components: schemas: AddTeamMembersRequest: properties: memberIds: description: The list of IDs for users to add to the Team. example: - clma5y9hu000208k2aumf7pbd items: type: string minItems: 1 type: array required: - memberIds type: object AllowedIpAddressRange: properties: createdAt: description: The time when the allowed IP address range was created in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string createdBy: $ref: '#/components/schemas/BasicSubjectProfile' id: description: The allowed IP address range's ID. example: clm9sq6s0000008kz7uvl7yz7 type: string ipAddressRange: description: The allowed IP address range in CIDR format. example: 1.1.1.1/32 type: string organizationId: description: The allowed IP address range's Organization ID. example: clyt27999000008me3yp39wcp type: string updatedAt: description: The time when the allowed IP address range was updated in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string updatedBy: $ref: '#/components/schemas/BasicSubjectProfile' required: - createdAt - id - ipAddressRange - organizationId - updatedAt type: object AllowedIpAddressRangesPaginated: properties: allowedIpAddressRanges: items: $ref: '#/components/schemas/AllowedIpAddressRange' type: array limit: description: The maximum number of allowed IP address ranges in one page. example: 10 type: integer offset: description: The offset of the current page of allowed IP address ranges. example: 0 type: integer totalCount: description: The total number of allowed IP address ranges. example: 10 type: integer required: - allowedIpAddressRanges - limit - offset - totalCount type: object ApiToken: properties: createdAt: description: The time when the API token was created in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string createdBy: $ref: '#/components/schemas/BasicSubjectProfile' description: description: The description of the API token. example: my token description type: string endAt: description: The time when the API token expires in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string expiryPeriodInDays: description: The expiry period of the API token in days. example: 30 type: integer id: description: The API token's ID. example: clm8q7f6q000008lcgyougpsk type: string lastUsedAt: description: The time when the API token was last used in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string name: description: The name of the API token. example: My token type: string roles: description: The roles of the API token. items: $ref: '#/components/schemas/ApiTokenRole' type: array shortToken: description: The short value of the API token. example: short-token type: string startAt: description: The time when the API token will become valid in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string token: description: The value of the API token. example: token type: string type: description: The type of the API token. enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION example: WORKSPACE type: string updatedAt: description: The time when the API token was last updated in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string updatedBy: $ref: '#/components/schemas/BasicSubjectProfile' required: - createdAt - description - id - name - shortToken - startAt - type - updatedAt type: object ApiTokenRole: properties: entityId: description: The ID of the entity to which the API token is scoped for. For example, for Workspace API tokens, this is the Workspace ID. example: clm8sgvai000008l794psbkdv type: string entityType: description: The type of the entity to which the API token is scoped for. enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION example: WORKSPACE type: string role: description: The role of the API token. example: WORKSPACE_MEMBER type: string required: - entityId - entityType - role type: object ApiTokensPaginated: properties: limit: description: The limit of values in this page. example: 10 type: integer offset: description: The offset of values in this page. example: 0 type: integer tokens: description: The list of API tokens in this page. items: $ref: '#/components/schemas/ApiToken' type: array totalCount: description: The total number of API tokens. example: 100 type: integer required: - limit - offset - tokens - totalCount type: object BasicSubjectProfile: properties: apiTokenName: description: The API token's name. Returned only when `SubjectType` is `SERVICEKEY`. example: my-token type: string avatarUrl: description: The URL for the user's profile image. Returned only when `SubjectType` is `USER`. example: https://avatar.url type: string fullName: description: The subject's full name. Returned only when `SubjectType` is `USER`. example: Jane Doe type: string id: description: The subject's ID. example: clm8qv74h000008mlf08scq7k type: string subjectType: description: The subject type. enum: - USER - SERVICEKEY example: USER type: string username: description: The subject's username. Returned only when `SubjectType` is `USER`. example: user1@company.com type: string required: - id type: object CreateAllowedIpAddressRangeRequest: properties: ipAddressRange: description: The allowed IP address range in CIDR format. example: 1.1.1.1/32 type: string required: - ipAddressRange type: object CreateApiTokenRequest: properties: description: description: The description for the API token. example: This is my API token type: string entityId: description: The ID of the Workspace or Deployment to which the API token is scoped. It is required if `Type` is `WORKSPACE` or `DEPLOYMENT`. example: clm8pxjjw000008l23jm08hyu type: string name: description: The name of the API token. example: My token type: string role: description: The role of the API token. example: WORKSPACE_OWNER type: string tokenExpiryPeriodInDays: description: The expiry period of the API token in days. If not specified, the token will never expire. example: 30 maximum: 3650 minimum: 1 type: integer type: description: The scope of the API token. enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION example: WORKSPACE type: string required: - name - role - type type: object CreateCustomRoleRequest: properties: description: description: The role's description. example: Subject can only view deployments. type: string name: description: The role's name. example: Deployment_Viewer type: string permissions: description: The permissions included in the role. example: - deployment.get items: type: string minItems: 1 type: array restrictedWorkspaceIds: description: The IDs of the Workspaces that the role is restricted to. example: - cldbvzoi20182g8odxt8ehi5i items: type: string type: array uniqueItems: true scopeType: description: The scope of the role. enum: - DEPLOYMENT example: DEPLOYMENT type: string required: - name - permissions - scopeType type: object CreateTeamRequest: properties: description: description: The Team's description. example: My Team description type: string memberIds: description: The list of IDs for users to add to the Team. example: - clma67byh000008md1gr995ez items: type: string type: array name: description: The Team's name. example: My Team type: string organizationRole: description: The Team's Organization role. enum: - ORGANIZATION_OWNER - ORGANIZATION_OBSERVE_ADMIN - ORGANIZATION_OBSERVE_MEMBER - ORGANIZATION_BILLING_ADMIN - ORGANIZATION_MEMBER example: ORGANIZATION_MEMBER type: string required: - name type: object CreateUserInviteRequest: properties: inviteeEmail: description: The email of the user to invite. example: user1@company.com type: string role: description: The user's Organization role. enum: - ORGANIZATION_OWNER - ORGANIZATION_OBSERVE_ADMIN - ORGANIZATION_OBSERVE_MEMBER - ORGANIZATION_BILLING_ADMIN - ORGANIZATION_MEMBER example: ORGANIZATION_MEMBER type: string required: - inviteeEmail - role type: object DefaultRole: properties: description: description: The role's description. example: Subject can only view deployments. type: string name: description: The role's name. example: Deployment_Viewer type: string permissions: description: The role's permissions. example: - deployment.get items: type: string type: array scopeType: description: The role's scope. enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION - SYSTEM example: DEPLOYMENT type: string required: - name - permissions - scopeType type: object DeploymentRole: properties: deploymentId: description: The Deployment ID. example: clm8t5u4q000008jq4qoc3031 type: string role: description: The name of the role for the subject in the Deployment. example: DEPLOYMENT_ADMIN type: string required: - deploymentId - role type: object Error: properties: message: type: string requestId: type: string statusCode: maximum: 600 minimum: 400 type: integer required: - message - requestId - statusCode type: object Invite: properties: expiresAt: description: The time when the invite is expired in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" type: string inviteId: description: The invite ID. example: clm9t1g17000008jmfsw20lsz type: string invitee: $ref: '#/components/schemas/BasicSubjectProfile' inviter: $ref: '#/components/schemas/BasicSubjectProfile' organizationId: description: The ID of the Organization where the invite was sent. example: clm9t0gbt000108jv4f1cfu8u type: string organizationName: description: The name of the Organization where the invite was sent. example: My Organization type: string userId: description: The ID for the user who was invited. example: clm9t060z000008jv3mira7x5 type: string required: - expiresAt - inviteId - invitee - inviter - organizationId type: object PermissionEntry: properties: action: description: The permission's action. example: get type: string description: description: The permission's description. example: Subject is permitted to get the scope. type: string required: - action - description type: object PermissionGroup: properties: description: description: The permission group's description. example: Astro notification channel defines where alert messages can be sent. For example, alert messages issued via email or slack. type: string name: description: The permission group's name. example: workspace.notificationChannels type: string permissions: description: The permission group's permissions. items: $ref: '#/components/schemas/PermissionEntry' type: array scope: description: The permission group's scope. example: Workspace NotificationChannels type: string required: - description - name - permissions - scope type: object Role: properties: createdAt: description: The time the role was created. type: string createdBy: $ref: '#/components/schemas/BasicSubjectProfile' description: description: The role's description. example: Subject can only view deployments. type: string id: description: The role's ID. example: cluc9tapx000901qn2xrgqdmn type: string name: description: The role's name. example: Deployment_Viewer type: string restrictedWorkspaceIds: description: The IDs of Workspaces that the role is restricted to. example: - cldbvzoi20182g8odxt8ehi5i items: type: string type: array scopeType: description: The role's scope. enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION example: DEPLOYMENT type: string updatedAt: description: The time the role was last updated. type: string updatedBy: $ref: '#/components/schemas/BasicSubjectProfile' required: - createdAt - createdBy - id - name - restrictedWorkspaceIds - scopeType - updatedAt - updatedBy type: object RoleTemplate: properties: description: description: The role's description. example: Subject can only view deployments. type: string name: description: The role's name. example: Deployment_Viewer type: string permissions: description: The role's permissions. example: - deployment.get items: type: string type: array scopeType: description: The role's scope. enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION - SYSTEM example: DEPLOYMENT type: string required: - name - permissions - scopeType type: object RoleWithPermission: properties: createdAt: description: The time the role was created. type: string createdBy: $ref: '#/components/schemas/BasicSubjectProfile' description: description: The role's description. example: Subject can only view deployments. type: string id: description: The role's ID. example: cluc9tapx000901qn2xrgqdmn type: string name: description: The role's name. example: Deployment_Viewer type: string permissions: description: The role's permissions. example: - deployment.get items: type: string type: array restrictedWorkspaceIds: description: The IDs of Workspaces that the role is restricted to. example: - cldbvzoi20182g8odxt8ehi5i items: type: string type: array scopeType: description: The role's scope. enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION example: DEPLOYMENT type: string updatedAt: description: The time the role was last updated. type: string updatedBy: $ref: '#/components/schemas/BasicSubjectProfile' required: - createdAt - createdBy - id - name - permissions - restrictedWorkspaceIds - scopeType - updatedAt - updatedBy type: object RolesPaginated: properties: defaultRoles: description: The list of default roles. items: $ref: '#/components/schemas/DefaultRole' type: array limit: description: The number of custom roles returned. example: 1 type: integer offset: description: The offset of the custom roles. example: 1 type: integer roles: description: The list of custom roles. items: $ref: '#/components/schemas/Role' type: array totalCount: description: The total number of custom roles. example: 1 type: integer required: - limit - offset - roles - totalCount type: object SubjectRoles: properties: deploymentRoles: description: A list of the subject's Deployment roles. Currently only for API tokens. items: $ref: '#/components/schemas/DeploymentRole' type: array organizationRole: description: The subject's Organization role. enum: - ORGANIZATION_OWNER - ORGANIZATION_OBSERVE_ADMIN - ORGANIZATION_OBSERVE_MEMBER - ORGANIZATION_BILLING_ADMIN - ORGANIZATION_MEMBER example: ORGANIZATION_OWNER type: string workspaceRoles: description: A list of the subject's Workspace roles. items: $ref: '#/components/schemas/WorkspaceRole' type: array type: object Team: properties: createdAt: description: The time when the Team was created in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string createdBy: $ref: '#/components/schemas/BasicSubjectProfile' deploymentRoles: description: The Team's role in each Deployment it belongs to. items: $ref: '#/components/schemas/DeploymentRole' type: array description: description: The Team's description. example: My Team description type: string id: description: The Team's ID. example: clma5ftgk000008mhgev00k7d type: string isIdpManaged: description: Whether the Team is managed by an identity provider (IdP). example: false type: boolean name: description: The Team's name. example: My Team type: string organizationId: description: The ID of the Organization to which the Team belongs. example: clma5g8q6000108mh88g27k1y type: string organizationRole: description: The Team's Organization role. enum: - ORGANIZATION_OWNER - ORGANIZATION_OBSERVE_ADMIN - ORGANIZATION_OBSERVE_MEMBER - ORGANIZATION_BILLING_ADMIN - ORGANIZATION_MEMBER example: ORGANIZATION_MEMBER type: string rolesCount: description: The number of roles the Team has. example: 1 type: integer updatedAt: description: The time when the Team was last updated in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string updatedBy: $ref: '#/components/schemas/BasicSubjectProfile' workspaceRoles: description: The Team's role in each Workspace it belongs to. items: $ref: '#/components/schemas/WorkspaceRole' type: array required: - createdAt - id - isIdpManaged - name - organizationId - organizationRole - updatedAt type: object TeamMember: properties: avatarUrl: description: The URL for the Team member's profile image. example: https://avatar.url type: string createdAt: description: The time when the Team member was added in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string fullName: description: The Team member's full name. example: Jane Doe type: string userId: description: The Team member's ID. example: clma5vzk2000108k20jhq3f7n type: string username: description: The Team member's username. example: user1@company.com type: string required: - userId - username type: object TeamMembersPaginated: properties: limit: description: The maximum number of Team members in one page. example: 10 type: integer offset: description: The offset of the current page of Team members. example: 0 type: integer teamMembers: description: The list of Team members in the current page. items: $ref: '#/components/schemas/TeamMember' type: array totalCount: description: The total number of Team members. example: 100 type: integer required: - limit - offset - teamMembers - totalCount type: object TeamsPaginated: properties: limit: description: The maximum number of Teams in one page. example: 10 type: integer offset: description: The offset of the current page of Teams. example: 0 type: integer teams: description: The list of Teams in the current page. items: $ref: '#/components/schemas/Team' type: array totalCount: description: The total number of Teams. example: 100 type: integer required: - limit - offset - teams - totalCount type: object UpdateApiTokenRequest: properties: description: description: The description of the API token. example: This is my API token maxLength: 500 type: string name: description: The name of the API token. example: My token maxLength: 256 minLength: 1 type: string required: - name type: object UpdateApiTokenRolesRequest: properties: roles: description: The roles of the API token. items: $ref: '#/components/schemas/ApiTokenRole' minItems: 1 type: array required: - roles type: object UpdateCustomRoleRequest: properties: description: description: The role's description. example: Subject can only view deployments. type: string name: description: The role's name. example: Deployment_Viewer type: string permissions: description: The permissions included in the role. example: - deployment.get items: type: string minItems: 1 type: array restrictedWorkspaceIds: description: The IDs of the Workspaces that the role is restricted to. example: - cldbvzoi20182g8odxt8ehi5i items: type: string type: array uniqueItems: true required: - name - permissions type: object UpdateTeamRequest: properties: description: description: The Team's description. example: My Team Description type: string name: description: The Team's name. example: My Team type: string required: - name type: object UpdateTeamRolesRequest: properties: deploymentRoles: description: The user's updated Deployment roles. The Deployments you specify must belong to the Team's Organization. items: $ref: '#/components/schemas/DeploymentRole' type: array organizationRole: description: The Team's Organization roles. enum: - ORGANIZATION_OWNER - ORGANIZATION_OBSERVE_ADMIN - ORGANIZATION_OBSERVE_MEMBER - ORGANIZATION_BILLING_ADMIN - ORGANIZATION_MEMBER example: ORGANIZATION_MEMBER type: string workspaceRoles: description: The Team's updated Workspace roles. The Workspaces you specify must belong to the Team's Organization. items: $ref: '#/components/schemas/WorkspaceRole' type: array required: - organizationRole type: object UpdateUserRolesRequest: properties: deploymentRoles: description: The user's updated Deployment roles. Requires also specifying an `OrganizationRole`. items: $ref: '#/components/schemas/DeploymentRole' type: array organizationRole: description: The user's updated Organization role. enum: - ORGANIZATION_OWNER - ORGANIZATION_OBSERVE_ADMIN - ORGANIZATION_OBSERVE_MEMBER - ORGANIZATION_BILLING_ADMIN - ORGANIZATION_MEMBER example: ORGANIZATION_MEMBER type: string workspaceRoles: description: The user's updated Workspace roles. Requires also specifying an `OrganizationRole`. items: $ref: '#/components/schemas/WorkspaceRole' type: array type: object User: properties: avatarUrl: description: The URL for the user's profile image. example: https://avatar.url type: string createdAt: description: The time when the user was created in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string deploymentRoles: description: The user's Deployment roles. items: $ref: '#/components/schemas/DeploymentRole' type: array fullName: description: The user's full name. example: Jane Doe type: string id: description: The user's ID. example: clm9sq6s0000008kz7uvl7yz7 type: string organizationRole: description: The user's Organization role. enum: - ORGANIZATION_OWNER - ORGANIZATION_OBSERVE_ADMIN - ORGANIZATION_OBSERVE_MEMBER - ORGANIZATION_BILLING_ADMIN - ORGANIZATION_MEMBER example: ORGANIZATION_MEMBER type: string status: description: The user's status. enum: - ACTIVE - INACTIVE - PENDING - BANNED example: ACTIVE type: string updatedAt: description: The time when the user was updated in UTC, formatted as `YYYY-MM-DDTHH:MM:SSZ`. example: "2022-11-22T04:37:12Z" format: date-time type: string username: description: The user's username. example: user1@company.com type: string workspaceRoles: description: The user's Workspace roles. items: $ref: '#/components/schemas/WorkspaceRole' type: array required: - avatarUrl - createdAt - fullName - id - status - updatedAt - username type: object UsersPaginated: properties: limit: description: The maximum number of users in one page. example: 10 type: integer offset: description: The offset of the current page of users. example: 0 type: integer totalCount: description: The total number of users. example: 100 type: integer users: description: The list of users in the current page. items: $ref: '#/components/schemas/User' type: array required: - limit - offset - totalCount - users type: object WorkspaceRole: properties: role: description: The role of the subject in the Workspace. enum: - WORKSPACE_OWNER - WORKSPACE_OPERATOR - WORKSPACE_AUTHOR - WORKSPACE_MEMBER - WORKSPACE_ACCESSOR example: WORKSPACE_MEMBER type: string workspaceId: description: The Workspace ID. example: clm8t5u4q000008jq4qoc3036 type: string required: - role - workspaceId type: object securitySchemes: JWT: scheme: bearer type: http info: contact: {} description: Astro Identity and Access Management (IAM) API title: Astro Identity and Access Management (IAM) API version: v1beta1 openapi: 3.0.3 paths: /authorization/permission-groups: get: description: List the available permissions you can grant to a custom role. operationId: ListPermissionGroups parameters: - description: Filter the returned permissions based on the scope they apply to. Note that currently, the only available permissions are in the `DEPLOYMENT` scope. in: query name: scopeType schema: enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION type: string responses: "200": content: application/json: schema: items: $ref: '#/components/schemas/PermissionGroup' type: array description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: List authorization permission groups tags: - Authorization /organizations/{organizationId}/allowed-ip-address-ranges: get: description: List allowed IP address ranges. operationId: ListAllowedIpAddressRanges parameters: - description: The ID of the Organization that you want to retrieve the list of IP addresses for. in: path name: organizationId required: true schema: type: string - description: The number of results to skip before returning values. in: query name: offset schema: default: 0 minimum: 0 type: integer - description: The maximum number of results to return. in: query name: limit schema: default: 20 minimum: 0 type: integer - description: A list of field names to sort by, and whether to show results as ascending or descending. Formatted as `:asc` or `:desc`. in: query name: sorts schema: items: enum: - ipAddress:asc - ipAddress:desc - createdAt:asc - createdAt:desc - updatedAt:asc - updatedAt:desc type: string type: array responses: "200": content: application/json: schema: $ref: '#/components/schemas/AllowedIpAddressRangesPaginated' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: List allowed IP address ranges tags: - AllowedIpAddressRange x-permission: - action: organization.allowedIpAddressRanges.get post: description: Create an allowed IP address range that constrains which IP addresses can be used to interact with your Astro Organization using APIs. operationId: CreateAllowedIpAddressRange parameters: - description: The ID of the Organization where you want to create the allowed IP address range. in: path name: organizationId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateAllowedIpAddressRangeRequest' description: The request body for creating an IP address range that allows access to the Astro API. required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/AllowedIpAddressRange' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Create an allowed IP address range tags: - AllowedIpAddressRange x-permission: - action: organization.allowedIpAddressRanges.create /organizations/{organizationId}/allowed-ip-address-ranges/{allowedIpAddressRangeId}: delete: description: Delete an allowed IP address range. operationId: DeleteAllowedIpAddressRange parameters: - description: The ID of the Organization where you want to delete the allowed IP address range. in: path name: organizationId required: true schema: type: string - description: The ID of the allowed IP address range that you want to delete. in: path name: allowedIpAddressRangeId required: true schema: type: string responses: "204": description: "" "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Delete an allowed IP address range tags: - AllowedIpAddressRange x-permission: - action: organization.allowedIpAddressRanges.delete /organizations/{organizationId}/invites: post: description: Invite a user to an Organization. operationId: CreateUserInvite parameters: - description: The ID of the Organization to invite the user to. in: path name: organizationId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateUserInviteRequest' description: The request body for creating user invite. required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/Invite' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Create a user invitation tags: - Invite x-permission: - action: organization.users.create /organizations/{organizationId}/invites/{inviteId}: delete: description: Delete an existing user invite. operationId: DeleteUserInvite parameters: - description: The ID of the Organization where the user was invited to. in: path name: organizationId required: true schema: type: string - description: The invite's ID. in: path name: inviteId required: true schema: type: string responses: "204": description: "" "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Delete a user invite tags: - Invite x-permission: - action: organization.users.delete /organizations/{organizationId}/role-templates: get: description: Get a list of available role templates in an Organization. A role template can be used as the basis for creating a new custom role. operationId: ListRoleTemplates parameters: - description: The Organization's ID. in: path name: organizationId required: true schema: type: string - description: Filter role templates based on the scope of permissions they include. in: query name: scopeTypes schema: items: enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION type: string type: array responses: "200": content: application/json: schema: items: $ref: '#/components/schemas/RoleTemplate' type: array description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Get role templates tags: - Role x-permission: - action: organization.customRoles.get /organizations/{organizationId}/roles: get: description: List available user roles in an Organization. operationId: ListRoles parameters: - description: The Organization's ID. in: path name: organizationId required: true schema: type: string - description: Whether to include default Astro roles in the returned list. in: query name: includeDefaultRoles schema: type: boolean - description: Filter the list of roles based on the scope of each role. in: query name: scopeTypes schema: items: enum: - DEPLOYMENT - WORKSPACE - ORGANIZATION type: string type: array - description: Offset for pagination. in: query name: offset schema: default: 0 minimum: 0 type: integer - description: Limit for pagination. in: query name: limit schema: default: 20 minimum: 0 type: integer - description: Sorting criteria, each criterion should conform to format 'fieldName:asc' or 'fieldName:desc'. in: query name: sorts schema: items: enum: - name:asc - name:desc - scopeType:asc - scopeType:desc - description:asc - description:desc - createdAt:asc - createdAt:desc - updatedAt:asc - updatedAt:desc type: string type: array responses: "200": content: application/json: schema: $ref: '#/components/schemas/RolesPaginated' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: List roles tags: - Role x-permission: - action: organization.customRoles.get post: description: Create a custom role that you can assign to users, Teams, and API tokens. operationId: CreateCustomRole parameters: - description: The ID of the Organization where you want to create the custom role. in: path name: organizationId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateCustomRoleRequest' description: The request body for creating the custom role. required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/RoleWithPermission' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Create a custom role tags: - Role x-permission: - action: organization.customRoles.create /organizations/{organizationId}/roles/{customRoleId}: delete: description: Delete a custom role. operationId: DeleteCustomRole parameters: - description: The ID of the Organization to which the role belongs. in: path name: organizationId required: true schema: type: string - description: The ID of the role to delete. in: path name: customRoleId required: true schema: type: string responses: "204": description: "" "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Delete a custom role tags: - Role x-permission: - action: organization.customRoles.delete post: description: Update the metadata or included permissions for a custom role. operationId: UpdateCustomRole parameters: - description: The ID of the Organization to which the role belongs. in: path name: organizationId required: true schema: type: string - description: The custom role's ID. in: path name: customRoleId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateCustomRoleRequest' description: The request body for updating the custom role. required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/RoleWithPermission' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Update custom role tags: - Role x-permission: - action: organization.customRoles.update /organizations/{organizationId}/roles/{roleId}: get: description: Get details about a custom role. operationId: GetCustomRole parameters: - description: The ID of the Organization to which the role belongs. in: path name: organizationId required: true schema: type: string - description: The role's ID. in: path name: roleId required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/RoleWithPermission' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Get a custom role tags: - Role x-permission: - action: organization.customRoles.get /organizations/{organizationId}/teams: get: description: List all Teams in an Organization. operationId: ListTeams parameters: - description: ID of the Organization to list Teams for. in: path name: organizationId required: true schema: type: string - description: A list of names for Teams to filter by. The API returns details only for the specified Teams. in: query name: names schema: items: type: string type: array - description: Offset for pagination in: query name: offset schema: default: 0 minimum: 0 type: integer - description: Limit for pagination in: query name: limit schema: default: 20 maximum: 1000 minimum: 0 type: integer - description: Sorting criteria, each criterion should conform to format 'fieldName:asc' or 'fieldName:desc' in: query name: sorts schema: items: enum: - name:asc - name:desc - description:asc - description:desc - createdAt:asc - createdAt:desc - updatedAt:asc - updatedAt:desc type: string type: array responses: "200": content: application/json: schema: $ref: '#/components/schemas/TeamsPaginated' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: List Teams tags: - Team x-permission: - action: organization.teams.get post: description: Create a Team in an Organization. A Team is a group of users that have the same set of permissions in an Organization or Workspace. operationId: CreateTeam parameters: - description: The ID of the Organization where the Team is created. in: path name: organizationId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateTeamRequest' description: The request body for creating a Team. required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/Team' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Create a Team tags: - Team x-permission: - action: organization.teams.create /organizations/{organizationId}/teams/{teamId}: delete: description: Delete a Team. Deleting a Team will remove all permissions associated with the Team. Users that previously belonged to the Team will no longer have these permissions. operationId: DeleteTeam parameters: - description: The ID of the Organization to delete the Team from. in: path name: organizationId required: true schema: type: string - description: The ID of the Team to delete. in: path name: teamId required: true schema: type: string responses: "204": description: "" "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Delete a Team tags: - Team x-permission: - action: organization.teams.delete get: description: Retrieve details about a specific Team. operationId: GetTeam parameters: - description: The ID of the Organization to which the Team belongs. in: path name: organizationId required: true schema: type: string - description: The ID of the Team to retrieve data for. in: path name: teamId required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/Team' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Get a Team tags: - Team x-permission: - action: organization.teams.get post: description: Update a Team's details. operationId: UpdateTeam parameters: - description: The ID of the Organization to which the Team belongs. in: path name: organizationId required: true schema: type: string - description: The ID of the Team to update. in: path name: teamId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateTeamRequest' description: The request body for updating the Team. required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/Team' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Update a Team tags: - Team x-permission: - action: organization.teams.update /organizations/{organizationId}/teams/{teamId}/members: get: description: List the details about all users that belong to a specific Team. operationId: ListTeamMembers parameters: - description: The ID of the Organization to which the Team belongs. in: path name: organizationId required: true schema: type: string - description: The ID of the Team to retrieve member information for. in: path name: teamId required: true schema: type: string - description: Offset for pagination in: query name: offset schema: default: 0 minimum: 0 type: integer - description: Limit for pagination in: query name: limit schema: default: 20 minimum: 0 type: integer - description: Sorting criteria, each criterion should conform to format 'fieldName:asc' or 'fieldName:desc' in: query name: sorts schema: items: enum: - userId:asc - userId:desc - fullName:asc - fullName:desc - username:asc - username:desc - createdAt:asc - createdAt:desc type: string type: array responses: "200": content: application/json: schema: $ref: '#/components/schemas/TeamMembersPaginated' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: List Team members tags: - Team x-permission: - action: organization.teams.get post: description: Add members to a team operationId: AddTeamMembers parameters: - description: organization ID in: path name: organizationId required: true schema: type: string - description: team ID in: path name: teamId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AddTeamMembersRequest' description: request body for adding members to a team required: true x-originalParamName: body responses: "204": description: "" "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Add members to a team tags: - Team x-permission: - action: organization.teams.update /organizations/{organizationId}/teams/{teamId}/members/{memberId}: delete: description: Remove a user from a Team. The user loses all permissions associated with the Team. operationId: RemoveTeamMember parameters: - description: The ID of the Organization to which the user belongs. in: path name: organizationId required: true schema: type: string - description: The ID of the Team to remove the user from. in: path name: teamId required: true schema: type: string - description: The ID of the user to remove. in: path name: memberId required: true schema: type: string responses: "204": description: "" "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Remove Team member tags: - Team x-permission: - action: organization.teams.update /organizations/{organizationId}/teams/{teamId}/roles: post: description: Update Organization and Workspace roles for a Team. operationId: UpdateTeamRoles parameters: - description: The ID of the Organization to which the Team belongs. in: path name: organizationId required: true schema: type: string - description: The ID of the Team to update roles for. in: path name: teamId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateTeamRolesRequest' description: The request body for updating the Team's roles required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/SubjectRoles' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Update Team roles tags: - Team x-permission: - action: organization.teams.update /organizations/{organizationId}/tokens: get: description: List information about all API tokens from an Organization. Filters on Workspace when Workspace ID is provided. When `includeOnlyOrganizationTokens` is `true`, only Organization API tokens are returned. operationId: ListApiTokens parameters: - description: The ID of the Organization to list tokens for. in: path name: organizationId required: true schema: type: string - description: The ID of the Workspace to list API tokens for. in: query name: workspaceId schema: type: string - description: The ID of the Deployment to list API tokens for. in: query name: deploymentId schema: type: string - description: Whether to show only Organization API tokens. in: query name: includeOnlyOrganizationTokens schema: type: boolean - description: Offset for pagination in: query name: offset schema: default: 0 minimum: 0 type: integer - description: Limit for pagination in: query name: limit schema: default: 20 maximum: 1000 minimum: 0 type: integer - description: Sorting criteria, each criterion should conform to format 'fieldName:asc' or 'fieldName:desc' in: query name: sorts schema: items: enum: - name:asc - name:desc - description:asc - description:desc - createdAt:asc - createdAt:desc - updatedAt:asc - updatedAt:desc - tokenStartAt:asc - tokenStartAt:desc type: string type: array responses: "200": content: application/json: schema: $ref: '#/components/schemas/ApiTokensPaginated' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: List API tokens tags: - ApiToken post: description: Create an API token. An API token is an alphanumeric token that grants programmatic access to Astro for automated workflows. An API token can be scoped to an Organization or a Workspace. operationId: CreateApiToken parameters: - description: The ID of the Organization where you want to create the token. in: path name: organizationId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateApiTokenRequest' description: The Request body for creating an API token required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/ApiToken' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Create an API token tags: - ApiToken /organizations/{organizationId}/tokens/{tokenId}: delete: description: Delete an API token. When you delete an API token, make sure that no existing automation workflows are using it. After it's deleted, an API token cannot be recovered. operationId: DeleteApiToken parameters: - description: The ID of the Organization where you want to delete the token. in: path name: organizationId required: true schema: type: string - description: The API token ID in: path name: tokenId required: true schema: type: string responses: "204": description: "" "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Delete an API token tags: - ApiToken get: description: Retrieve information about a specific API token. operationId: GetApiToken parameters: - description: The ID of the Organization where you want to retrieve token information. in: path name: organizationId required: true schema: type: string - description: The ID of the token that you want to retrieve data for. in: path name: tokenId required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/ApiToken' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Get an API token tags: - ApiToken post: description: Update the name and description of an API token. operationId: UpdateApiToken parameters: - description: The ID of the Organization where you want to update an API token. in: path name: organizationId required: true schema: type: string - description: The API token you want to update. in: path name: tokenId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateApiTokenRequest' description: The request body for updating a token. required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/ApiToken' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Update an API token tags: - ApiToken /organizations/{organizationId}/tokens/{tokenId}/roles: post: description: Update Workspace and Organization roles for an API token. operationId: UpdateApiTokenRoles parameters: - description: The ID of the Organization where you want to update an API token. in: path name: organizationId required: true schema: type: string - description: The API token you want to update. in: path name: tokenId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateApiTokenRolesRequest' description: The request body for updating a token. required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/SubjectRoles' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Update API token roles tags: - ApiToken /organizations/{organizationId}/tokens/{tokenId}/rotate: post: description: Rotate an API token. Creates a new API token and invalidates the one you specify. Any workflows using the previous value stop working. operationId: RotateApiToken parameters: - description: The ID of the Organization where you want to rotate an API token. in: path name: organizationId required: true schema: type: string - description: The token to rotate in: path name: tokenId required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/ApiToken' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Rotate API token tags: - ApiToken /organizations/{organizationId}/users: get: description: List users in an Organization or a specific Workspace within an Organization. operationId: ListUsers parameters: - description: The ID of the Organization to list users for. in: path name: organizationId required: true schema: type: string - description: The ID of the Workspace to filter the list of users for. When specified, the API returns only users belonging to the specified Workspace. in: query name: workspaceId schema: type: string - description: The ID of the Deployment to filter the list of users for. When specified, the API returns only users belonging to the specified Deployment. in: query name: deploymentId schema: type: string - description: Offset for pagination in: query name: offset schema: default: 0 minimum: 0 type: integer - description: Limit for pagination in: query name: limit schema: default: 20 maximum: 1000 minimum: 0 type: integer - description: Sorting criteria, each criterion should conform to format 'fieldName:asc' or 'fieldName:desc' in: query name: sorts schema: items: enum: - id:asc - id:desc - username:asc - username:desc - fullName:asc - fullName:desc - createdAt:asc - createdAt:desc - updatedAt:asc - updatedAt:desc type: string type: array responses: "200": content: application/json: schema: $ref: '#/components/schemas/UsersPaginated' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: List users in an Organization tags: - User x-permission: - action: organization.users.get /organizations/{organizationId}/users/{userId}: get: description: Retrieve user information about a specific user account. operationId: GetUser parameters: - description: The ID of the Organization to which the user belongs. in: path name: organizationId required: true schema: type: string - description: The user's ID. in: path name: userId required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/User' description: OK "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Get user information tags: - User x-permission: - action: organization.users.get /organizations/{organizationId}/users/{userId}/roles: post: description: Update Organization and Workspace roles for a user. operationId: UpdateUserRoles parameters: - description: The ID of the Organization to which the user belongs. in: path name: organizationId required: true schema: type: string - description: The user's ID in: path name: userId required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateUserRolesRequest' description: The request body for updating the user's roles required: true x-originalParamName: body responses: "200": content: application/json: schema: $ref: '#/components/schemas/SubjectRoles' description: The response body containing the user's roles "400": content: application/json: schema: $ref: '#/components/schemas/Error' description: Bad Request "401": content: application/json: schema: $ref: '#/components/schemas/Error' description: Unauthorized "403": content: application/json: schema: $ref: '#/components/schemas/Error' description: Forbidden "404": content: application/json: schema: $ref: '#/components/schemas/Error' description: Not Found "500": content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal Server Error security: - JWT: [] summary: Update a user's roles tags: - User security: - JWT: [] servers: - url: https://api.astronomer.io/iam/v1beta1 tags: - description: The `user` object represents a user account in your Astro Organization. Astro creates a new `user` object whenever you invite a user by email or add a user to Astro through an identity provider. The object contains all information about a user, including their personal information, roles, and login attempts. It doesn't include attributes for actions that the user completes after they log in, such as updating a Deployment. Make requests to `user` endpoints to manage permissions for existing users both at the Organization and Workspace level. To create new users, make requests to `invite` endpoints instead. name: User - description: The `team` object represents an Astro Team, which is a group of users that share the same permissions across your Organization and Workspaces. Make requests to `team` endpoints to create, update, and delete Teams across an Organization. See [Configure Teams on Astro](https://astronomer.io/docs/astro/manage-teams). name: Team - description: The `apitoken` object represents a single API token within your Organization. API tokens are used to authenticate automated tools and processes to your Organization. They have varying levels of access to your resources based on their Organization, Workspace, and Deployment roles. See [Workspace API tokens](workspace-api-tokens.md) and [Organization API tokens](organization-api-tokens.md). name: ApiToken - description: The `invite` object represents the record of a user invite generated by Astro. It includes information both about the inviter and the invitee. Invites can be generated both by manual invitations through the Astro UI and automatic invitations through an identity provider. An `invite` record persists until its associated invite expires. Make requests to `invite` endpoints to create, delete, or audit invites for users across your Organization. See [Manage Organization users](https://astronomer.io/docs/astro/manage-organization-users) and [Manage Workspace users](https://astronomer.io/docs/astro/manage-workspace-users). name: Invite