> ## Documentation Index > Fetch the complete documentation index at: https://docs.britive.com/llms.txt > Use this file to discover all available pages before exploring further. # Checkout profile - console or programmatic > Checkout a profile for a specific environment. Use `accessType=CONSOLE` to obtain a federated console session or `accessType=PROGRAMMATIC` to obtain short-lived programmatic credentials (e.g. AWS access keys). The response `transactionId` is required for subsequent getToken, getConsoleUrl, and check-in calls. For ITSM-gated profiles, supply `ticketId` and `ticketType` in the request body. ## OpenAPI ````json POST /api/access/{profileId}/environments/{environmentId} { "openapi": "3.0.1", "info": { "title": "Britive Services API Documentation", "version": "v1", "description": "API documentation for Users, Tags, Identity providers, Applications, Reporting, Audit logs, Tenants, SSO, Profiles, Password policies, MFA, Access Builder Settings, etc." }, "servers": [ { "url": "https://{tenantURL}", "description": "The primary server", "variables": { "tenantURL": { "default": "test.britive-app.com", "description": "The host of the server" } } } ], "security": [ { "bearerAuth": [] } ], "tags": [ { "name": "Access Request Tag Membership", "description": "Manage tag memberships granted via access requests" }, { "name": "API Tokens", "description": "Manage API Tokens" }, { "name": "Application Environments", "description": "Manage Application Environments" }, { "name": "Application Environments - Accounts", "description": "Manage Application Environments Accounts" }, { "name": "Application Profiles", "description": "Manage Application Profiles" }, { "name": "Application Profiles - Advanced Settings", "description": "Manage Application Profiles Advanced Settings" }, { "name": "Application Profiles - Permissions", "description": "Manage Application Profiles Permissions" }, { "name": "Application Profiles - Permission Constraint Manager", "description": "Manage Profile Permission Constraints for the permissions that support to define constraints." }, { "name": "Application Profiles - Policies", "description": "Manage Application Profiles Policies" }, { "name": "Application Profiles - Scopes", "description": "Manage Application Profiles Scopes" }, { "name": "Application Profiles - Session Attributes", "description": "Manage Application Profiles Session Attributes" }, { "name": "Application Profiles - Sessions", "description": "Manage Application Profiles Sessions" }, { "name": "Application Profiles - Users and Tags", "description": "Manage Application Profiles" }, { "name": "Applications", "description": "Manage Applications" }, { "name": "Applications - Access Builder Settings", "description": "Manage access builder settings for an application" }, { "name": "Applications - Advanced Settings", "description": "Manage Applications Advanced Settings" }, { "name": "Applications - Approvers Groups", "description": "Manage approvers groups for association approvers" }, { "name": "Applications - Association Approvers", "description": "Manage association approvers for an application" }, { "name": "Applications - Managed Permissions", "description": "Manage Britive Permissions" }, { "name": "Applications - Permissions", "description": "Manage Application Permissions" }, { "name": "Applications - Root Environment Groups", "description": "Manage Application Root Environment Groups" }, { "name": "Applications - Scans", "description": "Manage Application Scans" }, { "name": "Audit Log Webhooks", "description": "Manage Audit Log Webhooks" }, { "name": "Audit Logs", "description": "Manage Audit Logs" }, { "name": "Custom App Template Uploader", "description": "Uploads custom app template." }, { "name": "Custom App Manager", "description": "Creates an app using custom template and other operations for managing the template." }, { "name": "Global Landing Page", "description": "Manage global landing page" }, { "name": "Identity Providers", "description": "Manage identity providers and settings" }, { "name": "IP Restrictions", "description": "Manage firewall rules/settings" }, { "name": "ITSM Connection Metadata", "description": "Manage ITSM Connection Metadata" }, { "name": "ITSM Connections", "description": "Manage ITSM Connections" }, { "name": "ITSM Integration", "description": "Manage ITSM Connections" }, { "name": "IM Connection Metadata", "description": "Manage IM Connection Metadata" }, { "name": "IM Connections", "description": "Manage IM Connections" }, { "name": "IM Integration", "description": "Manage IM Connections" }, { "name": "Multi Factor Authentication", "description": "Manage MFA authentication settings" }, { "name": "My Access", "description": "Manage My Access" }, { "name": "My Devices", "description": "Manage My Devices" }, { "name": "My Resources", "description": "Manage My Resources" }, { "name": "My Resources - Integration", "description": "Manage My Resource Integration" }, { "name": "My Resources - Profiles", "description": "Manage My Resource Profiles" }, { "name": "Notifications", "description": "Manage notifications" }, { "name": "Profile Requests - Managed Permissions", "description": "Manage Profile Requests Britive Permissions" }, { "name": "Reports", "description": "Manage Reports" }, { "name": "Resource Manager", "description": "Manage Resources" }, { "name": "Resource Manager - Labels", "description": "Manage Resource Labels" }, { "name": "Resource Manager - Permissions", "description": "Manage Resource Permissions" }, { "name": "Resource Manager - Policies", "description": "Manage Resource Policies" }, { "name": "Resource Manager - Response Templates", "description": "Manage Resource Response Templates" }, { "name": "Resource Manager - Types", "description": "Manage Resource Types" }, { "name": "Resource Profiles", "description": "Manage Resource Profiles" }, { "name": "Resource Profiles - Advanced Settings", "description": "Manage Resource Profiles Advanced Settings" }, { "name": "Resource Profiles - Associations", "description": "Manage Resource Profiles Associations" }, { "name": "Resource Profiles - Permissions", "description": "Manage Resource Profiles Permissions" }, { "name": "Resource Profiles - Policies", "description": "Manage Resource Profiles Policies" }, { "name": "SAML Configuration", "description": "Manage SAML Configuration" }, { "name": "Step Up Authentication", "description": "Manage service identity association to identity provider" }, { "name": "System Announcements", "description": "Manage the system announcements" }, { "name": "Tag Access Request Settings", "description": "Manage access request settings for a user tag" }, { "name": "Tag Access Requests", "description": "Browse tags available for access request" }, { "name": "Task Scheduler", "description": "Manage Tasks" }, { "name": "User Identity Attributes", "description": "Manage User Identity Attributes" }, { "name": "User Resources", "description": "Manage User Built Resources" }, { "name": "User Tags", "description": "Manage User Tags" }, { "name": "Users, Service Identities and AI Identities", "description": "Manage Users, Service Identities and AI Identities" }, { "name": "Workload Identity Providers", "description": "Manage workload identity providers" }, { "name": "Workload SCIM Identity Providers", "description": "Manage service identity association to SCIM provisioning for identity provider" }, { "name": "Workload Service Identity Providers", "description": "Manage service identity association to identity provider" }, { "name": "User Tag Owner", "description": "Tag Owners manage the tag memberships of their owned tags" }, { "name": "Shared Signals - Catalog", "description": "Manage shared signals catalog data" }, { "name": "Shared Signals - Issuers", "description": "Manage shared signals issuers" }, { "name": "Shared Signals - Receivers", "description": "Manage shared signals receivers" }, { "name": "Shared Signals - Results", "description": "Query shared signals processing results" } ], "paths": { "/api/access/{profileId}/environments/{environmentId}": { "post": { "tags": [ "My Access" ], "summary": "Checkout profile - console or programmatic", "description": "Checkout a profile for a specific environment. Use `accessType=CONSOLE` to obtain a federated console session or `accessType=PROGRAMMATIC` to obtain short-lived programmatic credentials (e.g. AWS access keys). The response `transactionId` is required for subsequent getToken, getConsoleUrl, and check-in calls. For ITSM-gated profiles, supply `ticketId` and `ticketType` in the request body.\n", "operationId": "checkoutProfile", "parameters": [ { "name": "profileId", "in": "path", "description": "Profile (PAP) ID to checkout", "required": "true", "schema": { "type": "string" } }, { "name": "environmentId", "in": "path", "description": "Environment ID within the application", "required": "true", "schema": { "type": "string" } }, { "name": "accessType", "in": "query", "description": "Type of access to checkout. `CONSOLE` grants a federated web-console session; `PROGRAMMATIC` grants short-lived API credentials; `CLI` (default) for CLI-based access.\n", "required": "false", "schema": { "type": "string", "enum": [ "CLI", "CONSOLE", "PROGRAMMATIC" ], "default": "CLI" } }, { "name": "type", "in": "query", "description": "Legacy alias for `accessType`. Ignored when `accessType` is provided.", "required": "false", "schema": { "type": "string", "default": "CLI" } } ], "requestBody": { "description": "Optional ITSM ticket details for approval-gated profiles", "required": "false", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Settings" }, "example": { "justification": "Access required for incident response", "ticketId": "INC0001234", "ticketType": "INCIDENT", "userOnCall": "false" } } } }, "responses": { "200": { "description": "Checkout initiated successfully. Poll `status` until `checkedOut`.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppAccessStatusResponse" } } } }, "403": { "description": "Access denied or profile policy conditions not met" }, "404": { "description": "Profile or environment not found" } } } } }, "components": { "schemas": { "Settings": { "type": "object", "x-exclude-from-codegen": "true", "properties": { "justification": { "type": "string" }, "ticketId": { "type": "string" }, "ticketType": { "type": "string" }, "userOnCall": { "type": "boolean", "default": "false" } } }, "AppAccessStatusResponse": { "type": "object", "description": "Status of a profile checkout or check-in operation", "properties": { "transactionId": { "type": "string", "description": "Unique transaction identifier; required for getTokens, getConsoleUrl, and check-in calls", "example": "txn_abc123" }, "papId": { "type": "string", "description": "Profile (PAP) string identifier", "example": "pap_xyz456" }, "appContainerId": { "type": "string", "description": "Application container identifier", "example": "app_123" }, "environmentId": { "type": "string", "description": "Environment identifier", "example": "env_789" }, "userId": { "type": "string", "description": "User identifier (string form)", "example": "user_001" }, "status": { "type": "string", "description": "Current lifecycle status of the checkout operation", "enum": [ "checkedOut", "checkedIn", "checkedInExpired", "checkOutSubmitted", "checkOutInProgress", "checkOutFailed", "checkInSubmitted", "checkInInProgress", "checkInFailed", "checkOutTimeOut", "checkInTimeOut" ], "example": "checkedOut" }, "statusText": { "type": "string", "description": "Human-readable label for `status`", "example": "Checked Out" }, "accessType": { "type": "string", "enum": [ "CLI", "CONSOLE", "PROGRAMMATIC" ], "example": "CONSOLE" }, "checkedOut": { "type": "string", "format": "date-time", "description": "Timestamp when the profile was checked out" }, "checkedIn": { "type": "string", "format": "date-time", "nullable": "true", "description": "Timestamp when the profile was checked in; null if still active" }, "expiration": { "type": "string", "format": "date-time", "description": "Timestamp when the session expires automatically" }, "currentExtensionIndex": { "type": "integer", "description": "Number of times the session has been extended", "example": "0" }, "policyConditionEndTime": { "type": "string", "format": "date-time", "nullable": "true", "description": "End time derived from policy time conditions, if applicable" }, "errorMessage": { "type": "string", "nullable": "true", "description": "Error details if the checkout or check-in operation failed" } } } }, "securitySchemes": { "bearerAuth": { "type": "http", "scheme": "bearer" } } } } ````