POST OAuth/EnumerateRules

Enumerates all rules for a particular application.

Requirements

  • Roles: Admin, Grant Admin, Auditor, or Application Owner. See OAuth roles for more information.
  • Token scope:  Admin

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

NOTE  Only one of the required parameters must passed.

Body parameters

Name

Description

ApplicationID

string

(Required) The ID of the application.

Count

integer

(Required) The number of results to show per page. Request a specific page using the Start parameter.

GranteePrefixedUniversal

string

(Required) The prefixed universal for the identity whose grants will be enumerated.

Descending

boolean

Set to true to return results in descending order, false (default) to return in ascending order.

MaximumScope

string

Results must match the string passed.

NoExpire

boolean

Set to true to return rules with grants that don't expire.

OrderBy

integer

The field for the rules to be ordered by. The following values can be passed:

  • 0: No order specified (default)

  • 3: Order results by access validity

  • 4: Order results by grant validity

Renewable

boolean

Set to true to return results rules that are renewable, false to return results that are not renewable. Rules that do not have a renewable value set will be excluded from the results.

Start

integer

The page of results to display. The Count parameter is required, and it will determine the number of results to show per page.

Returns

Response description

Name

Description

HTTP 200

See OAuth result codes.

A Rules array is returned with a list of rules. For descriptions of each value in the response, see the Parameters section of POST OAuth/CreateRule.

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • Error

    • invalid_request: The request is missing a required parameter or is otherwise malformed.

  • Error_description: If available, additional information about how to retry the request.

HTTP 401

For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body:

  • Error

    • invalid_token: The access token is missing, or the provided token is expired, revoked, malformed, or invalid for other reasons.

    • insufficient_rights: The underlying user account does not have sufficient permissions for this request.

  • error_description: If available, additional information about how to retry the request.

HTTP 403

If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/Oauth with the correct scope and restriction. Update the header with the new token and retry.

  • Error

    • insufficient_scope: The request requires a greater scope than provided by the access token.

  • error_description: If available, additional information about how to retry the request.

Examples

Request examples

Return all rules for a user

POST /vedsdk/oauth/enumeraterules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==
				
{
  "TrusteePrefixedUniversal": "local:{23cbc293-90f9-4e77-95a7-6cf5d9a4bd2e}"
}

Return all rules for an application

POST /vedsdk/oauth/enumeraterules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==
				
{
  "ApplicationId": "VenafiMMCEventViewer"
}

Return all rules that match all parameters

POST /vedsdk/oauth/enumeraterules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==
{
  "ApplicationId": "SSHManage",
  "TrusteePrefixedUniversal": "local:{23cbc293-90f9-4e77-95a7-6cf5d9a4bd2e}",
  "AccessValidity": 31557600,
  "Description": "This is the decription for this application",
  "GrantValidity": 7776000,
  "MaximumScope": "ssh:approve,delete,discover,manage",
  "Renewable": true
}

Response example

Sample response for request to return the SSHManage application

{
  "Result": 0,
  "Rules": [
    {
      "AccessValidity": 21557600,
      "ApplicationId": "SSHManage",
      "Description": "Rule for User 2",
      "GrantValidity": 2776000,
      "MaximumScope": "ssh:discover",
      "Renewable": true,
      "TrusteePrefixedUniversal": "local:{5371f67c-c194-49e2-9c1a-e25c8b0e2e32}"
    },
    {
      "AccessValidity": 11557600,
      "ApplicationId": "SSHManage",
      "Description": "Rule for User 1",
      "GrantValidity": 1776000,
      "MaximumScope": "ssh:discover",
      "Renewable": false,
      "TrusteePrefixedUniversal": "local:{23cbc293-90f9-4e77-95a7-6cf5d9a4bd2e}"
    },
    {
      "AccessValidity": 31557600,
      "ApplicationId": "SSHManage",
      "Description": "Rule for User 3",
      "GrantValidity": 3776000,
      "MaximumScope": "ssh:discover",
      "Renewable": false,
      "TrusteePrefixedUniversal": "local:{e818fecb-54fc-43e0-b16f-372032fda588}"
    }
  ],
  "Success": true
}