POST OAuth/CreateRule
Creates a new grant rule for an application. This allows you to give a specific user identity access to an application. Once that access is given, that user identity can then request a grant for the application by calling POST Authorize/OAuth.
Requirements
- Roles: Admin or Application Owner. See OAuth roles for more information.
- Token scope: Admin
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Order |
Name |
Description |
---|---|---|
1 |
TrusteePrefixedUniversal string |
|
2 |
ApplicationId string |
|
3 |
MaximumScope string |
|
4 |
Description string |
A description or explanation of the rule |
5 |
AccessValidity integer |
The length of time |
6 |
GrantValidity integer |
The length of time, in seconds, until the grant expires and can no longer be renewed. |
7 |
Renewable boolean |
If |
Returns
Name |
Description |
---|---|
HTTP 200 |
See OAuth result codes. A Rule object is return that shows the values passed in the request. See the Parameters section above for value descriptions. |
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
HTTP 401 |
For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body:
|
HTTP 403 |
If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/OAuth with the correct scope and restriction. Update the header with the new token and retry.
|
Example
Request
POST /vedsdk/oauth/createrule HTTP/1.1 Host: tpp-server-url Content-Type: application/json Accept: application/json Authorization: Bearer 4MyGeneratedBearerTknz== { "TrusteePrefixedUniversal": "local:{5be5a591-c842-4520-9142-b455f4ad2286}", "ApplicationId": "VenafiMMCCodeSigning", "MaximumScope": "codesign:admin", "Description": "Sample description", "AccessValidity": 12345, "GrantValidity": 56789, "Renewable": false }
Response
{ "Result": 0, "Rule": { "AccessValidity": 12345, "ApplicationId": "VenafiMMCCodeSigning", "Description": "Sample description", "GrantValidity": 56789, "MaximumScope": { "ScopeList": [ { "RestrictionList": [ "admin" ], "Scope": "codesign" } ] }, "Renewable": false, "TrusteePrefixedUniversal": "local:{5be5a591-c842-4520-9142-b455f4ad2286}" }, "Success": true }