Authorization API

The Authorization API provides programmatic access to API Portal entities which let you perform operations related to role-based access control. For example, you can add permissions for a role to delete applications. This will allow users who have that role in a given organization to be able to delete applications. You can call the Authorization API from your external client application, or you can try it out using the API Explorer in the aan.
apip45
The Authorization API provides programmatic access to API Portal entities which let you perform operations related to role-based access control. For example, you can add permissions for a role to delete applications. This will allow users who have that role in a given organization to be able to delete applications. You can call the Authorization API from your external client application, or you can try it out using the API Explorer.
Have you considered Org Publisher?
In API Portal release 4.5 and higher, the new Org Publisher role allows you to grant CRUD permissions to users belonging to a specific organization. You may want to utilize this new role in lieu of the Authorization API. See User Types, Roles and Permissions for details on the Org Publisher role.
You can add or remove the following permissions to the organization administrator role: Create, update, and delete APIs in their organization using the Authorization API. The create, update, and delete privileges are not available by default for this role. You cannot remove default permissions from the role using the Authorization API.
The following RESTful resources are included in the API:
  • Permitted
    Use this resource to check if a permission (such as the ability to delete APIs) is granted for a specific role (such as API Owner).
  • Roles
    Use this resource to retrieve all roles, retrieve all permissions for a specific role, and retrieve or update permissions to a specific entity (such as API).
Requests and responses are in JSON format.
You can use the Authorization API to distribute role memberships in your organization. Role permissions are reflected in the Portal interface, as well as while making Portal API calls.
Access the Authorization API using the API Explorer.
You can try out the Authorization API using the API Explorer.
Follow these steps:
  1. Log in to the API Portal as a Portal administrator for the intended tenant.
  2. Select
    Portal API
    .
  3. Select the
    Portal
    Authorization API
    option from the
    API
    drop-down list.
The API Explorer appears in the right pane, showing the Authorization API. You have access the PAPI using the API Explorer.
Authentication
Authorization API calls require a valid OAuth token.
For more information about OAuth tokens, see the OAuth Community site.
Example
You can download a sample Swagger JSON file describing the current Authorization API from rbac-swagger-4.1.4.json.
For more information about the Swagger (OpenAPI) specification, see the Swagger website.
{ "swagger":"2.0", "info": { "version": "", "title": "" }, "host":"PORTAL_ENTERPRISE:8080", "basePath":"/rbac", "tags":[ { "name":"Authorization API", "description":"Role based access control operations" } ], "paths":{ "/Permitted/{roleUuId}":{ "post":{ "tags":[ "Authorization API" ], "summary":"Check if operation is allowed for a specific role", "operationId":"permissionsForRoleEntityTypeUsingPOST", "consumes":[ "application/json" ], "produces":[ "application/json" ], "parameters":[ { "name":"roleUuId", "in":"path", "description":"Unique identifier for the role", "required":true, "type":"string" }, { "in":"body", "name":"Permission", "description":"The role permission object, consisting of `entity` (describing the entity for which the role is applied, e.g. `API`) and `operation` (the `CREATE`, `READ`, `UPDATE` or `DELETE` permission for `entity`)", "required":true, "schema":{ "$ref":"#/definitions/Permission" } } ], "responses":{ "200":{ "description":"Success", "schema":{ "$ref":"#/definitions/Response" }, "examples": { "application/json": { "granted": true } } }, "400":{ "description":"Bad Request", "schema":{ "$ref":"#/definitions/ErrorResponse" } }, "500":{ "description":"Server Failure" } } } }, "/Roles":{ "get":{ "tags":[ "Authorization API" ], "summary":"Get roles", "operationId":"rolesUsingGET", "consumes":[ "application/json" ], "produces":[ "application/json" ], "responses":{ "200":{ "description":"Success", "schema":{ "$ref":"#/definitions/Roles" }, "examples": { "application/json": { "roles": [ { "roleId": "00000001-0001-0001-0001-000000000001", "roleName": "portaladministrators", "roleDescription": "Portal Administrator" }, { "roleId": "00000004-0004-0004-0004-000000000004", "roleName": "apiowners", "roleDescription": "API Owner" }, { "roleId": "00000005-0005-0005-0005-000000000005", "roleName": "devorgadministrators", "roleDescription": "Developer Organization Administrator" }, { "roleId": "00000006-0006-0006-0006-000000000006", "roleName": "developers", "roleDescription": "Portal Developer" } ] } } }, "400":{ "description":"Bad Request", "schema":{ "$ref":"#/definitions/ErrorResponse" } }, "500":{ "description":"Server Failure" } } } }, "/Roles/{roleUuId}/Entity/{entityType}/Permissions":{ "get":{ "tags":[ "Authorization API" ], "summary":"Get a list of permissions for a specific role and entity", "operationId":"getRolePermissionsForRoleEntityTypeUsingGET", "consumes":[ "application/json" ], "produces":[ "application/json" ], "parameters":[ { "name":"roleUuId", "in":"path", "description":"Unique identifier for the role", "required":true, "type":"string" }, { "name":"entityType", "in":"path", "description":"The entity type. Only `API` is currently supported", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"Success", "schema":{ "$ref":"#/definitions/RolePermissions" }, "examples": { "application/json": { "roles": [ { "roleId": "00000004-0004-0004-0004-000000000004", "roleName": "apiowners", "roleDescription": "API Owner", "permissions": [ { "entity": "API", "operation": "CREATE" }, { "entity": "API", "operation": "DELETE" }, { "entity": "API", "operation": "READ" }, { "entity": "API", "operation": "UPDATE" } ] } ] } } }, "400":{ "description":"Bad Request", "schema":{ "$ref":"#/definitions/ErrorResponse" } }, "500":{ "description":"Server Failure" } } }, "put":{ "tags":[ "Authorization API" ], "summary":"Update permissions for a specific role and entity", "operationId":"assignRolePermissionsUsingPUT", "consumes":[ "application/json" ], "parameters":[ { "name":"roleUuId", "in":"path", "description":"Unique identifier for the role. Only Developers are currently supported", "required":true, "type":"string" }, { "name":"entityType", "in":"path", "description":"The entity type. Only `API` is currently supported", "required":true, "type":"string" }, { "in":"body", "name":"RolePermissions", "description":"Permissions (`entity` and `operation` values) to update for the role and entity", "required":true, "schema":{ "$ref":"#/definitions/RolePermissions" } } ], "responses":{ "200":{ "description":"Success" }, "400":{ "description":"Bad Request", "schema":{ "$ref":"#/definitions/ErrorResponse" } }, "500":{ "description":"Server Failure" } } } }, "/Roles/{roleUuId}/Permissions":{ "get":{ "tags":[ "Authorization API" ], "summary":"Get a list of permissions for a role", "operationId":"permissionsForRoleUsingGET", "consumes":[ "application/json" ], "produces":[ "application/json" ], "parameters":[ { "name":"roleUuId", "in":"path", "description":"Unique identifier for the role", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"Success", "schema":{ "$ref":"#/definitions/RolePermissions" }, "examples": { "application/json": { "roles": [ { "roleId":"00000004-0004-0004-0004-000000000004", "roleName":"apiowners", "roleDescription":"API Owner", "permissions":[ { "entity":"API", "operation":"CREATE" }, { "entity":"API", "operation":"DELETE" }, { "entity":"API", "operation":"READ" }, { "entity":"API", "operation":"UPDATE" } ] } ] } } }, "400":{ "description":"Bad Request", "schema":{ "$ref":"#/definitions/ErrorResponse" } }, "500":{ "description":"Server Failure" } } } } }, "definitions":{ "RoleWithPermissions":{ "type":"object", "properties":{ "permissions":{ "type":"array", "description" : "Permissions for this role", "items":{ "$ref":"#/definitions/Permission" } }, "roleDescription":{ "type":"string", "description" : "The role description" }, "roleId":{ "type":"string", "description" : "The unique role UUID" }, "roleName":{ "type":"string", "description" : "The role name" } } }, "RolePermissions":{ "type":"object", "properties":{ "roles":{ "type":"array", "description" : "Portal roles with permissions", "items":{ "$ref":"#/definitions/RoleWithPermissions" } } } }, "Role":{ "type":"object", "properties":{ "roleDescription":{ "type":"string", "description" : "The role description" }, "roleId":{ "type":"string", "description" : "The unique role UUID" }, "roleName":{ "type":"string", "description" : "The role name" } } }, "Roles":{ "type":"object", "properties":{ "roles":{ "type":"array", "description" : "Portal roles", "items":{ "$ref":"#/definitions/Role" } } } }, "Permission":{ "type":"object", "properties":{ "entity":{ "type":"string", "description" : "The entity type. Only `API` is currently supported" }, "operation":{ "type":"string", "description" : "`CREATE`, `READ`, `UPDATE` or `DELETE` operation on the entity type" } } }, "Response":{ "type":"object", "properties":{ "granted":{ "type":"boolean", "description" : "Indicates whether the permission was granted" } } }, "Error":{ "type":"object", "properties":{ "code":{ "type":"integer", "format":"int32", "description" : "Error code" }, "message":{ "type":"string", "description" : "Error message" } } }, "ErrorResponse":{ "type":"object", "description" : "Error response", "properties":{ "error":{ "$ref":"#/definitions/Error" } } } } }