Abbey API (v1)

Download OpenAPI specification:Download

Abbey Support: help@abbey.io URL: https://abbey.io License: Apache-2.0 Terms of Service

The public Abbey API. Used for integrating with Abbey and building interfaces to extend the Abbey platform. See https://docs.abbey.io for more information.

Grant Kits

Grant Kits are what you configure in code to control and automatically right-size permissions for resources. A Grant Kit has 3 components:

  1. Workflow to configure how someone should get access.
  2. Policies to configure if someone should get access.
  3. Output to configure how and where Grants should materialize.
https://docs.abbey.io/getting-started/concepts#grant-kits

List Grant Kits

Returns a list of the latest versions of each grant kit in the organization.

Grant Kits are sorted by creation date, descending.

SecurityBearerAuth
Responses
200

Success

401

Authentication Failed

429

Rate Limited

default

Server Errored on Abbey's end

get/grant-kits
Request samples 
Response samples 
application/json
[
  • {
    }
]
Create a Grant Kit
Creates a new Grant Kit


SecurityBearerAuth 
Request 
Request Body schema: application/json
required
name
required
string
 
description
required
string
 
object or null (GrantWorkflow) 
 
Array of objects (Policies)   <= 100 items 
 
required
object (Output) 
 
Responses 
201
Created


400
Request Failed


401
Authentication Failed


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


post/grant-kits
Request samples 
application/json
{
  • "name": "my_grant_kit",
  • "description": "My description",
  • "workflow": {
    },
  • "policies": [
    ],
  • "output": {
    }
}
Response samples 
application/json
{
  • "id": "gk_1234",
  • "name": "null_grant",
  • "current_version_id": "gkv_1234",
  • "description": "description",
  • "workflow": {
    },
  • "policies": [
    ],
  • "output": {
    },
  • "grants": [ ],
  • "requests": [ ],
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
Delete a Grant Kit
Deletes the specified grant kit.


SecurityBearerAuth 
Request 
path Parameters
grant_kit_id_or_name
required
string
The ID of the grant kit or resource to delete


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


delete/grant-kits/{grant_kit_id_or_name}
Request samples 
Response samples 
application/json
{
  • "id": "gk_1234",
  • "name": "null_grant",
  • "current_version_id": "gkv_1234",
  • "description": "description",
  • "workflow": {
    },
  • "policies": [
    ],
  • "output": {
    },
  • "grants": [ ],
  • "requests": [ ],
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
Retrieve a Grant Kit by ID
Returns the details of a Grant Kit.


SecurityBearerAuth 
Request 
path Parameters
grant_kit_id_or_name
required
string
The ID of the grant kit or resource to retrieve.


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


get/grant-kits/{grant_kit_id_or_name}
Request samples 
Response samples 
application/json
{
  • "id": "gk_1234",
  • "name": "null_grant",
  • "current_version_id": "gkv_1234",
  • "description": "description",
  • "workflow": {
    },
  • "policies": [
    ],
  • "output": {
    },
  • "grants": [ ],
  • "requests": [ ],
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
Update a Grant Kit
Updates the specified grant kit.


SecurityBearerAuth 
Request 
path Parameters
grant_kit_id_or_name
required
string
The ID of the grant kit or resource to update


 
Request Body schema: application/json
required
name
required
string
The name of the connection


 
description
required
string
 
object or null (GrantWorkflow) 
 
required
object (Output) 
 
Array of objects (Policies)   <= 100 items 
 
Responses 
200
Success


400
Request Failed


401
Authentication Failed


404
Resource Not Found


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


put/grant-kits/{grant_kit_id_or_name}
Request samples 
application/json
{
  • "name": "my_grant_kit",
  • "description": "description",
  • "workflow": {
    },
  • "policies": [
    ],
  • "output": {
    }
}
Response samples 
application/json
{
  • "id": "gk_1234",
  • "name": "null_grant",
  • "current_version_id": "gkv_1234",
  • "description": "description",
  • "workflow": {
    },
  • "policies": [
    ],
  • "output": {
    },
  • "grants": [ ],
  • "requests": [ ],
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
List Grant Kit Versions of a Grant Kit ID
Returns all versions of a grant kit.


Grant Kits are sorted by creation date, descending.


SecurityBearerAuth 
Request 
path Parameters
grant_kit_id_or_name
required
string
The ID of the grant kit or resource to retrieve.


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


get/grant-kits/{grant_kit_id_or_name}/versions
Request samples 
Response samples 
application/json
[
  • {
    }
]
Identities
User metadata used for enriching data.
Enriched data is used to write richer policies, workflows, and outputs.


https://docs.abbey.io
Create an Identity
Creates a new identity.


An identity represents a human, service, or workload.


SecurityBearerAuth 
Request 
Request Body schema: application/json
required
abbey_account
required
string
 
source
required
string
 
metadata
required
string
Json encoded string. See documentation for details.


 
Responses 
201
Created


400
Request Failed


401
Authentication Failed


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


post/identities
Request samples 
application/json
{
  • "abbey_account": "alice@example.com",
  • "source": "okta",
  • "metadata": "{\"user_id\":\"UserId\"}"
}
Response samples 
application/json
{
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "id": "id"
}
List all Identities with enriched metadata
Returns all Identities with enriched metadata in the org


SecurityBearerAuth 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


get/identities
Request samples 
Response samples 
application/json
[
  • {
    }
]
Delete an Identity
Deletes the specified identity.


SecurityBearerAuth 
Request 
path Parameters
identity_id
required
string
The ID of the identity to delete


 
Responses 
200
Success


204
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


delete/identities/{identity_id}
Request samples 
Response samples 
application/json
{
  • "type": "string",
  • "code": "string",
  • "message": "string",
  • "param": "string",
  • "doc_url": "string"
}
Retrieve an Identity
Returns the details of an identity.


SecurityBearerAuth 
Request 
path Parameters
identity_id
required
string
The ID of the identity to retrieve


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


get/identities/{identity_id}
Request samples 
Response samples 
application/json
{
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "id": "id"
}
Update an Identity
Updates an identity.


SecurityBearerAuth 
Request 
path Parameters
identity_id
required
string
The ID of the identity to retrieve


 
Request Body schema: application/json
required
abbey_account
required
string
 
source
required
string
 
metadata
required
string
Json encoded string. See documentation for details.


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


put/identities/{identity_id}
Request samples 
application/json
{
  • "abbey_account": "alice@example.com",
  • "source": "okta",
  • "metadata": "{\"user_id\":\"UserId\"}"
}
Response samples 
application/json
{
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "id": "id"
}
Requests
Requests are Access Requests that users make to get access to a resource.


https://docs.abbey.io/getting-started/concepts#access-requests
List Requests
Returns a list of requests.


Requests are sorted by creation date, descending.


SecurityBearerAuth 
Responses 
200
Success


401
Authentication Failed


429
Rate Limited


default
Server Errored on Abbey's end


get/requests
Request samples 
Response samples 
application/json
[
  • {
    }
]
Create a Request
Creates a new request.


You will need to pass in a Grant Kit ID as the target of this request. This will create a request
against the latest version of the Grant Kit.


Grant Kit Versions are immutable and you won't be able to create a request against an older Grant Kit Version.
If you want to do this, you will have to roll forward by creating a new Grant Kit Version.


SecurityBearerAuth 
Request 
Request Body schema: application/json
required
grant_kit_id
required
string
 
reason
required
string
 
object or null (UserInput) 
 
Responses 
201
Created


400
Request Failed


401
Authentication Failed


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


post/requests
Request samples 
application/json
{
  • "grant_kit_id": "gk_1234",
  • "reason": "reason"
}
Response samples 
application/json
{
  • "id": "req_1234",
  • "grant_id": "grant_1234",
  • "grant_kit_id": "gk_1234",
  • "grant_kit_version_id": "gkv_1234",
  • "grant_kit_name": "my_grant_kit",
  • "user_id": "user_1234",
  • "reason": "Need temporary access.",
  • "status": "approved",
  • "reviews": null,
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00",
  • "pull_request": "https://github.com/organizations/repo/pull/1"
}
Retrieve a Request by ID
Returns the details of a request.


SecurityBearerAuth 
Request 
path Parameters
request_id
required
string
The ID of the request to retrieve


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


get/requests/{request_id}
Request samples 
Response samples 
application/json
{
  • "id": "req_1234",
  • "grant_id": "grant_1234",
  • "grant_kit_id": "gk_1234",
  • "grant_kit_version_id": "gkv_1234",
  • "grant_kit_name": "my_grant_kit",
  • "user_id": "user_1234",
  • "reason": "Need temporary access.",
  • "status": "approved",
  • "reviews": null,
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00",
  • "pull_request": "https://github.com/organizations/repo/pull/1"
}
Cancel a Request by ID
Cancels the specified request.


SecurityBearerAuth 
Request 
path Parameters
request_id
required
string
The ID of the request to cancel


 
Request Body schema: application/json
required
reason
string
The reason for canceling the request


 
Responses 
200
Success


400
Request Failed


401
Authentication Failed


404
Resource Not Found


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


put/requests/{request_id}/cancel
Request samples 
application/json
{
  • "reason": "reason"
}
Response samples 
application/json
{
  • "id": "req_1234",
  • "grant_id": "grant_1234",
  • "grant_kit_id": "gk_1234",
  • "grant_kit_version_id": "gkv_1234",
  • "grant_kit_name": "my_grant_kit",
  • "user_id": "user_1234",
  • "reason": "Need temporary access.",
  • "status": "approved",
  • "reviews": null,
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00",
  • "pull_request": "https://github.com/organizations/repo/pull/1"
}
Reviews
Reviews are decisions made by a reviewer on an Access Request.


A Reviewer might approve or deny a request.


https://docs.abbey.io/product/approving-or-denying-access-requests
List Reviews
Returns a list of all the reviews sent to the user.


Reviews are sorted by creation date, descending.


SecurityBearerAuth 
Responses 
200
Success


401
Authentication Failed


429
Rate Limited


default
Server Errored on Abbey's end


get/reviews
Request samples 
Response samples 
application/json
[
  • {
    }
]
Retrieve a Review by ID
Returns the details of a review


SecurityBearerAuth 
Request 
path Parameters
review_id
required
string
The ID of the review to retrieve.


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


get/reviews/{review_id}
Request samples 
Response samples 
application/json
{
  • "id": "rev_1234",
  • "user_id": "user_1234",
  • "user_email": "alice@example.com",
  • "request_id": "req_1234",
  • "status": "Approved",
  • "request_reason": "please",
  • "reason": "reason",
  • "grant_kit_version_id": "gkv_1234",
  • "grant_kit_name": "my_grant_kit",
  • "grant_id": "grant_1234",
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
Approve a Review
Updates the specified review with an approval decision.


SecurityBearerAuth 
Request 
path Parameters
review_id
required
string
The ID of the review to approve


 
Request Body schema: application/json
required
reason
required
string
 
Responses 
200
Success


400
Request Failed


401
Authentication Failed


404
Resource Not Found


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


put/reviews/{review_id}/approve
Request samples 
application/json
{
  • "reason": "approved for temporary access"
}
Response samples 
application/json
{
  • "id": "rev_1234",
  • "user_id": "user_1234",
  • "user_email": "alice@example.com",
  • "request_id": "req_1234",
  • "status": "Approved",
  • "request_reason": "please",
  • "reason": "reason",
  • "grant_kit_version_id": "gkv_1234",
  • "grant_kit_name": "my_grant_kit",
  • "grant_id": "grant_1234",
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
Deny a Review
Updates the specified review with a deny decision.


SecurityBearerAuth 
Request 
path Parameters
review_id
required
string
The ID of the review to deny


 
Request Body schema: application/json
required
reason
required
string
 
Responses 
200
Success


400
Request Failed


401
Authentication Failed


404
Resource Not Found


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


put/reviews/{review_id}/deny
Request samples 
application/json
{
  • "reason": "approved for temporary access"
}
Response samples 
application/json
{
  • "id": "rev_1234",
  • "user_id": "user_1234",
  • "user_email": "alice@example.com",
  • "request_id": "req_1234",
  • "status": "Approved",
  • "request_reason": "please",
  • "reason": "reason",
  • "grant_kit_version_id": "gkv_1234",
  • "grant_kit_name": "my_grant_kit",
  • "grant_id": "grant_1234",
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
Grants
Grants are permissions that reflect the result of an access request going through the process of evaluating 
policies and approval workflows where all approval conditions are met.


Grants may be revoked manually by a user or automatically if a time-based or attribute-based policy is
included in the corresponding Grant Kit's policy.


https://docs.abbey.io/getting-started/concepts#grants
List Grants
Returns a list of all the grants belonging to a user.


Grants are sorted by creation date, descending. Creation date effectively means when the grant was approved.


SecurityBearerAuth 
Responses 
200
Success


401
Authentication Failed


429
Rate Limited


default
Server Errored on Abbey's end


get/grants
Request samples 
Response samples 
application/json
[
  • {
    }
]
Revoke a Grant by ID
Revokes the specified grant.


SecurityBearerAuth 
Request 
path Parameters
grant_id
required
string
The ID of the grant to revoke


 
Responses 
200
Success


400
Request Failed


401
Authentication Failed


404
Resource Not Found


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


delete/grants/{grant_id}
Request samples 
Response samples 
application/json
{
  • "id": "grant_1234",
  • "grant_kit_id": "gk_1234",
  • "grant_kit_version_id": "gkv_1234",
  • "user_id": "user_1234",
  • "request_id": "req_1234",
  • "organization_id": "org_1234",
  • "deleted": false,
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
Retrieve a Grant by ID
Returns the details of a grant.


SecurityBearerAuth 
Request 
path Parameters
grant_id
required
string
The ID of the grant to retrieve


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


409
Request Conflict with another resource


default
Server Errored on Abbey's end


get/grants/{grant_id}
Request samples 
Response samples 
application/json
{
  • "id": "grant_1234",
  • "grant_kit_id": "gk_1234",
  • "grant_kit_version_id": "gkv_1234",
  • "user_id": "user_1234",
  • "request_id": "req_1234",
  • "organization_id": "org_1234",
  • "deleted": false,
  • "created_at": "2000-01-23T04:56:07.000+00:00",
  • "updated_at": "2000-01-23T04:56:07.000+00:00"
}
SAML Connections
List SAML Connections
Returns a list of SAML connections.
The connections are scoped by the current user and returned from Clerk


SecurityBearerAuth 
Responses 
200
Success


401
Authentication Failed


429
Rate Limited


default
Server Errored on Abbey's end


get/samlConnection
Request samples 
Response samples 
application/json
{
  • "items": [
    ]
}
Create a new SAML connection
Creates a new SAML connection


SecurityBearerAuth 
Request 
Request Body schema: application/json
name
required
string
 
domain
required
string
 
idp_entity_id
string
 
idp_sso_url
string
 
idp_certificate
string
 
Responses 
201
Created


400
Request Failed


401
Authentication Failed


409
Request Conflict with another resource


429
Rate Limited


default
Server Errored on Abbey's end


post/samlConnection
Request samples 
application/json
{
  • "name": "string",
  • "domain": "string",
  • "idp_entity_id": "string",
  • "idp_sso_url": "string",
  • "idp_certificate": "string"
}
Response samples 
application/json
{
  • "id": "string",
  • "name": "string",
  • "provider": "string",
  • "active": true,
  • "sp_entity_id": "string",
  • "acs_url": "string",
  • "idp_entity_id": "string",
  • "idp_sso_url": "string",
  • "idp_certificate": "string"
}
Fetches a SAML connection by its ID
Checks whether a user has a SAML connection and then hydrates the connection from Clerk


SecurityBearerAuth 
Request 
path Parameters
saml_connection_id
required
string
The ID of the SAML connection to retrieve


 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


get/samlConnection/{saml_connection_id}
Request samples 
Response samples 
application/json
{
  • "id": "string",
  • "name": "string",
  • "provider": "string",
  • "active": true,
  • "sp_entity_id": "string",
  • "acs_url": "string",
  • "idp_entity_id": "string",
  • "idp_sso_url": "string",
  • "idp_certificate": "string"
}
Updates a SAML connection by its ID
Checks whether a user owns a SAML connection and then updates the SAML connection


SecurityBearerAuth 
Request 
path Parameters
saml_connection_id
required
string
The ID of the SAML connection to update


 
Request Body schema: application/json
required
name
string
 
domain
string
 
idp_entity_id
string
 
idp_sso_url
string
 
idp_certificate
string
 
active
boolean
 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


put/samlConnection/{saml_connection_id}
Request samples 
application/json
{
  • "name": "string",
  • "domain": "string",
  • "idp_entity_id": "string",
  • "idp_sso_url": "string",
  • "idp_certificate": "string",
  • "active": true
}
Response samples 
application/json
{
  • "id": "string",
  • "name": "string",
  • "provider": "string",
  • "active": true,
  • "sp_entity_id": "string",
  • "acs_url": "string",
  • "idp_entity_id": "string",
  • "idp_sso_url": "string",
  • "idp_certificate": "string"
}
Deletes a SAML connection by its ID
Deletes a SAML connection by its ID


SecurityBearerAuth 
Request 
path Parameters
saml_connection_id
required
string
The ID of the SAML connection to update


 
Responses 
204
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


delete/samlConnection/{saml_connection_id}
Request samples 
Response samples 
application/json
{
  • "type": "string",
  • "code": "string",
  • "message": "string",
  • "param": "string",
  • "doc_url": "string"
}
Demo
Create Demo Access
Creates a new Demo access


SecurityBearerAuth 
Request 
Request Body schema: application/json
required
permission
required
string
 Default:  "read_write"
 Value: "read_write"  
email
required
string <email> 
 
Responses 
201
Created


400
Request Failed


401
Authentication Failed


429
Rate Limited


default
Server Errored on Abbey's end


post/demo
Request samples 
application/json
{
  • "permission": "read_write",
  • "email": "user@example.com"
}
Response samples 
application/json
{
  • "id": 0,
  • "user_id": "string",
  • "created_at": "2019-08-24T14:15:22Z",
  • "updated_at": "2019-08-24T14:15:22Z"
}
Delete Demo Access
Deletes the Demo access


SecurityBearerAuth 
Request 
Request Body schema: application/json
required
permission
required
string
 Default:  "read_write"
 Value: "read_write"  
email
required
string <email> 
 
Responses 
200
Success


401
Authentication Failed


404
Resource Not Found


429
Rate Limited


default
Server Errored on Abbey's end


delete/demo
Request samples 
application/json
{
  • "permission": "read_write",
  • "email": "user@example.com"
}
Response samples 
application/json
{
  • "id": 0,
  • "user_id": "string",
  • "created_at": "2019-08-24T14:15:22Z",
  • "updated_at": "2019-08-24T14:15:22Z"
}
SlackCommand
Receive a slash command from Slack
Receives slash commands initiated from the Abbey Slack App


SecurityBearerAuth 
Request 
Responses 
200
Success


201
Success


400
Request Failed


401
Authentication Failed


429
Rate Limited


default
Server Errored on Abbey's end


post/slackcommands
Request samples 
Response samples 
application/json
{
  • "next": "string",
  • "prev": "string",
  • "items": [
    ]
}