Access Request API
The Access Request API allows to create access requests for specific roles or resource instances. It also assigns relevant moderators to approve or deny user requests based on your decision.
You can also find information about the Access Requests API in the Permit Redoc.
Initializing Permit
To use Permit Elements, you need to be a user of Permit. When starting to use Permit, you will need to initialize an instance of Permit in your backend logic. This only needs to be done once, both to use Permit and Elements. Remember to copy your SDK Secret Key
and pass it into the initialized Permit object.
1
2
3
4
const { Permit } = require("permitio");
const permit = new Permit(
{token: permit_key_SECRET}
);
Server-side Login Route
To allow your client to loginAs
themselves and get access to the Permit Element you will need to create a route in your backend server.
The backend loginAs
route is matched based on the Authentication methods you have implemented inside your App.
Most applications authenticate using a Bearer Token or Cookies, but you can also use any other HTTP Security Header.
Make sure you use the right code example below depending on your authentication method.
The loginAs
function takes two parameters - a unique userId
you get from your JWT (JSON Web Token), and a tenant_key
or tenantId
.
permit.elements.loginAs({ userId, tenant });
The user must belong to the tenant that they will be logged into. If not, you will see a login error saying USER_NOT_FOUND
.
If the user gets logged out, they also exit the current tenant specified in the loginAs
method. If you want to change tenants for
a user, you need to log them out, and log them back in to a different tenant.
Passing in the tenant is compulsory when logging in a user server-side.
API requests
To use the Access Requests API, follow these steps:
Get your API_SECRET_KEY
from the dashboard and get the current project_id
and env_id
.
Replace API_SECRET_KEY
with the key from the Permit dashboard, as well as the project_id
and env_id
you got from the API in the following commands.
Creating an Access Request
To create a new access request, make a POST request to the following with the required data.
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/access_requests' \
-H 'cookie: <COOKIE FROM LOGIN>'
-H 'element_id: ELEMENTS_CONFIG_ID'
-data-raw
{
"access_request_details": {
"tenant": "34f5c98e-f430-457b-a812-92637d0c6fd0",
"resource": "4d5215ed-38bb-48ed-879a-fdb9ca58522f",
"resource_instance": "2d98d9f8-e1b7-4f1d-baad-2edbf6fa6c66",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
},
"reason": "done onboarding",
} \
The return access request object will look like this:
{
"requesting_user_id": "1c1e4ada-f282-40e6-b3b7-20b3a51c93b5",
"access_request_details": {
"tenant": "34f5c98e-f430-457b-a812-92637d0c6fd0",
"resource": "4d5215ed-38bb-48ed-879a-fdb9ca58522f",
"resource_instance": "2d98d9f8-e1b7-4f1d-baad-2edbf6fa6c66",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
},
"reason": "done onboarding",
"org_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"project_id": "405d8375-3514-403b-8c43-83ae74cfe0e9",
"env_id": "40ef0e48-a11f-4963-a229-e396c9f7e7c4",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"status": null,
"reviewer_user_id": null,
"reviewed_at": null,
"reviewer_comment": null,
}
The user who creates the access request must be in the tenant that the access request is for.
Reviewer actions:
1. Get an Access Request
To get a specific access request, make a GET request to the following.
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/access_requests/{access_request_id}' \
-H 'cookie: <COOKIE FROM LOGIN>'
-H 'element_id: ELEMENTS_CONFIG_ID'
The return access request object will look like this:
{
"requesting_user_id": "1c1e4ada-f282-40e6-b3b7-20b3a51c93b5",
"access_request_details": {
"tenant": "34f5c98e-f430-457b-a812-92637d0c6fd0",
"resource": "4d5215ed-38bb-48ed-879a-fdb9ca58522f",
"resource_instance": "2d98d9f8-e1b7-4f1d-baad-2edbf6fa6c66",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
},
"reason": "string",
"org_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"project_id": "405d8375-3514-403b-8c43-83ae74cfe0e9",
"env_id": "40ef0e48-a11f-4963-a229-e396c9f7e7c4",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"status": "approved",
"reviewer_user_id": "1b287364-14ff-4b72-8953-b40399093a6f",
"reviewed_at": "2019-08-24T14:15:22Z",
"reviewer_comment": "new employee",
}
2. Get all the Access Requests
You can filter access requests by passing the following headers:
status
- Status of the access requesttenant
- Tenant key of the access requestrole
- Role key of the access requestresource
- Resource key of the access requestresource_instance
- Resource instance key of the access request
To get a list of access requests, make the following GET request:
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/access_requests' \
-H 'cookie: <COOKIE FROM LOGIN>'
-H 'element_id: ELEMENTS_CONFIG_ID'
-H 'status: Status of the access request'
-H 'tenant: Tenant key of the access request'
-H 'role: Role key of the access request'
-H 'resource: Resource key of the access request'
-H 'resource_instance: Resource instance key of the access request'
-H 'page: Page number of the results to fetch' #Default: 1
-H 'per_page: The number of results per page (max 100)' #Default: 30
The return access request object will look like this:
{
"data": [
{
"requesting_user_id": "1c1e4ada-f282-40e6-b3b7-20b3a51c93b5",
"access_request_details": {
"tenant": "34f5c98e-f430-457b-a812-92637d0c6fd0",
"resource": "4d5215ed-38bb-48ed-879a-fdb9ca58522f",
"resource_instance": "2d98d9f8-e1b7-4f1d-baad-2edbf6fa6c66",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
},
"reason": "done onboarding",
"org_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"project_id": "405d8375-3514-403b-8c43-83ae74cfe0e9",
"env_id": "40ef0e48-a11f-4963-a229-e396c9f7e7c4",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"status": "approved",
"reviewer_user_id": "1b287364-14ff-4b72-8953-b40399093a6f",
"reviewed_at": "2019-08-24T14:15:22Z",
"reviewer_comment": "new employee",
}
],
"total_count": 1,
"page_count": 1
}
Users who are not designated as reviewers will only have visibility into their own access requests.
3. Updating Reviewer details in the Access Request
To update an access request, make the following PATCH request (data is optional):
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/access_requests/{access_request_id}/reviewer' \
-H 'cookie: <COOKIE FROM LOGIN>'
-H 'element_id: ELEMENTS_CONFIG_ID'
--data-raw
"reviewer_comment": "new employee",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
} \
The return access request object will look like this:
{
"requesting_user_id": "1c1e4ada-f282-40e6-b3b7-20b3a51c93b5",
"access_request_details": {
"tenant": "34f5c98e-f430-457b-a812-92637d0c6fd0",
"resource": "4d5215ed-38bb-48ed-879a-fdb9ca58522f",
"resource_instance": "2d98d9f8-e1b7-4f1d-baad-2edbf6fa6c66",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
},
"reason": "done onboarding",
"org_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"project_id": "405d8375-3514-403b-8c43-83ae74cfe0e9",
"env_id": "40ef0e48-a11f-4963-a229-e396c9f7e7c4",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"status": "approved",
"reviewer_user_id": "1b287364-14ff-4b72-8953-b40399093a6f",
"reviewed_at": "2019-08-24T14:15:22Z",
"reviewer_comment": "new employee",
}
4. Approve Access Request
To approve an access request, make the following PUT request (data is optional):
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/access_requests/{access_request_id}/approve' \
-H 'cookie: <COOKIE FROM LOGIN>'
-H 'element_id: ELEMENTS_CONFIG_ID'
--data-raw
{
"reviewer_comment": "new employee",
}\
The return user object will look like this:
{
"requesting_user_id": "1c1e4ada-f282-40e6-b3b7-20b3a51c93b5",
"access_request_details": {
"tenant": "34f5c98e-f430-457b-a812-92637d0c6fd0",
"resource": "4d5215ed-38bb-48ed-879a-fdb9ca58522f",
"resource_instance": "2d98d9f8-e1b7-4f1d-baad-2edbf6fa6c66",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
},
"reason": "done onboarding",
"org_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"project_id": "405d8375-3514-403b-8c43-83ae74cfe0e9",
"env_id": "40ef0e48-a11f-4963-a229-e396c9f7e7c4",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"status": "approved",
"reviewer_user_id": "1b287364-14ff-4b72-8953-b40399093a6f",
"reviewed_at": "2019-08-24T14:15:22Z",
"reviewer_comment": "new employee",
}
5. Deny Access Request
To deny an access request, make the following PUT request (data is optional):
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/access_requests/{access_request_id}/deny' \
-H 'cookie: <COOKIE FROM LOGIN>'
-H 'element_id: ELEMENTS_CONFIG_ID'
--data-raw
"reviewer_comment": "need more info",
}\
The return access request object will look like this:
{
"requesting_user_id": "1c1e4ada-f282-40e6-b3b7-20b3a51c93b5",
"access_request_details": {
"tenant": "34f5c98e-f430-457b-a812-92637d0c6fd0",
"resource": "4d5215ed-38bb-48ed-879a-fdb9ca58522f",
"resource_instance": "2d98d9f8-e1b7-4f1d-baad-2edbf6fa6c66",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
},
"reason": "done onboarding",
"org_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"project_id": "405d8375-3514-403b-8c43-83ae74cfe0e9",
"env_id": "40ef0e48-a11f-4963-a229-e396c9f7e7c4",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"status": "deny",
"reviewer_user_id": "1b287364-14ff-4b72-8953-b40399093a6f",
"reviewed_at": "2019-08-24T14:15:22Z",
"reviewer_comment": "need more info",
}
Users actions:
1. Cancel Access Request
To cancel an access request, make the following PUT request:
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/access_requests/{access_request_id}/cancel' \
-H 'cookie: <COOKIE FROM LOGIN>'
-H 'element_id: ELEMENTS_CONFIG_ID'
--data-raw
{
"reason": "done onboarding last week",
} \
The return access request object will look like this:
{
"requesting_user_id": "1c1e4ada-f282-40e6-b3b7-20b3a51c93b5",
"access_request_details": {
"tenant": "34f5c98e-f430-457b-a812-92637d0c6fd0",
"resource": "4d5215ed-38bb-48ed-879a-fdb9ca58522f",
"resource_instance": "2d98d9f8-e1b7-4f1d-baad-2edbf6fa6c66",
"role": "ac4e70c8-d5be-48af-93eb-760f58fc91a9",
},
"reason": "done onboarding",
"org_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"project_id": "405d8375-3514-403b-8c43-83ae74cfe0e9",
"env_id": "40ef0e48-a11f-4963-a229-e396c9f7e7c4",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"status": "cancel",
"reviewer_user_id": null,
"reviewed_at": null,
"reviewer_comment": null,
}