Roles

Roles are an implementation of the general hierarchical RBAC. A senior role inherits all of it's juniors' ACLs plus its own ACL. Junior roles are not influenced by the senior role.

Retrieve a list of roles.

Retrieve a list of roles.

Request
Security:
query Parameters
limit
integer [ 0 .. 1000 ]

The collection items limit.

offset
integer >= 0

The collection items offset.

filter
string

The collection items filter requires a special format. Use "," for multiple allowed values. Use ";" for multiple fields. See the filter guide for more options and examples about this format.

sort
Array of strings

The collection items sort field and order (prefix with "-" for descending sort).

q
string

The partial search of the text fields.

expand
string

Expand a response to get a full related object included inside of the _embedded path in the response. It accepts a comma-separated list of objects to expand. See the expand guide for more info.

header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Responses
200

A list of roles was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

get/roles
Request samples
curl -i -X GET \
  'https://api-sandbox.rebilly.com/organizations/unknown/roles?limit=1000&offset=0&filter=string&sort=string&q=string&expand=string' \
  -H 'Organization-Id: 4f6cf35x-2c4y-483z-a0a9-158621f77a21' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Response samples
application/json
[
  • {
    }
]

Create a Role

Create a Role.

Request
Security:
header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Request Body schema: application/json

Role resource.

name
required
string

The role name.

description
string

The role description.

required
Array of objects (Acl)
Array
required
object

Api Key scope.

permissions
required
Array of strings <operationId>

Specify individual permission here if creating a restricted API key. Use wildcard * for full access.

allowedIps
Array of strings or null <ip> (AllowedIps)

The list of allowed IP addresses. Private subnets are not allowed. Set to null to remove restrictions.

juniorIds
Array of strings

The list of junior roles idenitifiers.

Responses
201

Role was created.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

post/roles
Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "acl": [
    ],
  • "allowedIps": [
    ],
  • "juniorIds": [
    ]
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "name": "string",
  • "description": "string",
  • "acl": [
    ],
  • "allowedIps": [
    ],
  • "seniorIds": [
    ],
  • "juniorIds": [
    ],
  • "usersCount": 0,
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ],
  • "_embedded": [
    ]
}

Retrieve a role

Retrieve a role with specified identifier string.

Request
Security:
path Parameters
id
required
string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

query Parameters
expand
string

Expand a response to get a full related object included inside of the _embedded path in the response. It accepts a comma-separated list of objects to expand. See the expand guide for more info.

header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Responses
200

Role was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

get/roles/{id}
Request samples
curl -i -X GET \
  'https://api-sandbox.rebilly.com/organizations/unknown/roles/:id?expand=string' \
  -H 'Organization-Id: 4f6cf35x-2c4y-483z-a0a9-158621f77a21' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "name": "string",
  • "description": "string",
  • "acl": [
    ],
  • "allowedIps": [
    ],
  • "seniorIds": [
    ],
  • "juniorIds": [
    ],
  • "usersCount": 0,
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ],
  • "_embedded": [
    ]
}

Create a role with predefined ID

Create a role with predefined identifier string.

Request
Security:
path Parameters
id
required
string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Request Body schema: application/json

Role resource.

name
required
string

The role name.

description
string

The role description.

required
Array of objects (Acl)
Array
required
object

Api Key scope.

permissions
required
Array of strings <operationId>

Specify individual permission here if creating a restricted API key. Use wildcard * for full access.

allowedIps
Array of strings or null <ip> (AllowedIps)

The list of allowed IP addresses. Private subnets are not allowed. Set to null to remove restrictions.

juniorIds
Array of strings

The list of junior roles idenitifiers.

Responses
200

Role was updated.

201

Role was created.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

put/roles/{id}
Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "acl": [
    ],
  • "allowedIps": [
    ],
  • "juniorIds": [
    ]
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "name": "string",
  • "description": "string",
  • "acl": [
    ],
  • "allowedIps": [
    ],
  • "seniorIds": [
    ],
  • "juniorIds": [
    ],
  • "usersCount": 0,
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ],
  • "_embedded": [
    ]
}

Delete a role

Delete a role with predefined identifier string.

Request
Security:
path Parameters
id
required
string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Responses
204

Role was deleted.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

delete/roles/{id}
Request samples
curl -i -X DELETE \
  https://api-sandbox.rebilly.com/organizations/unknown/roles/:id \
  -H 'Organization-Id: 4f6cf35x-2c4y-483z-a0a9-158621f77a21' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Response samples
application/json
{
  • "status": 400,
  • "title": "string",
  • "detail": "string",
  • "error": "string"
}