Skip to content
ConductorOne Docs
  • Auto
  • Light
  • Dark
Get Started

Apps

Apps

Apps

Create
post/api/v1/apps
Get
get/api/v1/apps/{id}
Update
post/api/v1/apps/{id}
List
get/api/v1/apps
Delete
delete/api/v1/apps/{id}
C1 API App V1 App
C1APIAppV1Appobject

The App object provides all of the details for an app, as well as some configuration.

ShowShow
idstring
optional

The ID of the app.

appAccountIdstring
optional

The ID of the Account named by AccountName.

appAccountNamestring
optional

The AccountName of the app. For example, AWS is AccountID, Github is Org Name, and Okta is Okta Subdomain.

appOwnersarray of idstringcreatedAtstringdelegatedUserIdstringdeletedAtstringdepartmentstringdepartmentSourcesarray of C1APIUserV1UserAttributeMappingSourcedirectoryIdsarray of stringdirectoryStatusenumdirectoryStatusSourcesarray of C1APIUserV1UserAttributeMappingSourcedisplayNamestringemailstringemailsarray of stringemailSourcesarray of C1APIUserV1UserAttributeMappingSourceemployeeIdsarray of stringemployeeIdSourcesarray of C1APIUserV1UserAttributeMappingSourceemploymentStatusstringemploymentStatusSourcesarray of C1APIUserV1UserAttributeMappingSourceemploymentTypestringemploymentTypeSourcesarray of C1APIUserV1UserAttributeMappingSourcejobTitlestringjobTitleSourcesarray of C1APIUserV1UserAttributeMappingSourcemanagerIdsarray of stringmanagerSourcesarray of C1APIUserV1UserAttributeMappingSourceprofilemaproleIdsarray of stringstatusenumtypeenumupdatedAtstringusernamestringusernamesarray of stringusernameSourcesarray of C1APIUserV1UserAttributeMappingSourceC1APIUserV1User
optional

The owners of the app.

certifyPolicyIdstring
optional

The ID of the Certify Policy associated with this App.

connectorVersionnumber
optional

The connectorVersion field.

formatuint32
createdAtstring
optional
formatdate-time
defaultRequestCatalogIdstring
optional

The ID for the default request catalog for this app.

deletedAtstring
optional
formatdate-time
descriptionstring
optional

The app's description.

displayNamestring
optional

The app's display name.

fieldMaskstring
optional
grantPolicyIdstring
optional

The ID of the Grant Policy associated with this App.

iconUrlstring
optional

The URL of an icon to display for the app.

identityMatchingenum
optional
"APP_USER_IDENTITY_MATCHING_UNSPECIFIED" OR "APP_USER_IDENTITY_MATCHING_STRICT" OR "APP_USER_IDENTITY_MATCHING_DISPLAY_NAME"

The identityMatching field.

Hide ParametersShow Parameters
"APP_USER_IDENTITY_MATCHING_UNSPECIFIED"
"APP_USER_IDENTITY_MATCHING_STRICT"
"APP_USER_IDENTITY_MATCHING_DISPLAY_NAME"
instructionsstring
optional

If you add instructions here, they will be shown to users in the access request form when requesting access for this app.

isDirectoryboolean
optional

Specifies if the app is a directory.

isManuallyManagedboolean
optional

The isManuallyManaged field.

logoUristring
optional

The URL of a logo to display for the app.

monthlyCostUsdnumber
optional

The cost of an app per-seat, so that total cost can be calculated by the grant count.

formatint32
parentAppIdstring
optional

The ID of the app that created this app, if any.

revokePolicyIdstring
optional

The ID of the Revoke Policy associated with this App.

strictAccessEntitlementProvisioningboolean
optional

The strictAccessEntitlementProvisioning field.

updatedAtstring
optional
formatdate-time
userCountstring
optional

The number of users with grants to this app.

formatint64

AppsAccess Request Defaults

Create App Access Requests Defaults
post/api/v1/apps/{app_id}/access_request_defaults
Get App Access Requests Defaults
get/api/v1/apps/{app_id}/access_request_defaults
Cancel App Access Requests Defaults
post/api/v1/apps/{app_id}/access_request_defaults/cancel
C1 API App V1 App Access Request Defaults
C1APIAppV1AppAccessRequestDefaultsobject

The AppAccessRequestDefaults message.

This message contains a oneof named max_grant_duration. Only a single field of the following list may be set at a time:

  • durationUnset
  • durationGrant
ShowShow
appIdstring
optional

The app id for the app access request rule

catalogIdsarray of string
optional

The request catalog ids for the app access request rule.

defaultsEnabledboolean
optional

If true the app level request configuration will be applied to specified resource types.

durationGrantstring
optional
formatduration
durationUnsetunknown
optional
emergencyGrantEnabledboolean
optional

If emergency grants are enabled for this app access request rule.

emergencyGrantPolicyIdstring
optional

The policy id for the emergency grant policy.

requestPolicyIdstring
optional

The requestPolicyId field.

resourceTypeIdsarray of string
optional

The app resource type ids for which the app access request defaults are applied.

stateenum
optional
"APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_UNSPECIFIED" OR "APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_RUNNING" OR "APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_SUCCESS" OR 4 more

The last applied state of the app access request defaults.

Hide ParametersShow Parameters
"APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_UNSPECIFIED"
"APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_RUNNING"
"APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_SUCCESS"
"APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_FAILED"
"APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_CANCELING"
"APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_CANCEL_SUCCESS"
"APP_ACCESS_REQUEST_DEFAULTS_LAST_APPLY_STATE_CANCEL_ERROR"

AppsApp Users

Update
post/api/v1/apps/{app_user_app_id}/app_users/{app_user_id}
List
get/api/v1/apps/{app_id}/app_users
List App User Credentials
get/api/v1/apps/{app_id}/app_users/{app_user_id}/credentials
C1 API App V1 App User
C1APIAppV1AppUserobject

Application User that represents an account in the application.

ShowShow
idstring
optional

A unique idenditfier of the application user.

appIdstring
optional

The ID of the application.

appUserTypeenum
optional
"APP_USER_TYPE_UNSPECIFIED" OR "APP_USER_TYPE_USER" OR "APP_USER_TYPE_SERVICE_ACCOUNT" OR "APP_USER_TYPE_SYSTEM_ACCOUNT"

The appplication user type. Type can be user, system or service.

Hide ParametersShow Parameters
"APP_USER_TYPE_UNSPECIFIED"
"APP_USER_TYPE_USER"
"APP_USER_TYPE_SERVICE_ACCOUNT"
"APP_USER_TYPE_SYSTEM_ACCOUNT"
createdAtstring
optional
formatdate-time
deletedAtstring
optional
formatdate-time
displayNamestring
optional

The display name of the application user.

emailstring
optional

The email field of the application user.

emailsarray of string
optional

The emails field of the application user.

employeeIdsarray of string
optional

The employee IDs field of the application user.

identityUserIdstring
optional

The conductor one user ID of the account owner.

isExternalboolean
optional

The isExternal field.

profilemap
optional
statusobject
optional

The satus of the applicaiton user.

Hide ParametersShow Parameters
detailsstring
optional

The details of applicaiton user status.

statusenum
optional
"STATUS_UNSPECIFIED" OR "STATUS_ENABLED" OR "STATUS_DISABLED" OR "STATUS_DELETED"

The application user status field.

Hide ParametersShow Parameters
"STATUS_UNSPECIFIED"
"STATUS_ENABLED"
"STATUS_DISABLED"
"STATUS_DELETED"
updatedAtstring
optional
formatdate-time
usernamestring
optional

The username field of the application user.

usernamesarray of string
optional

The usernames field of the application user.

C1 API App V1 App User Expand Mask
C1APIAppV1AppUserExpandMaskobject

The AppUserExpandMask message contains a list of paths to expand in the response.

ShowShow
pathsarray of string
optional

The paths to expand in the response. May be any combination of "*", "identity_user_id", "app_id", and "last_usage".

C1 API App V1 App User View
C1APIAppV1AppUserViewobject

The AppUserView contains an app user as well as paths for apps, identity users, and last usage in expanded arrays.

ShowShow
appPathstring
optional

JSONPATH expression indicating where the app is expanded in expanded arrays indicated in the request.

appUseridstringappIdstringappUserTypeenumcreatedAtstringdeletedAtstringdisplayNamestringemailstringemailsarray of stringemployeeIdsarray of stringidentityUserIdstringisExternalbooleanprofilemapstatusobjectupdatedAtstringusernamestringusernamesarray of stringC1APIAppV1AppUser
optional

Application User that represents an account in the application.

identityUserPathstring
optional

JSONPATH expression indicating where the identity user is expanded in expanded arrays indicated in the request.

lastUsagePathstring
optional

JSONPATH expression indicating where the last usage information is expanded in expanded arrays indicated in the request.

AppsBindings

Get
get/api/v1/apps/{src_app_id}/{src_app_entitlement_id}/bindings/{dst_app_id}/{dst_app_entitlement_id}
Create
post/api/v1/apps/{src_app_id}/{src_app_entitlement_id}/bindings/{dst_app_id}/{dst_app_entitlement_id}
Delete
delete/api/v1/apps/{src_app_id}/{src_app_entitlement_id}/bindings/{dst_app_id}/{dst_app_entitlement_id}
C1 API App V1 App Entitlement Proxy View
C1APIAppV1AppEntitlementProxyViewobject

The AppEntitlementProxyView message.

ShowShow
appProxyEntitlementobject
optional

The AppEntitlementProxy message.

This message contains a oneof named _implicit. Only a single field of the following list may be set at a time:

  • implicit
Hide ParametersShow Parameters
createdAtstring
optional
formatdate-time
deletedAtstring
optional
formatdate-time
dstAppEntitlementIdstring
optional

The dstAppEntitlementId field.

dstAppIdstring
optional

The dstAppId field.

implicitboolean
optional

If true, the binding doesn't not exist yet and is from the list of the entitlements from the parent app. typically the IdP that handles provisioning for the app instead of C1s connector. This field is part of the _implicit oneof. See the documentation for c1.api.app.v1.AppEntitlementProxy for more details.

srcAppEntitlementIdstring
optional

The srcAppEntitlementId field.

srcAppIdstring
optional

The srcAppId field.

systemBuiltinboolean
optional

The systemBuiltin field.

updatedAtstring
optional
formatdate-time
dstAppEntitlementPathstring
optional

The dstAppEntitlementPath field.

dstAppPathstring
optional

The dstAppPath field.

srcAppEntitlementPathstring
optional

The srcAppEntitlementPath field.

srcAppPathstring
optional

The srcAppPath field.

AppsConnectors

Create
post/api/v1/apps/{app_id}/connectors/create
Get
get/api/v1/apps/{app_id}/connectors/{id}
Update
post/api/v1/apps/{app_id}/connectors/{id}
List
get/api/v1/apps/{app_id}/connectors
Delete
delete/api/v1/apps/{app_id}/connectors/{id}
Create Delegated
post/api/v1/apps/{app_id}/connectors
Update Delegated
post/api/v1/apps/{connector_app_id}/connectors/{connector_id}/delegated
Force Sync
post/api/v1/apps/{app_id}/connectors/{connector_id}/force_sync
C1 API App V1 Connector
C1APIAppV1Connectorobject

A Connector is used to sync objects into Apps

ShowShow
idstring
optional

The id of the connector.

appIdstring
optional

The id of the app the connector is associated with.

catalogIdstring
optional

The catalogId describes which catalog entry this connector is an instance of. For example, every Okta connector will have the same catalogId indicating it is an Okta connector.

configobject
optional

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

Hide ParametersShow Parameters
@typestring
optional

The type of the serialized message.

createdAtstring
optional
formatdate-time
deletedAtstring
optional
formatdate-time
descriptionstring
optional

The description of the connector.

displayNamestring
optional

The display name of the connector.

downloadUrlstring
optional

The downloadUrl for a spreadsheet if the connector was created from uploading a file.

oauthAuthorizedAsauthEmailstringauthorizedAtstringC1APIAppV1OAuth2AuthorizedAs
optional

OAuth2AuthorizedAs tracks the user that OAuthed with the connector.

profileAllowListarray of string
optional

List of profile attributes to sync, when set only these attributes will be synced

profileIgnoreListarray of string
optional

List of profile attributes to ignore (not sync), when set other attributes will be synced, but these will not.

statuscompletedAtstringlastErrorstringstartedAtstringstatusenumupdatedAtstringC1APIAppV1ConnectorStatus
optional

The status field on the connector is used to track the status of the connectors sync, and when syncing last started, completed, or caused the connector to update.

syncDisabledAtstring
optional
formatdate-time
syncDisabledCategorystring
optional

The category of the connector sync that was disabled.

syncDisabledReasonstring
optional

The reason the connector sync was disabled.

updatedAtstring
optional
formatdate-time
userIdsarray of string
optional

The userIds field is used to define the integration owners of the connector.

C1 API App V1 Connector Expand Mask
C1APIAppV1ConnectorExpandMaskobject

The ConnectorExpandMask is used to expand related objects on a connector.

ShowShow
pathsarray of string
optional

Paths that you want expanded in the response. Possible values are "app_id" and "*".

C1 API App V1 Connector Service Create Response
C1APIAppV1ConnectorServiceCreateResponseobject

The ConnectorServiceCreateResponse is the response returned from creating a connector.

ShowShow
connectorViewappPathstringconnectorC1APIAppV1ConnectorusersPathstringC1APIAppV1ConnectorView
optional

The ConnectorView object provides a connector response object, as well as JSONPATHs to related objects provided by expanders.

expandedarray of object
optional

The array of expanded items indicated by the request.

Hide ParametersShow Parameters
@typestring
optional

The type of the serialized message.

C1 API App V1 Connector Service Update Response
C1APIAppV1ConnectorServiceUpdateResponseobject

ConnectorServiceUpdateResponse is the response returned by the update method.

ShowShow
connectorViewappPathstringconnectorC1APIAppV1ConnectorusersPathstringC1APIAppV1ConnectorView
optional

The ConnectorView object provides a connector response object, as well as JSONPATHs to related objects provided by expanders.

expandedarray of object
optional

The array of expanded items indicated by the request.

Hide ParametersShow Parameters
@typestring
optional

The type of the serialized message.

C1 API App V1 Connector Status
C1APIAppV1ConnectorStatusobject

The status field on the connector is used to track the status of the connectors sync, and when syncing last started, completed, or caused the connector to update.

ShowShow
completedAtstring
optional
formatdate-time
lastErrorstring
optional

The last error encountered by the connector.

startedAtstring
optional
formatdate-time
statusenum
optional
"SYNC_STATUS_UNSPECIFIED" OR "SYNC_STATUS_RUNNING" OR "SYNC_STATUS_DONE" OR 2 more

The status of the connector sync.

Hide ParametersShow Parameters
"SYNC_STATUS_UNSPECIFIED"
"SYNC_STATUS_RUNNING"
"SYNC_STATUS_DONE"
"SYNC_STATUS_ERROR"
"SYNC_STATUS_DISABLED"
updatedAtstring
optional
formatdate-time
C1 API App V1 Connector View
C1APIAppV1ConnectorViewobject

The ConnectorView object provides a connector response object, as well as JSONPATHs to related objects provided by expanders.

ShowShow
appPathstring
optional

JSONPATH expression indicating the location of the App object in the expanded array.

connectoridstringappIdstringcatalogIdstringconfigobjectcreatedAtstringdeletedAtstringdescriptionstringdisplayNamestringdownloadUrlstringoauthAuthorizedAsC1APIAppV1OAuth2AuthorizedAsprofileAllowListarray of stringprofileIgnoreListarray of stringstatusC1APIAppV1ConnectorStatussyncDisabledAtstringsyncDisabledCategorystringsyncDisabledReasonstringupdatedAtstringuserIdsarray of stringC1APIAppV1Connector
optional

A Connector is used to sync objects into Apps

usersPathstring
optional

JSONPATH expression indicating the location of the User object in the expanded array. This is the user that is a direct target of the ticket without a specific relationship to a potentially non-existent app user.

C1 API App V1 O Auth2 Authorized As
C1APIAppV1OAuth2AuthorizedAsobject

OAuth2AuthorizedAs tracks the user that OAuthed with the connector.

ShowShow
authEmailstring
optional

authEmail is the email of the user that authorized the connector using OAuth.

authorizedAtstring
optional
formatdate-time

AppsConnectorsCredentials

Rotate Credential
post/api/v1/apps/{app_id}/connectors/{connector_id}/credentials
Get Credentials
get/api/v1/apps/{app_id}/connectors/{connector_id}/credentials/{id}
Revoke Credential
post/api/v1/apps/{app_id}/connectors/{connector_id}/credentials/{id}
C1 API App V1 Connector Credential
C1APIAppV1ConnectorCredentialobject

ConnectorCredential is used by a connector to authenticate with conductor one.

ShowShow
idstring
optional

The id of the ConnectorCredential.

appIdstring
optional

The appId of the app the connector is attached to.

clientIdstring
optional

The client id of the ConnectorCredential.

connectorIdstring
optional

The connectorId of the connector the credential is associated with.

createdAtstring
optional
formatdate-time
deletedAtstring
optional
formatdate-time
displayNamestring
optional

The display name of the ConnectorCredential.

expiresTimestring
optional
formatdate-time
lastUsedAtstring
optional
formatdate-time
updatedAtstring
optional
formatdate-time

AppsConnectorsValidate Config

Validate Http Connector Config
post/api/v1/apps/connectors/validate_config/http
C1 API Editor V1 Editor Marker
C1APIEditorV1EditorMarkerobject

The EditorMarker message.

ShowShow
endColumnnumber
optional

The endColumn field.

formatint32
endLineNumbernumber
optional

The endLineNumber field.

formatint32
messagestring
optional

The message field.

severityenum
optional
"UNKNOWN" OR "HINT" OR "INFO" OR 2 more

The severity field.

Hide ParametersShow Parameters
"UNKNOWN"
"HINT"
"INFO"
"WARNING"
"ERROR"
startColumnnumber
optional

The startColumn field.

formatint32
startLineNumbernumber
optional

The startLineNumber field.

formatint32

AppsEntitlements

Create
post/api/v1/apps/{app_id}/entitlements
Get
get/api/v1/apps/{app_id}/entitlements/{id}
Update
post/api/v1/apps/{app_id}/entitlements/{id}
List
get/api/v1/apps/{app_id}/entitlements
Delete
delete/api/v1/apps/{app_id}/entitlements/{id}
Add Manually Managed Members
post/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/add-manual-user
Remove Entitlement Membership
delete/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/remove-membership
Search App Entitlements With Expired
get/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/grants
C1 API App V1 App Entitlement
C1APIAppV1AppEntitlementobject

The app entitlement represents one permission in a downstream App (SAAS) that can be granted. For example, GitHub Read vs GitHub Write.

This message contains a oneof named max_grant_duration. Only a single field of the following list may be set at a time:

  • durationUnset
  • durationGrant
ShowShow
idstring
optional

The unique ID for the App Entitlement.

aliasstring
optional

The alias of the app entitlement used by Cone. Also exact-match queryable.

appIdstring
optional

The ID of the app that is associated with the app entitlement.

appResourceIdstring
optional

The ID of the app resource that is associated with the app entitlement

appResourceTypeIdstring
optional

The ID of the app resource type that is associated with the app entitlement

certifyPolicyIdstring
optional

The ID of the policy that will be used for certify tickets related to the app entitlement.

complianceFrameworkValueIdsarray of string
optional

The IDs of different compliance frameworks associated with this app entitlement ex (SOX, HIPAA, PCI, etc.)

createdAtstring
optional
formatdate-time
defaultValuesAppliedboolean
optional

Flag to indicate if app-level access request defaults have been applied to the entitlement

deletedAtstring
optional
formatdate-time
deprovisionerPolicyconnectorobjectdelegatedobjectexternalTicketobjectmanualobjectunconfiguredunknownwebhookobjectC1APIPolicyV1ProvisionPolicy
optional

ProvisionPolicy is a oneOf that indicates how a provision step should be processed.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

  • connector
  • manual
  • delegated
  • webhook
  • multiStep
  • externalTicket
  • unconfigured
descriptionstring
optional

The description of the app entitlement.

displayNamestring
optional

The display name of the app entitlement.

durationGrantstring
optional
formatduration
durationUnsetunknown
optional
emergencyGrantEnabledboolean
optional

This enables tasks to be created in an emergency and use a selected emergency access policy.

emergencyGrantPolicyIdstring
optional

The ID of the policy that will be used for emergency access grant tasks.

grantCountstring
optional

The amount of grants open for this entitlement

formatint64
grantPolicyIdstring
optional

The ID of the policy that will be used for grant tickets related to the app entitlement.

isAutomationEnabledboolean
optional

Flag to indicate whether automation (for adding users to entitlement based on rules) has been enabled.

isManuallyManagedboolean
optional

Flag to indicate if the app entitlement is manually managed.

matchBatonIdstring
optional

The matchBatonId field.

overrideAccessRequestsDefaultsboolean
optional

Flag to indicate if the app-level access request settings have been overridden for the entitlement

provisionerPolicyconnectorobjectdelegatedobjectexternalTicketobjectmanualobjectunconfiguredunknownwebhookobjectC1APIPolicyV1ProvisionPolicy
optional

ProvisionPolicy is a oneOf that indicates how a provision step should be processed.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

  • connector
  • manual
  • delegated
  • webhook
  • multiStep
  • externalTicket
  • unconfigured
purposeenum
optional
"APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED" OR "APP_ENTITLEMENT_PURPOSE_VALUE_ASSIGNMENT" OR "APP_ENTITLEMENT_PURPOSE_VALUE_PERMISSION"

The purpose field.

Hide ParametersShow Parameters
"APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED"
"APP_ENTITLEMENT_PURPOSE_VALUE_ASSIGNMENT"
"APP_ENTITLEMENT_PURPOSE_VALUE_PERMISSION"
revokePolicyIdstring
optional

The ID of the policy that will be used for revoke tickets related to the app entitlement

riskLevelValueIdstring
optional

The riskLevelValueId field.

slugstring
optional

The slug is displayed as an oval next to the name in the frontend of C1, it tells you what permission the entitlement grants. See https://www.conductorone.com/docs/product/admin/entitlements/

sourceConnectorIdsmap
optional

Map to tell us which connector the entitlement came from.

systemBuiltinboolean
optional

This field indicates if this is a system builtin entitlement.

updatedAtstring
optional
formatdate-time
userEditedMaskstring
optional
C1 API App V1 App Entitlement Expand Mask
C1APIAppV1AppEntitlementExpandMaskobject

The app entitlement expand mask allows the user to get additional information when getting responses containing app entitlement views.

ShowShow
pathsarray of string
optional

Array of strings to describe which items to expand on the return value. Can be any combination of "*", "app_id", "app_resource_type_id", or "app_resource_id".

C1 API App V1 App Entitlement View
C1APIAppV1AppEntitlementViewobject

The app entitlement view contains the serialized app entitlement and paths to objects referenced by the app entitlement.

ShowShow
appEntitlementidstringaliasstringappIdstringappResourceIdstringappResourceTypeIdstringcertifyPolicyIdstringcomplianceFrameworkValueIdsarray of stringcreatedAtstringdefaultValuesAppliedbooleandeletedAtstringdeprovisionerPolicyC1APIPolicyV1ProvisionPolicydescriptionstringdisplayNamestringdurationGrantstringdurationUnsetunknownemergencyGrantEnabledbooleanemergencyGrantPolicyIdstringgrantCountstringgrantPolicyIdstringisAutomationEnabledbooleanisManuallyManagedbooleanmatchBatonIdstringoverrideAccessRequestsDefaultsbooleanprovisionerPolicyC1APIPolicyV1ProvisionPolicypurposeenumrevokePolicyIdstringriskLevelValueIdstringslugstringsourceConnectorIdsmapsystemBuiltinbooleanupdatedAtstringuserEditedMaskstringC1APIAppV1AppEntitlement
optional

The app entitlement represents one permission in a downstream App (SAAS) that can be granted. For example, GitHub Read vs GitHub Write.

This message contains a oneof named max_grant_duration. Only a single field of the following list may be set at a time:

  • durationUnset
  • durationGrant
appPathstring
optional

JSONPATH expression indicating the location of the App object in the array.

appResourcePathstring
optional

JSONPATH expression indicating the location of the App Resource Type object in the expanded array.

appResourceTypePathstring
optional

JSONPATH expression indicating the location of the App Resource object in the array.

C1 API App V1 List App Entitlements Response
C1APIAppV1ListAppEntitlementsResponseobject

The ListAppEntitlementsResponse message contains a list of results and a nextPageToken if applicable.

ShowShow
expandedarray of object
optional

List of related objects

Hide ParametersShow Parameters
@typestring
optional

The type of the serialized message.

listarray of appEntitlementC1APIAppV1AppEntitlementappPathstringappResourcePathstringappResourceTypePathstringC1APIAppV1AppEntitlementView
optional

The list of results containing up to X results, where X is the page size defined in the request.

nextPageTokenstring
optional

The nextPageToken is shown for the next page if the number of results is larger than the max page size. The server returns one page of results and the nextPageToken until all results are retreived. To retrieve the next page, use the same request and append a pageToken field with the value of nextPageToken shown on the previous page.

C1 API Policy V1 Multi Step
C1APIPolicyV1MultiStepobject

MultiStep indicates that this provision step has multiple steps to process.

ShowShow
provisionStepsarray of connectorobjectdelegatedobjectexternalTicketobjectmanualobjectunconfiguredunknownwebhookobjectC1APIPolicyV1ProvisionPolicy
optional

The array of provision steps to process.

C1 API Policy V1 Provision Policy
C1APIPolicyV1ProvisionPolicyobject

ProvisionPolicy is a oneOf that indicates how a provision step should be processed.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

  • connector
  • manual
  • delegated
  • webhook
  • multiStep
  • externalTicket
  • unconfigured
ShowShow
connectorobject
optional

Indicates that a connector should perform the provisioning. This object has no fields.

This message contains a oneof named provision_type. Only a single field of the following list may be set at a time:

  • defaultBehavior
  • account
  • deleteAccount
Hide ParametersShow Parameters
accountobject
optional

The AccountProvision message.

This message contains a oneof named storage_type. Only a single field of the following list may be set at a time:

  • saveToVault
  • doNotSave
Hide ParametersShow Parameters
configmap
optional
connectorIdstring
optional

The connectorId field.

doNotSaveunknown
optional

The DoNotSave message.

saveToVaultobject
optional

The SaveToVault message.

Hide ParametersShow Parameters
vaultIdsarray of string
optional

The vaultIds field.

schemaIdstring
optional

The schemaId field.

defaultBehaviorobject
optional

The DefaultBehavior message.

Hide ParametersShow Parameters
connectorIdstring
optional

this checks if the entitlement is enabled by provisioning in a specific connector this can happen automatically and doesn't need any extra info

deleteAccountobject
optional

The DeleteAccount message.

Hide ParametersShow Parameters
connectorIdstring
optional

The connectorId field.

delegatedobject
optional

This provision step indicates that we should delegate provisioning to the configuration of another app entitlement. This app entitlement does not have to be one from the same app, but MUST be configured as a proxy binding leading into this entitlement.

Hide ParametersShow Parameters
appIdstring
optional

The AppID of the entitlement to delegate provisioning to.

entitlementIdstring
optional

The ID of the entitlement we are delegating provisioning to.

implicitboolean
optional

If true, a binding will be automatically created from the entitlement of the parent app.

externalTicketobject
optional

This provision step indicates that we should check an external ticket to provision this entitlement

Hide ParametersShow Parameters
appIdstring
optional

The appId field.

connectorIdstring
optional

The connectorId field.

externalTicketProvisionerConfigIdstring
optional

The externalTicketProvisionerConfigId field.

instructionsstring
optional

This field indicates a text body of instructions for the provisioner to indicate.

manualobject
optional

Manual provisioning indicates that a human must intervene for the provisioning of this step.

Hide ParametersShow Parameters
instructionsstring
optional

This field indicates a text body of instructions for the provisioner to indicate.

userIdsarray of string
optional

An array of users that are required to provision during this step.

unconfiguredunknown
optional

The UnconfiguredProvision message.

webhookobject
optional

This provision step indicates that a webhook should be called to provision this entitlement.

Hide ParametersShow Parameters
webhookIdstring
optional

The ID of the webhook to call for provisioning.

AppsEntitlementsAutomation

Create Automation
post/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/automation/create
Update Automation
post/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/automation/update
Get Automation
get/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/automation
Delete Automation
delete/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/automation
C1 API App V1 App Entitlement Automation
C1APIAppV1AppEntitlementAutomationobject

The AppEntitlementAutomation message.

This message contains a oneof named conditions. Only a single field of the following list may be set at a time:

  • none
  • entitlements
  • cel
  • basic
ShowShow
appEntitlementIdstring
optional

The unique ID for the App Entitlement.

appIdstring
optional

The ID of the app that is associated with the app entitlement.

basicexpressionstringC1APIAppV1AppEntitlementAutomationRuleBasic
optional

The AppEntitlementAutomationRuleBasic message.

celexpressionstringC1APIAppV1AppEntitlementAutomationRuleCel
optional

The AppEntitlementAutomationRuleCEL message.

createdAtstring
optional
formatdate-time
deletedAtstring
optional
formatdate-time
descriptionstring
optional

The description of the app entitlement.

displayNamestring
optional

The display name of the app entitlement.

entitlementsentitlementRefsarray of AppEntitlementRefC1APIAppV1AppEntitlementAutomationRuleEntitlement
optional

The AppEntitlementAutomationRuleEntitlement message.

lastRunStatusobject
optional

The AppEntitlementAutomationLastRunStatus message.

Hide ParametersShow Parameters
errorMessagestring
optional

The errorMessage field.

lastCompletedAtstring
optional
formatdate-time
statusenum
optional
"APP_ENTITLEMENT_AUTOMATION_RUN_STATUS_UNSPECIFIED" OR "APP_ENTITLEMENT_AUTOMATION_RUN_STATUS_SUCCESS" OR "APP_ENTITLEMENT_AUTOMATION_RUN_STATUS_FAILED" OR "APP_ENTITLEMENT_AUTOMATION_RUN_STATUS_IN_PROGRESS"

The status field.

Hide ParametersShow Parameters
"APP_ENTITLEMENT_AUTOMATION_RUN_STATUS_UNSPECIFIED"
"APP_ENTITLEMENT_AUTOMATION_RUN_STATUS_SUCCESS"
"APP_ENTITLEMENT_AUTOMATION_RUN_STATUS_FAILED"
"APP_ENTITLEMENT_AUTOMATION_RUN_STATUS_IN_PROGRESS"
noneunknown
optional

The AppEntitlementAutomationRuleNone message.

updatedAtstring
optional
formatdate-time
C1 API App V1 App Entitlement Automation Rule Basic
C1APIAppV1AppEntitlementAutomationRuleBasicobject

The AppEntitlementAutomationRuleBasic message.

ShowShow
expressionstring
optional

The expression field.

C1 API App V1 App Entitlement Automation Rule Cel
C1APIAppV1AppEntitlementAutomationRuleCelobject

The AppEntitlementAutomationRuleCEL message.

ShowShow
expressionstring
optional

The expression field.

C1 API App V1 App Entitlement Automation Rule Entitlement
C1APIAppV1AppEntitlementAutomationRuleEntitlementobject

The AppEntitlementAutomationRuleEntitlement message.

ShowShow
entitlementRefsarray of idstringappIdstringAppEntitlementRef
optional

The entitlementRefs field.

AppsEntitlementsAutomationExclusions

Add Automation Exclusion
post/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/automation/exclusions
List Automation Exclusions
get/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/automation/exclusions
Remove Automation Exclusion
delete/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/automation/exclusions

AppsEntitlementsOwners

Set
put/api/v1/apps/{app_id}/entitlements/{entitlement_id}/owners
List
get/api/v1/apps/{app_id}/entitlements/{entitlement_id}/owners
Remove
delete/api/v1/apps/{app_id}/entitlements/{entitlement_id}/owners/{user_id}
Add
post/api/v1/apps/{app_id}/entitlements/{entitlement_id}/owners
C1 API User V1 User
C1APIUserV1Userobject

The User object provides all of the details for an user, as well as some configuration.

ShowShow
idstring
optional

A unique identifier of the user.

createdAtstring
optional
formatdate-time
delegatedUserIdstring
optional

The id of the user to whom tasks will be automatically reassigned to.

deletedAtstring
optional
formatdate-time
departmentstring
optional

The department which the user belongs to in the organization.

departmentSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of objects mapped based on department attribute mappings configured in the system.

directoryIdsarray of string
optional

A list of unique ids that represent different directories.

directoryStatusenum
optional
"UNKNOWN" OR "ENABLED" OR "DISABLED" OR "DELETED"

The status of the user in the directory.

Hide ParametersShow Parameters
"UNKNOWN"
"ENABLED"
"DISABLED"
"DELETED"
directoryStatusSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of objects mapped based on directoryStatus attribute mappings configured in the system.

displayNamestring
optional

The display name of the user.

emailstring
optional

This is the user's email.

emailsarray of string
optional

This is a list of all of the user's emails from app users.

emailSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of source data for the email attribute.

employeeIdsarray of string
optional

This is a list of all of the user's employee IDs from app users.

employeeIdSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of source data for the employee IDs attribute.

employmentStatusstring
optional

The users employment status.

employmentStatusSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of objects mapped based on employmentStatus attribute mappings configured in the system.

employmentTypestring
optional

The employment type of the user.

employmentTypeSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of objects mapped based on employmentType attribute mappings configured in the system.

jobTitlestring
optional

The job title of the user.

jobTitleSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of objects mapped based on jobTitle attribute mappings configured in the system.

managerIdsarray of string
optional

A list of ids of the user's managers.

managerSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of objects mapped based on managerId attribute mappings configured in the system.

profilemap
optional
roleIdsarray of string
optional

A list of unique identifiers that maps to ConductorOne's user roles let you assign users permissions tailored to the work they do in the software.

statusenum
optional
"UNKNOWN" OR "ENABLED" OR "DISABLED" OR "DELETED"

The status of the user in the system.

Hide ParametersShow Parameters
"UNKNOWN"
"ENABLED"
"DISABLED"
"DELETED"
typeenum
optional
"USER_TYPE_UNSPECIFIED" OR "USER_TYPE_SYSTEM" OR "USER_TYPE_HUMAN" OR 2 more

The type of the user.

Hide ParametersShow Parameters
"USER_TYPE_UNSPECIFIED"
"USER_TYPE_SYSTEM"
"USER_TYPE_HUMAN"
"USER_TYPE_SERVICE"
"USER_TYPE_AGENT"
updatedAtstring
optional
formatdate-time
usernamestring
optional

This is the user's primary username. Typically sourced from the primary directory.

usernamesarray of string
optional

This is a list of all of the user's usernames from app users.

usernameSourcesarray of appIdstringappUserIdstringappUserProfileAttributeKeystringuserAttributeMappingIdstringvaluestringC1APIUserV1UserAttributeMappingSource
optional

A list of source data for the usernames attribute.

C1 API User V1 User Attribute Mapping Source
C1APIUserV1UserAttributeMappingSourceobject

The UserAttributeMappingSource message.

ShowShow
appIdstring
optional

The appId field.

appUserIdstring
optional

The appUserId field.

appUserProfileAttributeKeystring
optional

The appUserProfileAttributeKey field.

userAttributeMappingIdstring
optional

The userAttributeMappingId field.

valuestring
optional

The value field.

AppsEntitlementsResource Types

List For App Resource
get/api/v1/apps/{app_id}/entitlements/resource_types/{app_resource_type_id}/resources/{app_resource_id}

AppsEntitlementsUsers

List For App User
get/api/v1/apps/{app_id}/entitlements/users/{app_user_id}
List Users
Deprecated
get/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/users
Remove Grant Duration
post/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/users/{app_user_id}/remove-grant-duration
List App Users For Identity With Grant
get/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/users/{identity_user_id}/grants
Update Grant Duration
post/api/v1/apps/{app_id}/entitlements/{app_entitlement_id}/users/{app_user_id}/update-grant-duration
C1 API App V1 App Entitlement User Binding
C1APIAppV1AppEntitlementUserBindingobject

The AppEntitlementUserBinding represents the relationship that gives an app user access to an app entitlement

ShowShow
appEntitlementIdstring
optional

The ID of the app entitlement that the app user has access to

appIdstring
optional

The ID of the app associated with the app entitlement

appUserIdstring
optional

The ID of the app user that has access to the app entitlement

createdAtstring
optional
formatdate-time
deletedAtstring
optional
formatdate-time
deprovisionAtstring
optional
formatdate-time
grantSourcesarray of idstringappIdstringAppEntitlementRef
optional

The grantSources field.

C1 API App V1 App Entitlement User View
C1APIAppV1AppEntitlementUserViewobject

The AppEntitlementUserView (aka grant view) describes the relationship between an app user and an entitlement. They have more recently been referred to as grants.

ShowShow
appEntitlementUserBindingCreatedAtstring
optional
formatdate-time
appEntitlementUserBindingDeprovisionAtstring
optional
formatdate-time
appUserappPathstringappUserC1APIAppV1AppUseridentityUserPathstringlastUsagePathstringC1APIAppV1AppUserView
optional

The AppUserView contains an app user as well as paths for apps, identity users, and last usage in expanded arrays.

grantSourcesarray of idstringappIdstringAppEntitlementRef
optional

List of sources for the grant, ie. groups, roles, etc.

AppsOwners

Set
put/api/v1/apps/{app_id}/owners
Add
post/api/v1/apps/{app_id}/owners/{user_id}
List
get/api/v1/apps/{app_id}/owners
Remove
delete/api/v1/apps/{app_id}/owners/{user_id}

AppsReport

Generate Report
post/api/v1/apps/{app_id}/report
List
get/api/v1/apps/{app_id}/report

AppsResource Types

Create Manually Managed Resource Type
post/api/v1/apps/{app_id}/resource_types
Get
get/api/v1/apps/{app_id}/resource_types/{id}
Update Manually Managed Resource Type
post/api/v1/apps/{app_id}/resource_types/{id}
List
get/api/v1/apps/{app_id}/resource_types
Delete Manually Managed Resource Type
delete/api/v1/apps/{app_id}/resource_types/{id}
C1 API App V1 App Resource Type
C1APIAppV1AppResourceTypeobject

The AppResourceType is referenced by an app entitlement defining its resource types. Commonly things like Group or Role.

ShowShow
idstring
optional

The unique ID for the app resource type.

appIdstring
optional

The ID of the app that is associated with the app resource type

createdAtstring
optional
formatdate-time
deletedAtstring
optional
formatdate-time
displayNamestring
optional

The display name of the app resource type.

traitIdsarray of string
optional

Associated trait ids

updatedAtstring
optional
formatdate-time
C1 API App V1 App Resource Type View
C1APIAppV1AppResourceTypeViewobject

The AppResourceTypeView message.

ShowShow
appPathstring
optional

JSONPATH expression indicating the location of the App object in the array

appResourceTypeidstringappIdstringcreatedAtstringdeletedAtstringdisplayNamestringtraitIdsarray of stringupdatedAtstringC1APIAppV1AppResourceType
optional

The AppResourceType is referenced by an app entitlement defining its resource types. Commonly things like Group or Role.

AppsResource TypesResources

Create Manually Managed App Resource
post/api/v1/apps/{app_id}/resource_types/{app_resource_type_id}/resources
Get
get/api/v1/apps/{app_id}/resource_types/{app_resource_type_id}/resources/{id}
Update
post/api/v1/apps/{app_id}/resource_types/{app_resource_type_id}/resources/{id}
List
get/api/v1/apps/{app_id}/resource_types/{app_resource_type_id}/resources
Delete Manually Managed App Resource
delete/api/v1/apps/{app_id}/resource_types/{app_resource_type_id}/resources/{id}
C1 API App V1 App Resource
C1APIAppV1AppResourceobject

The app resource message is a single resource that can have entitlements.

This message contains a oneof named metadata. Only a single field of the following list may be set at a time:

  • secretTrait
ShowShow
idstring
optional

The id of the resource.

appIdstring
optional

The app that this resource belongs to.

appResourceTypeIdstring
optional

The resource type that this resource is.

createdAtstring
optional
formatdate-time
customDescriptionstring
optional

A custom description that can be set for a resource.

deletedAtstring
optional
formatdate-time
descriptionstring
optional

The description set for the resource.

displayNamestring
optional

The display name for this resource.

grantCountstring
optional

The number of grants to this resource.

formatint64
matchBatonIdstring
optional

The matchBatonId field.

parentAppResourceIdstring
optional

The parent resource id, if this resource is a child of another resource.

parentAppResourceTypeIdstring
optional

The parent resource type id, if this resource is a child of another resource.

secretTraitobject
optional

The SecretTrait message.

Hide ParametersShow Parameters
identityAppUserIdstring
optional

The identityAppUserId field.

lastUsedAtstring
optional
formatdate-time
secretCreatedAtstring
optional
formatdate-time
secretExpiresAtstring
optional
formatdate-time
updatedAtstring
optional
formatdate-time
C1 API App V1 App Resource View
C1APIAppV1AppResourceViewobject

The app resource view returns an app resource with paths for items in the expand mask filled in when this response is returned and a request expand mask has "*" or "app_id" or "resource_type_id".

ShowShow
appPathstring
optional

JSONPATH expression indicating the location of the App object in the array

appResourceidstringappIdstringappResourceTypeIdstringcreatedAtstringcustomDescriptionstringdeletedAtstringdescriptionstringdisplayNamestringgrantCountstringmatchBatonIdstringparentAppResourceIdstringparentAppResourceTypeIdstringsecretTraitobjectupdatedAtstringC1APIAppV1AppResource
optional

The app resource message is a single resource that can have entitlements.

This message contains a oneof named metadata. Only a single field of the following list may be set at a time:

  • secretTrait
parentResourcePathstring
optional

JSONPATH expression indicating the location of the Parent Resource object in the array

parentResourceTypePathstring
optional

JSONPATH expression indicating the location of the Parent Resource Type object in the array

resourceTypePathstring
optional

JSONPATH expression indicating the location of the Resource Type object in the array

AppsResource TypesResourcesOwners

Add
post/api/v1/apps/{app_id}/resource_types/{resource_type_id}/resource/{resource_id}/owners
List
get/api/v1/apps/{app_id}/resource_types/{resource_type_id}/resource/{resource_id}/owners
Remove
delete/api/v1/apps/{app_id}/resource_types/{resource_type_id}/resource/{resource_id}/owners

AppsUsage Controls

Update
post/api/v1/apps/{app_id}/usage_controls
Get
get/api/v1/apps/{app_id}/usage_controls
C1 API App V1 App Usage Controls
C1APIAppV1AppUsageControlsobject

The AppUsageControls object describes some peripheral configuration for an app.

ShowShow
appIdstring
optional

The app that this object belongs to.

notifyboolean
optional

Whether or not to notify some if they have access to the app, but has not used it within a configurable amount of time.

notifyAfterDaysnumber
optional

The duration in days after which we notify users of nonusage.

formatuint32
revokeboolean
optional

Whether or not to revoke a grant if they have access to the app, but has not used it within a configurable amount of time.

revokeAfterDaysnumber
optional

The duration in days after which we revoke users that have not used that grant.

formatuint32

AppsUsers

List App Users For User
get/api/v1/apps/{app_id}/users/{user_id}/app_users