Jump to:
This is a supplementary guide to the Arpio API Guide, which has instructions on finding your Arpio account ID and creating an API key.
The Arpio API supports RBAC Role and Group administration. Request and response bodies for the RBAC API endpoints are in JSON format. Requests should include the Content-Type: ”application/json” header.
Roles
For calls to the role endpoints, the body will need to contain a JSON payload with the following optional and non-optional variables in the structure shown below.
{
"name": "exampleName",
"externalId": "exampleExternalID",
"policies": [
{
"accessLevel": "app_test",
"allApps": null,
"appIds": [
"FUbtuv2hiy8yaU2OdX9vyc"
]
}
]
}
With the following variables:
- name
- A required field containing an identifying name to use for the role
- externalId
- An optional field to use with SAML/SSO assertion and map Directory roles/groups to Arpio roles/groups. Required for SAML provider role/group assertion.
- Policies
- A list of policies for this role. A policy grants an access level to a set of applications or all applications. Account-level policies should not set the allApps or appIds fields. Each policy can contain the following fields:
accessLevel- a field to identify what level of access the role should have"account_read"- can read everything in the Arpio account, but cannot modify anything."app_read"- can read all application information."app_manage”- app_read access, plus the ability to change application settings."app_test"- app_manage access, plus the ability to perform tests and modify sandbox settings."app_recover"- app_test access, plus the ability to recover applications with failback."app_admin"- Can perform every action on the application"account_admin"- Can perform every action on all applications in the account, manage account-level settings and users.
allApps- an optional boolean field to scope the accessLevel to all applications under the account.- Accepts the following values:
- true - all applications under account
- false, null - Only specific applications specified in appIds list field
- Accepts the following values:
appIds- an optional field that takes a list of application IDs as provided by Arpio for each application under the account.- List in the form
[“app1id”, “app2id”, “app3id”]
- List in the form
- A list of policies for this role. A policy grants an access level to a set of applications or all applications. Account-level policies should not set the allApps or appIds fields. Each policy can contain the following fields:
Endpoints
/api/accounts/{account_id}/roles
&&
/api/accounts/{account_id}/roles/{role_id}
Example calls
1. List roles for an account
curl -X GET "https://api.arpio.io/api/accounts/{account_id}/roles" \
-H "X-Api-Key: $ARPIO_API_KEY"
Returns a list of roles with all fields and role ID, which is used to get specific role information
2. Create a new role
curl -X POST "https://api.arpio.io/api/accounts/{account_id}/roles" \
-H "X-Api-Key: $ARPIO_API_KEY" \
-H "Content-Type: application/json"\
-d "{json data}"
3. Get a specific role
curl -X GET "https://api.arpio.io/api/accounts/{account_id}/roles/{role_id}" \
-H "X-Api-Key: $ARPIO_API_KEY"
4. Update a new role
curl -X PUT "https://api.arpio.io/api/accounts/{account_id}/roles/{role_id}" \
-H "X-Api-Key: $ARPIO_API_KEY" \
-H "Content-Type: application/json" \
-d "{json data}"
Overrides existing role with new data provided in the body
5. Delete a role
curl -X DELETE "https://api.arpio.io/api/accounts/{account_id}/roles/{role_id}" \
-H "X-Api-Key: $ARPIO_API_KEY"
Groups
For API calls to the group endpoints, the JSON will need the following variables in the listed format:
{
"name":"examplename",
"externalId":"exampleExternalId",
"roles": [
"exampleRoleId1", "exampleRoleId2"
],
"accountSubjects": [
"subjectId1", "subjectId2"
]
}
With the following variables:
- name
- A required field containing an identifying name to use for the group
- externalId
- An optional field to allow SAML/SSO assertion. Required for SAML provider role/group assertion.
- roles
- An optional field that takes a list of role ID’s as provided by:
curl -X GET "https://api.arpio.io/api/accounts/{account_id}/roles"- List in the form
[“role1id”, “role2id”, “exampleroleid”]
- List in the form
- An optional field that takes a list of role ID’s as provided by:
- accountSubjects
- An optional field containing a list of user ID’s as provided by
curl -X GET "https://api.arpio.io/api/accounts/{account_id}/subjects"- List in the form
[“user1id”, “user2id”, “exampleuserid”]
- List in the form
- An optional field containing a list of user ID’s as provided by
Endpoints
/api/accounts/{account_id}/subjectGroups/
&&
/api/accounts/{account_id}/subjectGroups/{account_subject_group_id}
Example calls
A. List account groups
curl -x GET "/api/accounts/{account_id}/subjectGroups" \
-H "X-Api-Key: $ARPIO_API_KEY"
B. Create a new account group
curl -x POST "/api/accounts/{account_id}/subjectGroups" \
-H "X-Api-Key: $ARPIO_API_KEY" \
-H "Content-Type: application/json" \
-d "{json data}"
C. Get a specific account group
curl -x GET "/api/accounts/{account_id}/subjectGroups/{account_subject_group_id}" \
-H "X-Api-Key: $ARPIO_API_KEY"
D. Update an account group
curl -x PUT "/api/accounts/{account_id}/subjectGroups/{account_subject_group_id}" \
-H "X-Api-Key: $ARPIO_API_KEY" \
-H "Content-Type: application/json" \
-d "{json data}"
E. Delete an account group
curl -x DELETE "/api/accounts/{account_id}/subjectGroups/{account_subject_group_id}" \
-H "X-Api-Key: $ARPIO_API_KEY"