You can use the Britive API methods for managing user profiles that include operations such as enabling profiles, creating new profiles, editing profiles, updating profile scopes, and disabling or deleting profiles.
1. Create a Profile
The POST method allows you to create a new profile in the system.
| POST | {{url}}/api/apps/{{appID}}/paps |
Request Example
An example request is shown here.
curl --location --request POST '{{url}}/api/apps/{{appID}}/paps' \
--header 'Authorization: TOKEN {{token}}' \
--data-raw '{
"appContainerId": "{{appID}}",
"scope": [
{
"type": "Environment",
"value": "{{envID}}"
}
],
"name": "{{papName}}",
"description": "",
"extendable": false,
"expirationDuration": 3600000,
"extensionDuration": 1800000,
"notificationPriorToExpiration": 300000,
"extensionLimit": "1",
"status": "active",
“destinationUrl”: “https://console.aws.amazon.com”
}'Response Example
An example response is shown here:
{
"tenantAppId" : null,
"name" : "doc_app_example",
"description" : "",
"status" : "active",
"expirationDuration" : 3600000,
"extendable" : false,
"extensionDuration" : 1800000,
"extensionLimit" : 1,
"notificationPriorToExpiration" : 300000,
"appContainerPapPermissions" : [ ],
"runtimeEnvironmentId" : null,
"runtimeTargetAccountId" : null,
"environments" : [ ],
"userTagIntegrityChecks" : [ ],
"destinationUrl" : "",
"permissions" : [ ],
"papId" : "5uve681y0952bjcqconn",
"appContainerId" : "p0kj8i3qwr80nyoj9nxr",
"scope" : [ {
"papScopeId" : 2301,
"type" : "Environment",
"appContainerId" : 379,
"value" : "378563640942",
"papId" : null
} ],
"integrityChecks" : [ ],
"accountIntegrityChecks" : [ ],
"userTags" : [ ],
"users" : [ ]
}2. Get Profile Details
The GET method returns the list of all profiles for the application ID given in the request. The data is returned in pages. Multiple API calls have to be made to return the complete profile list.
| GET | {{url}}/api/apps/{{appID}}/paps?view=summary&page=0&size=20&sort=name,asc&filter=name co "Role" |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
| appID | The ID of the application. | string | Mandatory |
| view | The profile name and details are returned. | string | Optional |
page | The page number starts from zero. | string | Mandatory |
size | The number of records that are returned. Note: The total number of records can be used to calculate the number of pages. | string | Mandatory |
sort | The column is used for sorting the records. | string | Optional |
filter | The filter that can filter the list of profiles based on name, status, or integrity checks. The supported operators are 'eq' and 'co'. The format is as follows: name co "Dev Account" | string | Optional |
Request Example
An example request is shown here.
curl --location -g --request GET '{{url}}/api/apps/{{appID}}/paps?view=summary&page=0&size=20&sort=name,asc' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response is shown here.
{
"count": 3,
"page": 0,
"size": 20,
"sort" : "name: ASC",
"data": [
{
"papId": "58gzbigf4749ai2956g7",
"name": "britive-stage",
"description": "",
"expirationDuration": 1200000,
"destinationUrl": "",
"environments": [
"Sigma Labs"
],
"permissionsCount": 1,
"checkStatus": "Success",
"message": "",
"origin": "Admin",
"createdBy": "vishal",
"modifiedBy": "vishal",
"lastAccessed": "2024-01-23 12:23:17.0",
"createdDate": "2024-01-23 12:21:26.0",
"modifiedDate": "2024-01-24 07:00:00.0",
"papStatus": "active",
"approvalStatus": "Approved",
"defaultAppUrl": "https://console.aws.amazon.com",
"useDefaultAppUrl": true,
"status": "Active"
},
{
"papId": "zjzvumwm2x6qvakflx1k",
"name": "newTestBug",
"description": "",
"expirationDuration": 1200000,
"destinationUrl": "",
"environments": [
"Sigma Labs"
],
"permissionsCount": 1,
"checkStatus": "Success",
"message": "",
"origin": "User",
"createdBy": "vishal",
"modifiedBy": "vishal",
"lastAccessed": null,
"createdDate": "2024-01-29 10:19:27.0",
"modifiedDate": "2024-01-29 10:20:13.0",
"papStatus": "Draft",
"approvalStatus": "Draft",
"defaultAppUrl": "https://console.aws.amazon.com",
"useDefaultAppUrl": true,
"status": "Active"
},
{
"papId": "lg2y5fyzfwt4xtl5qmeu",
"name": "pendingprofile",
"description": "",
"expirationDuration": 1200000,
"destinationUrl": "",
"environments": [
"Sigma Labs"
],
"permissionsCount": 1,
"checkStatus": "Success",
"message": "",
"origin": "User",
"createdBy": "vishal",
"modifiedBy": "vishal",
"lastAccessed": null,
"createdDate": "2024-01-29 10:20:56.0",
"modifiedDate": "2024-01-29 10:21:55.0",
"papStatus": "active",
"approvalStatus": "Pending",
"defaultAppUrl": "https://console.aws.amazon.com",
"useDefaultAppUrl": true,
"status": "Active"
}
]
}3. (Deprecated) Get Profile Details
The GET method provides the details of all profiles created in the system.
| GET | {{url}}/api/apps/{{appID}}/paps |
Request Example
An example request is shown here.
curl --location --request GET '{{url}}/api/apps/{{appID}}/paps' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response is shown here.
[
{
"tenantAppId": null,
"name": "test1",
"description": "",
"status": "active",
"expirationDuration": 3600000,
"extendable": false,
"extensionDuration": 1800000,
"extensionLimit": 1,
"notificationPriorToExpiration": 300000,
"appContainerPapPermissions": [],
"runtimeEnvironmentId": null,
"runtimeTargetAccountId": null,
"environments": [
{
"id": "123750444551",
"name": "Sigma Stage",
"description": null,
"parentGroupId": "ou-pak3-c285231b",
"type": "AWSAccount",
"internalParentId": ""
}
],
"userTagIntegrityChecks": [],
"permissions": [],
"papId": "pocahtoxoatg2dthkesw",
"appContainerId": "xo874fa62qczu304kh55",
"scope": [
{
"papScopeId": 36,
"type": "Environment",
"appContainerId": 19,
"value": "123750444551",
"papId": null
}
],
"integrityChecks": [],
"accountIntegrityChecks": [],
"userTags": [],
"users": []
}
]4. Get Profile, Policy, and Member details for an application
The GET method returns the list of all profiles along with policies and members (users/tags/service identities) for the application ID given in the request. The data is returned in pages. Multiple API calls have to be made to return the complete profile list.
| GET | {{url}}/api/apps/{{appID}}/paps?view=includePolicies&page=0&size=20 |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
| appID | The ID of the application. | string | Mandatory |
| view | The profiles along with policies. | string | Optional |
page | The page number starts from zero. | string | Mandatory |
size | The number of records that are returned. Note: The maximum allowed number of sizes is 100. If more than 100 are provided, only 100 will be considered and others will be ignored. | string | Mandatory |
| filter | The filter can filter the list of profiles based on name and environment. The supported operators are 'eq' and 'co'. The format is as follows: name co "Dev Account". | string | Optional |
Request Example
An example GET request for getting profiles, policies, and members for an application is shown here.
curl --location -g --request GET '{{url}}/api/apps/{{appID}}/paps?view=includePolicies&page=0&size=20' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response to the GET request is shown here.
| Status: 200 OK |
[
{
"profileId": "9ec3lzhk4nfcnu57e2ma",
"profileName": "profile1",
"profileDescription": "Profile1 for the application1",
"policies": [
{
"policyId": "7a8e082d-23ad-4cc2-bb4e-ca5baced60a4",
"policyName": "mul-user-pol1",
"policyDescription": "policy for mul user",
"users": [
{
"id": "u4d8uyvra5vzl3ro8pdf",
"email": "john.doe@britive.com",
"username": "John"
}
],
"tags": [
{
"id": "0i3m6x9x7cl1e2tpw4k9",
"name": "mul-user-tag1"
}
],
"serviceIdentities": [
{
"id": "ea0p1tzw3veg4w3tsft3",
"name": "mul-user-static-SI"
}
]
}
]
}
]5. Update Profiles
The PATCH method allows you to edit the profiles created in the system.
| PATCH | {{url}}/api/apps/{{appID}}/paps/{{papID}} |
Request Example
An example request is shown here.
curl --location --request PATCH '{{url}}/api/apps/{{appID}}/paps/{{papID}}' \
--header 'Authorization: TOKEN {{token}}' \
--data-raw '{
"appContainerId": "{{appID}}",
"name": "test3",
"description": "test",
"extendable": false,
"expirationDuration": 3600000,
"extensionDuration": 1800000,
"notificationPriorToExpiration": 300000,
"extensionLimit": "1",
"destinationUrl": "https://console.aws.amazon.com"
}Response Example
An example response is shown here.
{
"tenantAppId": null,
"name": "test3",
"description": "test",
"status": "active",
"expirationDuration": 3600000,
"extendable": false,
"extensionDuration": 1800000,
"extensionLimit": 1,
"notificationPriorToExpiration": 300000,
"appContainerPapPermissions": [],
"runtimeEnvironmentId": null,
"runtimeTargetAccountId": null,
"environments": [],
"userTagIntegrityChecks": [],
"permissions": [],
"papId": "pocahtoxoatg2dthkesw",
"appContainerId": "xo874fa62qczu304kh55",
"integrityChecks": [],
"accountIntegrityChecks": [],
"userTags": [],
"users": [],
"destinationUrl": "https://console.aws.amazon.com"
}6. Clone a Profile
The POST method allows you to clone a profile.
| POST | {{url}}/api/apps/{{app_id}}/paps/clone?cloneProfileId={{profileId}}&cloneOptions={{string}}&ignoreErrors={{boolean}} |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
| app_id | App Container ID of the profile. | string | Mandatory |
| cloneProfileId | Profile ID of the profile to be cloned. | string | Mandatory |
cloneOptions | Comma-separated values of clone options. The valid options are profile, permissions, associations, policies, sessionAttributes, and advancedSettings. The sessionAttributes parameter is valid for the AWS app profiles only. | string | Mandatory |
ignoreErrors | Clone profile except for invalid policies associated with the profile. The default value is false. | string | Optional |
Request Example
An example request is shown here.
curl --location --request POST '{{url}} /api/apps/{{app_id}}/paps/clone?cloneProfileId={{profileId}}&cloneOptions={{string}}&ignoreErrors={{boolean}}' \
--header 'Authorization: TOKEN {{token}}'
--data_raw '{
"name": String,
"appContainerId": String,
"expirationDuration": Long,
"description": String,
}'Response Example
| Response Code | Response body |
|---|---|
| 200 OK | |
| 207 Multi-status | |
| 422 Unprocessable entity | |
7. Get Available Resources for Profiles (Azure Only)
Note: This API applies to Azure applications only.
The GET method returns the list of all resource scopes that are available and can be added to a profile, for a given profile ID. The API returns data in pages. Multiple API calls return the complete list of identities for the profile.
| GET | {{url}}/api/paps/{{papID}}/resources?page=0&size=20&filter=name co Linux |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
| papID | The profile ID. | string | Mandatory |
page | The page number starts from zero. | string | Mandatory |
size | The number of records that are returned. Note: The total number of records can be used to calculate the number of pages. For example, 20. | string | Mandatory |
filter | The filter can filter the list of resource scopes based on name, status, or integrity checks. The supported operators are 'eq' and 'co'. The format is as follows: name co "linux" | string | Optional |
Request Example
An example request is shown here.
curl --location --request GET '{{url}}/api/paps/{{papID}}/resources?page=0&size=20&filter=name%20co%20Linux' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response is shown here.
{
"count": 1,
"page": 0,
"size": 20,
"sort": null,
"filter": "name co Linux",
"data": [
{
"id": 208,
"name": "linux-vm-1-nsg",
"type": "Linux",
"description": null,
"nativeId": "linux-vm-1-nsg",
"parentId": "64738ffe-22fe-40fb-9380-8b5af077d244",
"parentName": "linux-group",
"scanStatus": "Unchanged",
"path": ""
}
]
}8. Update Profile Scopes
The POST method allows you to edit the profiles created in the system.
| POST | {{url}}/api/paps/{{papID}}/scopes |
Request Example
An example request is shown here.
The PAP scope type can be EnvironmentId or EnvironmentGroup.
curl --location --request POST '{{url}}/api/apps/{{appID}}/paps/{{papID}}/scopes' \
--header 'Authorization: TOKEN {{token}}' \
--data-raw '[
{
"type": "EnvironmentGroup",
"value": "{{envID}}"
}
]'Response Example
An example response is shown here.
[
{
"papScopeId": 37,
"type": "Environment",
"appContainerId": 19,
"value": "123750444551",
"papId": "pocahtoxoatg2dthkesw",
"destinationUrl": "https://console.aws.amazon.com"
}
]9. Enable Profile
The POST method is used to enable a new profile.
| POST | {{url}}/api/apps/{{appID}}/paps/{{papID}}/enabled-statuses |
Request Example
An example request is shown here.
curl --location --request POST '{{url}}/api/apps/{{appID}}/paps/{{papID}}/enabled-statuses' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response is shown here:
{
"tenantAppId": null,
"name": "test3",
"description": "test",
"status": "active",
"expirationDuration": 3600000,
"extendable": false,
"extensionDuration": 1800000,
"extensionLimit": 1,
"notificationPriorToExpiration": 300000,
"appContainerPapPermissions": [
{
"name": "Application Administrator",
"type": "role",
"nativeId": null,
"appPermissionId": null,
"description": null,
"permissionScopes": [],
"privileged": false
}
],
"runtimeEnvironmentId": null,
"runtimeTargetAccountId": null,
"environments": [],
"userTagIntegrityChecks": [],
"permissions": [
{
"name": "Application Administrator",
"type": "role",
"nativeId": null,
"appPermissionId": null,
"description": null,
"permissionScopes": [],
"privileged": false
}
],
"papId": "pocahtoxoatg2dthkesw",
"appContainerId": "xo874fa62qczu304kh55",
"scope": [
{
"papScopeId": 37,
"type": "Environment",
"appContainerId": 19,
"value": "123750444551",
"papId": null
}
],
"integrityChecks": [
{
"integrityCheckId": 33,
"permissionName": "Application Administrator",
"permissionType": "role",
"succeeded": false,
"environmentId": "123750444551",
"scope": null,
"message": "Permission is missing in the environment selected",
"permissionId": null,
"appContainerId": 19,
"tenantAppId": null
}
],
"accountIntegrityChecks": [],
"userTags": [],
"users": []
}10. Disable Profile
The POST method allows you to disable the profile created in the system.
| POST | {{url}}/api/apps/{{appID}}/paps/{{papID}}/disabled-statuses |
Request Example
An example request is shown here.
curl --location --request POST '{{url}}/api/apps/{{appID}}/paps/{{papID}}/disabled-statuses' \
--header 'Authorization: TOKEN {{token}}'Response Example
The profile is disabled.
11. Delete Profile
The DELETE method allows you to delete the profile created in the system.
| DELETE | {{url}}/api/apps/{{appID}}/paps/{{papID}} |
Request Example
An example request is shown here.
curl --location --request DELETE '{{url}}/api/apps/{{appID}}/paps/{{papID}}' \
--header 'Authorization: TOKEN {{token}}'Response Example
The profile is deleted.