": true
}GET /api/private/lifecycle_management/access_profiles_types HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"allow_inherit_entities": true,
"allow_inherited_from_types": [
"text"
],
"profiles_count": 1,
"integrations": [
"text"
],
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"add_integration_prefix_to_access_profile_names": true,
"rbac_id": "text",
"max_entitlements": 1,
"create_entitlement_based_on_profile": true,
"create_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"no_entitlements": true,
"enabled": true,
"on_create_behavior": 1,
"instructions": "text",
"time_before_sync_check_in_seconds": "text",
"access_request_policy_id": "text",
"allow_overwrite_of_access_request_policy": true,
"name_transformer": {
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
},
"remove_entitlement_on_member_upon_update": true
}
}POST /api/private/lifecycle_management/access_profiles_types HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 1119
{
"name": "text",
"description": "text",
"allow_inherit_entities": true,
"allow_inherited_from_types": [
"text"
],
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"add_integration_prefix_to_access_profile_names": true,
"max_entitlements": 1,
"create_entitlement_based_on_profile": true,
"create_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
}
}
],
"no_entitlements": true,
"on_create_behavior": 1,
"instructions": "text",
"time_before_sync_check_in_seconds": "text",
"access_request_policy_id": "text",
"allow_overwrite_of_access_request_policy": true,
"name_transformer": {
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
},
"remove_entitlement_on_member_upon_update": true
}{
"value": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:34:51.710Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:34:51.710Z",
"updated_at": "2025-08-26T13:34:51.710Z",
"published_by": "text",
"published_at": "2025-08-26T13:34:51.710Z"
}
}PATCH /api/private/lifecycle_management/access_profiles/{value.access_profile_id}/versions/{value.version_number} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 576
{
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
}
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
}
}{
"values": [
{
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"current_version_number": 1,
"draft_version_number": 1,
"used_by_workflow": true,
"integrations": [
"text"
],
"current_version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:34:51.710Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:34:51.710Z",
"updated_at": "2025-08-26T13:34:51.710Z",
"published_by": "text",
"published_at": "2025-08-26T13:34:51.710Z"
},
"access_profiles_inherited": [
"text"
],
"access_profiles_inherited_by": [
"text"
],
"inherits_from_other_profiles": true,
"inherited_by_other_profiles": true,
"labels": [
"text"
],
"provider_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"datasource_ids": [
"text"
],
"rbac_id": "text",
"member_details": [
{
"access_profile_id": "text",
"access_profile_name": "text",
"identity_id": "text",
"identity_name": "text",
"created_from": 1,
"workflow": "text"
}
],
"requestable": true,
"require_approval_to_start": true,
"started_at": "2025-08-26T13:34:51.710Z",
"started_by": "text",
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"access_request_policy_id": "text",
"created_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"last_synced_at": "2025-08-26T13:34:51.710Z",
"sync_allowed": true,
"last_sync_job_ids": [
"text"
],
"identity_created_by": "text",
"last_sync_error_message": "text",
"profile_type_rbac_id": "text",
"created_by": "text",
"created_at": "2025-08-26T13:34:51.710Z",
"updated_at": "2025-08-26T13:34:51.710Z",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
],
"next_page_token": "text",
"has_more": true
}GET /api/private/lifecycle_management/access_profiles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Accept: */*
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"current_version_number": 1,
"draft_version_number": 1,
"used_by_workflow": true,
"integrations": [
"text"
],
"current_version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:34:51.710Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:34:51.710Z",
"updated_at": "2025-08-26T13:34:51.710Z",
"published_by": "text",
"published_at": "2025-08-26T13:34:51.710Z"
},
"access_profiles_inherited": [
"text"
],
"access_profiles_inherited_by": [
"text"
],
"inherits_from_other_profiles": true,
"inherited_by_other_profiles": true,
"labels": [
"text"
],
"provider_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"datasource_ids": [
"text"
],
"rbac_id": "text",
"member_details": [
{
"access_profile_id": "text",
"access_profile_name": "text",
"identity_id": "text",
"identity_name": "text",
"created_from": 1,
"workflow": "text"
}
],
"requestable": true,
"require_approval_to_start": true,
"started_at": "2025-08-26T13:34:51.710Z",
"started_by": "text",
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"access_request_policy_id": "text",
"created_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"last_synced_at": "2025-08-26T13:34:51.710Z",
"sync_allowed": true,
"last_sync_job_ids": [
"text"
],
"identity_created_by": "text",
"last_sync_error_message": "text",
"profile_type_rbac_id": "text",
"created_by": "text",
"created_at": "2025-08-26T13:34:51.710Z",
"updated_at": "2025-08-26T13:34:51.710Z",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
},
"version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:34:51.710Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:34:51.710Z",
"updated_at": "2025-08-26T13:34:51.710Z",
"published_by": "text",
"published_at": "2025-08-26T13:34:51.710Z"
}
}POST /api/private/lifecycle_management/access_profiles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 706
{
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
}
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"labels": [
"text"
],
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}