Manage Approvals

1. Approve/Reject a Request

This PATCH method approves or rejects a request for a specified approval request.

Notes:

To execute this API, the user should have permission assigned (through policy) with action as authz.approval.update.
Approval/rejection for a renamed secret is canceled.

PATCH

{{url}}/api/v1/approvals/{approvalid}?approveRequest=yes/no

Request Parameter

The request parameter used in this method is shown in the following table:

Parameter	Description	Data Type	Required
approveRequest	Specifies whether this request needs to be approved or rejected. The value can be 'yes' or 'no'.	String	Mandatory

Request Example

curl -X PATCH '{{url}}/api/v1/approvals/{approvalid}?approveRequest=yes/no' -H 'Authorization: Bearer <token>'

Response Example

Status: 204 No Content

2. Get Approval Request Details

This GET method returns the approval request details for the specified approval.

Note: To execute this API, the user should have permission assigned (through policy) with action as authz.approval.read.

GET	{{url}}/api/v1/approvals/{approvalid}?requestType=myApprovals/myRequests

Request Parameters

The request parameters used in this method are shown in the following table:

Parameter	Description	Data Type	Required
requestType	Specifies the type of request. The value can be myRequests or myApprovals.	String	Optional

curl -X GET '{{url}}/api/v1/approvals/{approvalid}/requestType=myApprovals' -H 'Authorization: Bearer <token>'

Response Example

Status: 200 Ok

{
  "requestId": "3792591f-d943-49d2-9000-4986b6ca3ecd",
  "userId": "test@britive.com",
  "resource": "xoktlx35r1a7h02cn3iz/ebayqlkczlhkxxh3010w",
  "action": "resource.profile.checkout",
  "justification": "y",
  "approvers": {
    "userIds": [
      "test@britive.com"
    ]
  },
  "createdAt": "2024-12-06T05:40:42.605Z",
  "status": "PENDING",
  "validFor": 1,
  "timeToApprove": 10,
  "expirationTimeForApproveRequest": "2024-12-06T05:50:42.606Z",
  "consumer": "resourceprofile",
  "resourceName": "resource1",
  "multilevelApprovalSupport": false,
  "context": {
    "profileName": "profile1",
    "permissionId": "yw996v3q1ub50qazo9vu",
    "resourceId": "ebayqlkczlhkxxh3010w",
    "profileId": "xoktlx35r1a7h02cn3iz",
    "resourceName": "resource1",
    "permissionVersion": "1",
    "justification": "y",
    "userId": "fasu6a71tn56n5ef8mn2",
    "permissionName": "webserverperm",
    "resourceType": "web-server"
  },
  "overallStatus": "PENDING",
  "trackingId": "REQ-1",
  "validForInDays": true,
  "highRisk": null
}

3. Get Approval Requests

This GET method returns the list of all approval requests.

Note: To execute this API, the user should have permission assigned (through policy) with action as authz.approval.list.

GET	{{url}}/api/v1/approvals

Request Parameters

The request parameters used in this method are shown in the following table:

Parameter	Description	Data Type	Required
filter	Filter the list of approvals based on the request status, PENDING, or TIMEOUT. The supported operators are 'eq' and 'co'. For example, status eq PENDING, TIMEOUT	String	Optional
requestType	Specifies the type of request. The value can be myRequests or myApprovals.	String	Optional
pageToken	Autogenerated token for next page of records in case the results are more than one page. Append this token in requested API URL to access the next set of pages.	String	Optional

Request Example

curl -X GET '{{url}}/api/v1/approvals' -H 'Authorization: Bearer <token>'

Response Example

Status: 200 Ok

{
    "result": [
        {
            "requestId": "25fefca3-4385-4ddc-a6fb-9f458ba534a2",
            "userId": "bdas2",
            "resource": "/bd_vault/titto/tt",
            "action": "sm.secret.read",
            "justification": "dsfg",
            "approvers": {
                "userIds": [
                    "bd"
                ]
            },
            "createdAt": "2025-01-13T10:01:58.133Z",
            "status": "TIMEOUT",
            "validFor": 5,
            "timeToApprove": 5,
            "expirationTimeForApproveRequest": "2025-01-13T10:06:58.133Z",
            "consumer": "secretmanager",
            "resourceName": "/BD_Vault/Titto/tt",
            "multilevelApprovalSupport": false,
            "overallStatus": "TIMEOUT",
            "trackingId": "REQ-749",
            "highRisk": null,
            "validForInDays": false
        },
        {
            "requestId": "240f57b8-87d8-4b0d-952f-7c7ac66abd3c",
            "userId": "amol",
            "resource": "8glioyono3ba8tamlyw4/r-pak3-wkf6zso9r1r7upgl2suf",
            "action": "papservice.profile.access",
            "justification": "Testing...",
            "approvers": {
                "userIds": [
                    "bd"
                ]
            },
            "createdAt": "2025-01-09T12:49:47.287Z",
            "updatedAt": "2025-01-09T12:50:00.512Z",
            "status": "APPROVED",
            "validFor": 60,
            "actionBy": "bd",
            "timeToApprove": 5,
            "expirationTimeForApproveRequest": "2025-01-09T12:54:47.287Z",
            "expirationTimeApproval": "2025-01-09T13:50:00.511Z",
            "consumer": "papservice",
            "resourceName": "BD-AWS Identity Center:ab_test",
            "multilevelApprovalSupport": false,
            "context": {
                "profileName": "ab_test",
                "tenantUrl": "Britive ",
                "appName": "BD-AWS Identity Center",
                "profileId": "8glioyono3ba8tamlyw4",
                "appId": "wkf6zso9r1r7upgl2suf",
                "envId": "r-pak3-wkf6zso9r1r7upgl2suf",
                "iconUrl": "/images/app_logos/aws.png",
                "justification": "Testing...",
                "userId": "dxorg3phyb8igzz0tr4w",
                "highRisk": "false"
            },
            "overallStatus": "APPROVED",
            "trackingId": "REQ-715",
            "highRisk": false,
            "validForInDays": false
        }
    ],
    "pagination": {
        "next": ""
    }
}