POST OAuth/GetRules

Looks up rules for users, applications, or a combination of both.

Requirements

  • Roles: Admin, Grant Admin, Auditor, or Application Owner. See OAuth roles for more information.
  • Token scope:  Admin

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

NOTE  At least one parameter is required.

Body parameters

Name

Description

TrusteePrefixedUniversal

string

The prefixed universal of the identity whose rules to retrieve.

ApplicationId

string

The application ID any returned values must be applicable to.

Returns

Response description

Name

Description

HTTP 200

See OAuth result codes.

A Rules object is returned with an array of rules matched by the request. The following values are included in each object in the array:

  • ApplicationId (string): The ID of the application

  • Description (string): The description of the application

  • MaximumScope (string): The maximum scope that the application knows how to use

  • TrusteePrefixedUniversal (string): The prefixed universal of the user

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • Error

    • invalid_request: The request is missing a required parameter or is otherwise malformed.

  • Error_description: If available, additional information about how to retry the request.

HTTP 401

For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body:

  • Error

    • invalid_token: The access token is missing, or the provided token is expired, revoked, malformed, or invalid for other reasons.

    • insufficient_rights: The underlying user account does not have sufficient permissions for this request.

  • error_description: If available, additional information about how to retry the request.

HTTP 403

If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/OAuth with the correct scope and restriction. Update the header with the new token and retry.

  • Error

    • insufficient_scope: The request requires a greater scope than provided by the access token.

  • error_description: If available, additional information about how to retry the request.

Example

Request all rules for a user

POST /vedsdk/oauth/getrules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==

{
  "TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
}

Response

{
  "Result": 0,
  "Rules": [
    {
      "ApplicationId": "VenafiMMCEventViewer",
      "Description": "VCC Installation Grant",
      "MaximumScope": "admin:viewlogs,grantrights;configuration;security",
      "TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
    },
    {
      "ApplicationId": "VenafiMMCCodeSigning",
      "Description": "VCC Installation Grant",
      "MaximumScope": "codesign:admin,approve,delete,manage;configuration:delete,manage;security:manage",
      "TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
    },
    {
      "ApplicationId": "VenafiMMCStatistics",
      "Description": "VCC Installation Grant",
      "MaximumScope": "statistics:sensitive,manage",
      "TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
    }
  ],
  "Success": true
}

Request all rules for an application

POST /vedsdk/oauth/getrules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==

{
  "ApplicationId": "VenafiMMCEventViewer"
}

Response

{
  "Result": 0,
  "Rules": [
    {
      "ApplicationId": "VenafiMMCEventViewer",
      "Description": "VCC Installation Grant",
      "MaximumScope": "admin:viewlogs,grantrights;configuration;security",
      "TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
    },
    {
      "ApplicationId": "VenafiMMCEventViewer",
      "Description": "",
      "MaximumScope": "admin:grantrights,viewlogs;configuration;security",
      "TrusteePrefixedUniversal": "local:{5a32c46e-e7d8-404d-9987-2e68c0928219}"
    }
  ],
  "Success": true
}

Request all rules for a user for a specific application

POST /vedsdk/oauth/getrules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==

{
   "ApplicationId": "VenafiMMCEventViewer",
   "TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
}

Response

{
  "Result": 0,
  "Rules": [
    {
      "ApplicationId": "VenafiMMCEventViewer",
      "Description": "VCC Installation Grant",
      "MaximumScope": "admin:viewlogs,grantrights;configuration;security",
      "TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
    }
  ],
  "Success": true
}