Access Policies represent roles in the platform, this API allows developers to create an entirely personalised RBAC system on their accounts.
It allows creation and management of access policies that define the resources and operations one is allowed to access.
For example, a product manufacturing company may decide to create the "machineOperator" and "shopManager" roles and these would be represented in the platform by two distinct and unique access policies. These policies would, for example, allow machine operators to read thngs and products but not create them, and allow shop managers to read scans but not delete them.
Note
Read the Roles and Permissions page to learn about how this API can be used to fulfil the most typical use cases.
An access policy is defined by a list of permissions and an optional list of uiPermissions.
See Permissions to learn about how they're represented in the platform and how to configure them. For UI permissions configuration see UI Permissions
Permissions
A permission defines the resource and operations one is allowed to perform. It is defined by a resource name followed by the allowed operations.
For example, a permission to read, list, create, update and delete a thng is represented in the following string format: thngs:read,list,create,update,delete - a resource name and a comma separated list of operations, where the resource and operations are separated by a colon.
See Resources to learn about the available resources and their meanings, and Operations to learn how to utilise them.
An access policy is constituted by an array of permissions. To represent an access policy for a factory administrator of a product manufacturing company, the following permissions array would serve as an example:
[
'accounts:read,update',
'accessPolicies:read,list',
'factories:list',
'operatorAccess:list,read,create,update,delete',
'places:read,list',
'products:read,list',
'purchaseOrders:read,list',
'purchaseOrdersAggregations:list',
];
Operations
Operations represent HTTP methods allowed to a particular resource.
There are five different types of Operations:
- Create - The ability to make a POST request to a given API and create an instance of its resource in the platform.
- Read - The ability to make a GET-by-ID request to a given API and retrieve a single object of that resource.
- List - The ability to make a GET request to a given API and retrieve all resources through an array of objects.
- Update - The ability to make a PUT request to a given API and update a given resource.
- Delete - The ability to make a DELETE request to a given API and delete a given resource.
Operation Notation
In the resource table below, Operations will be presented in the following notation:
(C) - Create
(R) - Read
(L) - List
(U) - Update
(D) - Delete
Resources
A resource represents an entity data model in the platform. For any given resource there is a base endpoint associated with.
All available resources, possible operations, their associated endpoints and supported restrictive conditions are listed below:
| Endpoint | Resource | Operations | Supported restrictive conditions |
|---|---|---|---|
| /access | access | read | |
| /accesses | accesses | create,list | |
| /accesses/:accessId | accesses | delete,read | |
| /accessPolicies | accessPolicies | create,list | accessPolicyId - Restrictive condition on an access policyID |
| /accessPolicies/:accessPolicyId | accessPolicies | read,delete,update | accessPolicyId- Restrictive condition on an access policyID |
| /accessTokens | accessTokens | create,list | |
| /accessTokens/:accessTokenId | accessTokens | read,update,delete | |
| /accounts | accounts | list,create | |
| /accounts/:accountId | accounts | read,update,delete | |
| /accounts/:accountId/accesses | accountAccesses | list,create | |
| /accounts/:accountId/accesses/:accessId | accountAccesses | read,update,delete | |
| /accounts/:accountId/domains | domains | list | |
| /accounts/:accountId/modules | modules | list | |
| /accounts/:accountId/modules/:moduleId | modules | read,update | |
| /accounts/:accountId/operatorAccess | operatorAccess | create,list | accessPolicyId- Restrictive condition on an access policy ID. Role assignment is controlled based on the caller's access to certain access policies. |
| /accounts/:accountId/operatorAccess/:operatorAccessId | operatorAccess | read,delete,update | accessPolicyId- Restrictive condition on an access policy ID. Role assignment is controlled based on the caller's access to certain access policies. |
| /accounts/:accountId/rateLimit | accountRateLimits | create,list | |
| /accounts/:accountId/rateLimit/:name | accountRateLimits | read,update,delete | |
| /accounts/:accountId/shortDomains | shortDomains | update,list | |
| /actions | actions | create,read | |
| /actions/all | allActions | list,read | |
| /actions/checkins | checkinsActions | read,list,create,update,delete | |
| /actions/commissions | commissionsActions | read,list,create,update,delete | |
| /actions/_:customType | customActions | read,list,create,update,delete | |
| /actions/decommissions | decommissionsActions | read,list,create,update,delete | |
| /actions/encodings | encodingsActions | read,list,create,update,delete | |
| /actions/implicitScans | implicitScansActions | read,list,create,update,delete | |
| /actions/invalidScans | invalidScansActions | read,list,create,update,delete | |
| /actions/scans | scansActions | read,list,create,update,delete | |
| /actions/shares | sharesActions | read,list,create,update,delete | |
| /actions/_:customType/:actionId | customActions | read,delete | |
| /actions/all/:actionId | allActions | list,read | |
| /actions/checkins/:actionId | checkinsActions | read,delete | |
| /actions/commissions/:actionId | commissionsActions | read,delete | |
| /actions/decommissions/:actionId | decommissionsActions | read,delete | |
| /actions/encodings/:actionId | encodingsActions | read,delete | |
| /actions/implicitScans/:actionId | implicitScansActions | read,delete | |
| /actions/invalidScans/:actionId | invalidScansActions | read,delete | |
| /actions/scans/:actionId | scansActions | read,delete | |
| /actions/shares/:actionId | sharesActions | read,delete | |
| /actions/all/aggregations | actions | list | |
| /actionTypes | actionTypes | list,create | |
| /actionTypes/:actionType | actionTypes | read,update,delete | |
| /adis/orders | adiOrders | create,list | |
| /adis/orders/:orderId | adiOrders | read | |
| /adis/orders/:orderId/events | adiOrdersEvents | list,create | |
| /adis/orders/:orderId/events/:eventId | adiOrdersEvents | read | |
| /analytics/embed/dashboards/:dashboardId | analyticsEmbed | read | |
| /analytics/v2/metrics/:metricName/compute | analytics | list | |
| /auth/strategies/:strategy/:provider | authStrategies | read | |
| /auth/strategies/:strategy/:provider/callback | authStrategies | create,read | |
| /graphql | analyticsGraphql | create,list | |
| /collections | collections | create,list | |
| /collections/:collectionId | collections | read,update,delete | |
| /collections/:collectionId/actions/all | collectionsActions | create,list | |
| /collections/:collectionId/actions/checkins | collectionsCheckinsActions | create,list | |
| /collections/:collectionId/actions/commissions | collectionsCommissionsActions | create,list | |
| /collections/:collectionId/actions/_:customActionType | collectionsCustomActions | create,list | |
| /collections/:collectionId/actions/decommissions | collectionsDecommissionsActions | create,list | |
| /collections/:collectionId/actions/encodings | collectionsEncodingsActions | create,list | |
| /collections/:collectionId/actions/implicitScans | collectionsImplicitScansActions | create,list | |
| /collections/:collectionId/actions/invalidScans | collectionsInvalidScansActions | create,list | |
| /collections/:collectionId/actions/scans | collectionsScansActions | create,list | |
| /collections/:collectionId/actions/shares | collectionsSharesActions | create,list | |
| /collections/:collectionId/actions/all/:actionId | collectionsActions | read | |
| /collections/:collectionId/actions/checkins/:actionId | collectionsCheckinsActions | read,delete | |
| /collections/:collectionId/actions/commissions/:actionId | collectionsCommissionsActions | read,delete | |
| /collections/:collectionId/actions/_:customActionType/:actionId | collectionsCustomActions | read,delete | |
| /collections/:collectionId/actions/decommissions/:actionId | collectionsDecommissionsActions | read,delete | |
| /collections/:collectionId/actions/encodings/:actionId | collectionsEncodingsActions | read,delete | |
| /collections/:collectionId/actions/implicitScans/:actionId | collectionsImplicitScansActions | read,delete | |
| /collections/:collectionId/actions/invalidScans/:actionId | collectionsInvalidScansActions | read,delete | |
| /collections/:collectionId/actions/scans/:actionId | collectionsScansActions | read,delete | |
| /collections/:collectionId/actions/shares/:actionId | collectionsSharesActions | read,delete | |
| /collections/:collectionId/collections | collections | create,list,delete | |
| /collections/:collectionId/collections/:childCollectionId | collections | delete | |
| /collections/:collectionId/thngs | collections | list,update,delete | |
| /collections/:collectionId/thngs/:thngId | collections | delete | |
| /files | files | create,list | |
| /files/:fileId | files | read,delete | |
| /me | me | read | |
| /metrics/totalActivations | totalActivations | read | |
| /metrics/activePurchaseOrders | activePurchaseOrders | read | |
| /metrics/activeFactories | activeFactories | read | |
| /operators | operators | create,list | |
| /operators/:operatorId | operators | read,delete,update | |
| /operators/:operatorId/status | operatorsStatus | read,update | |
| /operators/login/evrythng | operatorsLogin | create | |
| /places | places | create,list | |
| /places/:placeId | places | read,update,delete | |
| /places/factories/*/aggregations/timeseries | factories | list | |
| /places/factories/*/purchaseOrders/aggregations | factories | list | |
| /places/factories/*/zones/aggregations | factories | list | |
| /products | products | create,list | |
| /products/:productId | products | read,update,delete | |
| /products/:productId/actions/all | productsActions | create,list | |
| /products/:productId/actions/checkins | productsCheckinsActions | read,create,list,update,delete | |
| /products/:productId/actions/commissions | productsCommissionsActions | read,create,list,update,delete | |
| /products/:productId/actions/_:customActionType | productsCustomActions | read,create,list,update,delete | |
| /products/:productId/actions/decommissions | productsDecommissionsActions | read,create,list,update,delete | |
| /products/:productId/actions/encodings | productsEncodingsActions | read,create,list,update,delete | |
| /products/:productId/actions/implicitScans | productsImplicitScansActions | read,create,list,update,delete | |
| /products/:productId/actions/invalidScans | productsInvalidScansActions | read,create,list,update,delete | |
| /products/:productId/actions/scans | productsScansActions | read,create,list,update,delete | |
| /products/:productId/actions/shares | productsSharesActions | read,create,list,update,delete | |
| /products/:productId/actions/all/:actionId | productsActions | read | |
| /products/:productId/actions/checkins/:actionId | productsCheckinsActions | read | |
| /products/:productId/actions/commissions/:actionId | productsCommissionsActions | read | |
| /products/:productId/actions/_:customActionType/:actionId | productsCustomActions | read | |
| /products/:productId/actions/decommissions/:actionId | productsDecommissionsActions | read | |
| /products/:productId/actions/encodings/:actionId | productsEncodingsActions | read | |
| /products/:productId/actions/implicitScans/:actionId | productsImplicitScansActions | read | |
| /products/:productId/actions/invalidScans/:actionId | productsInvalidScansActions | read | |
| /products/:productId/actions/scans/:actionId | productsScansActions | read | |
| /products/:productId/actions/shares/:actionId | productsSharesActions | read | |
| /products/:productId/properties | products | create,list,update,delete | |
| /products/:productId/properties/:propertyKey | products | read,update,delete | |
| /products/:productId/redirector | products | create,read,update,delete | |
| /projects | projects | create,list | |
| /projects/:projectId | projects | read,update,delete | |
| /projects/:projectId/applications | applications | create,list | |
| /projects/:projectId/applications/:applicationId | applications | read,update,delete | |
| /projects/:projectId/applications/:applicationId/reactor/script | reactor | read,update | |
| /projects/:projectId/applications/:applicationId/reactor/script/status | reactor | read | |
| /projects/:projectId/applications/:applicationId/reactor/logs | reactorLogs | read,delete | |
| /projects/:projectId/applications/:applicationId/reactor/logs/bulk | reactorLogs | create | |
| /projects/:projectId/applications/:applicationId/reactor/schedules | reactorSchedules | create,list | |
| /projects/:projectId/applications/:applicationId/reactor/schedules/:reactorScheduleId | reactorSchedules | read,update,delete | |
| /projects/:projectId/applications/:applicationId/redirector | redirections | read,update | |
| /purchaseOrders | purchaseOrders | create,list | |
| /purchaseOrders/:purchaseOrderId | purchaseOrders | read,update,delete | |
| /purchaseOrders/aggregations | purchaseOrdersAggregations | list | |
| /purchaseOrders/*/aggregations | purchaseOrdersAggregations | list | |
| /purchaseOrders/*/products/aggregations | purchaseOrdersAggregations | list | |
| /redirections | redirections | create | |
| /redirections/{GS1_PATH} | redirections | read | |
| /redirections/:shortId | redirections | read,update,delete | |
| /redirector | redirector | read,update,delete | |
| /rules/authenticity | rules | create | |
| /shipmentNotices | shipmentNotices | create,list | |
| /shipmentNotices/:shipmentNoticeId | shipmentNotices | read,update,delete | |
| /scan/identifications | scan | create,read | |
| /thngs | thngs | create,list,delete | |
| /thngs/:thngId | thngs | read,update,delete | |
| /thngs/:thngId/actions/all | thngsActions | create,list | |
| /thngs/:thngId/actions/checkins | thngsCheckinsActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/commissions | thngsCommissionsActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/_:customActionType | thngsCustomActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/decommissions | thngsDecommissionsActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/encodings | thngsEncodingsActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/implicitScans | thngsImplicitScansActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/invalidScans | thngsInvalidScansActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/scans | thngsScansActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/shares | thngsSharesActions | read,create,list,update,delete | |
| /thngs/:thngId/actions/all/:actionId | thngsActions | read | |
| /thngs/:thngId/actions/checkins/:actionId | thngsCheckinsActions | read,delete | |
| /thngs/:thngId/actions/commissions/:actionId | thngsCommissionsActions | read,delete | |
| /thngs/:thngId/actions/_:customType/:actionId | thngsCustomActions | read,delete | |
| /thngs/:thngId/actions/decommissions/:actionId | thngsDecommissionsActions | read,delete | |
| /thngs/:thngId/actions/encodings/:actionId | thngsEncodingsActions | read,delete | |
| /thngs/:thngId/actions/implicitScans/:actionId | thngsImplicitScansActions | read,delete | |
| /thngs/:thngId/actions/invalidScans/:actionId | thngsInvalidScansActions | read,delete | |
| /thngs/:thngId/actions/scans/:actionId | thngsScansActions | read,delete | |
| /thngs/:thngId/actions/shares/:actionId | thngsSharesActions | read,delete | |
| /thngs/:thngId/commissionState | thngsCommissioningState | read | |
| /thngs/:thngId/location | thngs | list,create,update,delete | |
| /thngs/:thngId/properties | thngs | list,create,update,delete | |
| /thngs/:thngId/properties/:propertyKey | thngs | read,update,delete | |
| /thngs/:thngId/redirector | thngs | create,read,update,delete | |
| /time | time | read |
Restrictive Conditions
Before learning about how this API supports them, read about Restrictive Conditions to understand the concept.
The Access Policies API supports restrictive conditions on an access policy ID. Meaning that for a given API key with a restrictive condition on accessPolicyId the API will filter out all access policies that are not part of the caller's restrictive conditions.
For example:
A certain Operator Access with the following conditions:
See Permissions to learn about how they're represented in the platform and how to configure them. For UI permissions configuration see UI Permissions
{
"id": "UsSNYMPhapktcaaabfahfpdp",
"name": "The Operator's name",
"operator": "UsSNYMPhapktcaaabfahfpdp",
"policies": [
"UsSNYMPhapktcaaabfahfpdp"
],
"conditions": [
“accessPolicyId:UsSNYMPhapktcaaabfahfpdp”,
“accessPolicyId:UsLOOMDhrpktcooobfahfade”,
]
}
and that the Operator above has an API key that allows C, R, L, U, D operations on access policies, the following scenarios will occur when that key is used:
- GET
/accessPolicieswill only return policies which IDs areUsSNYMPhapktcaaabfahfpdporUsLOOMDhrpktcooobfahfade - Get
/accessPolicies/:accessPolicyIdwill only return data ifaccessPolicyIdis eitherUsSNYMPhapktcaaabfahfpdporUsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned. - PUT
/accessPolicies/:accessPolicyIdwill only be accessible ifaccessPolicyIdis eitherUsSNYMPhapktcaaabfahfpdporUsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned. - DELETE
/accessPolicies/:accessPolicyIdwill only be accessible ifaccessPolicyIdis eitherUsSNYMPhapktcaaabfahfpdporUsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned. - POST
/accessPolicieswill allow the creation of access policies that do not extend the permissions present on the caller's access policy -UsSNYMPhapktcaaabfahfpdp, otherwise the payload is considerate incorrect and a 400 Bad Request error is returned. See blocked elevated privileges to learn how the system ensures that access policies created by API keys that have other access policies assign to them do not extend their own permissions.
Blocked Elevated Permissions
The API needs to ensure callers with certain access policies assigned do not elevate their own permissions by creating access policies with greater access than their own.
To achieve that, based on the caller's assigned access policies, the API gets and merges their permissions to a single list of permissions, and ensures the payload intended to be created is qualified.
For example:
Given the caller API key has policy1 and policy2 assigned to herself, and that the combination of permissions of those policies is:
[
"accounts:read,update",
"accessPolicies:read,list",
"places:read,list",
"products:read,lis",
"thngs:read,list"
]
in this case, the following requests would not be allowed:
Here it will fail because the caller has no delete access on accounts:
POST /accessPolicies
Content-Type: application/json
Authorization: $OPERATOR_API_KEY
{
"name": "Policy name",
"permissions"[
"accounts:delete"
],
}
HTTP/1.1 400 Bad Request
The caller does not have an access to a account resource and delete action listed in payload 'permissions'
And here, because the caller does not have access to the scans resource at all:
POST /accessPolicies
Content-Type: application/json
Authorization: $OPERATOR_API_KEY
{
"name": "Policy name",
"permissions"[
"scans:read"
],
}
HTTP/1.1 400 Bad Request
The caller does not have an access to a scans resource and read action listed in payload 'permissions'
UI Permissions
A UI permission defines the dashboard page or feature one is allowed to access. It is defined by the dashboard page unique name. For example, a UI permission to the Consumer Engagement dashboard page is represented in the following string format: "consumerEngagement" - only users with this ui permission will be able to access this dashboard page.
An access policy is constituted by an array of permissions and an array of uiPermissions. To represent an access policy for a factory administrator of a product manufacturing company, the following permissions and uiPermissions array would serve as an example:
permission example:
[
"accounts:read,update",
"accessPolicies:read,list",
"factories:list",
"operatorAccess:list,read,create,update,delete",
"places:read,list",
"products:read,list",
"purchaseOrders:read,list",
"purchaseOrdersAggregations:list"
]
uiPermission example:
[
"activation",
"adiOrders",
"authenticate",
"consumerEngagement",
"counterfeit",
"grayMarket",
"intentoryVisibility",
"inventoryTrace"
]
The uiPermissions list is a subject of the same restrictions as described in Blocked elevated permissions
Homepage
A homepage defines the dashboard or feature the holder of a policy should be shown by default. The value of the homepage must exist in the uiPermissions of the policy.
API Status
General Availability:
/accessPolicies/{accessPolicyId}
/accessPolicies
Jump To↓
AccessPolicyDocument
Create an access policy
Read an access policy
Read all access policies
Update an access policy
Delete an access policy
AccessPolicyDocument Data Model
An access policy resource.
.name (string, required)
The name of the policy.
.permissions (array of AccessPolicyPermissionField)
A list of combinations of resource and type of access.
.uiPermissions (array of strings)
A list of UI permissions.
.homepage (string)
The homepage to display in the UI. Must exist in policy's uiPErmissions.
.customFields (CustomFieldsDocument)
Object of case-sensititve key-value pairs of custom fields
associated with the resource.
.identifiers (IdentifiersDocument)
Various identifiers (EPC, GTIN, etc.) as a JSON object with
one or more key-value pairs.
.tags (array of string)
Array of string tags associated with this resource.
{
"additionalProperties": false,
"type": "object",
"description": "An access policy resource.",
"required": ["name"],
"properties": {
"name": {
"description": "The name of the policy.",
"type": "string",
"example": "FactoryAdministratorPolicy",
"minLength": 5,
"maxLength": 128,
"pattern": "^[a-zA-Z0-9:\\\\._\\\\s-]+$"
},
"permissions": {
"description": "A list of combinations of resource and type of access.",
"type": "array",
"items": {
"description": "An access policy permission. Each must include an resource type, such as places or thngs, and one or more types of access from create, list, read, update, and delete.",
"type": "string",
"example": "places:list,read,update",
"minLength": 3,
"maxLength": 256,
"pattern": "^[a-zA-Z0-9\\\\.]+:[a-z\\\\,\\\\*]+$"
},
"minItems": 1,
"maxItems": 100
},
"uiPermissions": {
"description": "A list of UI permissions",
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 128
},
"uniqueItems": true
},
"homepage": {
"description": "The homepage to display in the UI. The homepage must be included in the uiPermissions list within the current access policy document.",
"type": "string",
"example": "adiOrders",
"minLength": 1,
"maxLength": 128
},
"customFields": {
"type": "object",
"description": "Object of case-sensititve key-value pairs of custom fields associated with the resource."
},
"identifiers": {
"type": "object",
"description": "Various identifiers (EPC, GTIN, etc.) as a JSON object with one or more key-value pairs."
},
"tags": {
"type": "array",
"description": "Array of string tags associated with this resource.",
"items": {
"type": "string",
"maxLength": 60
}
}
},
"x-filterable-fields": [
{
"name": "name",
"type": "string",
"operators": ["="]
},
{
"name": "identifiers.<key>",
"type": "string",
"operators": ["="]
},
{
"name": "tags",
"type": "list of string",
"operators": ["="]
}
]
}
{
"id": "UsSNYMPhapktcaaabfahfpdp",
"name": "factoryManager",
"description": "Allows factory managers to manage operators",
"permissions": [
"accounts:read,update",
"products:read",
"purchaseOrders:read,list",
"thngs:read",
"thngsCommissioning:create,list",
"thngsCommissioningState:read"
],
"uiPermissions": [
"activation",
"adiOrders",
"authenticate"
],
"homepage": "adiOrders",
"tags": [],
"identifiers": {},
"customFields": {}
}
Filterable Fields
This resource type can be filtered using the following fields and operators.
| Field | Type | Operators |
|---|---|---|
name | String | = |
identifiers.<key> | String | = |
tags | List of string | = |
Create an access policy
Create a new access policy resource.
POST /accessPolicies
Content-Type: application/json
Authorization: $OPERATOR_API_KEY
AccessPolicyDocument
curl -i -H Content-Type:application/json \
-H Authorization:$OPERATOR_API_KEY \
-X POST https://api.evrythng.com/accessPolicies \
-d '{
"name": "FactoryAdministratorPolicy",
"permissions": [
"actions:create",
"places:list,read,update",
"products:list,read",
"purchaseOrders:list,read",
"thngs:read"
]
}'
HTTP/1.1 201 Created
Content-Type: application/json
{
"name": "FactoryAdministratorPolicy",
"id": "UsSNYMPhapktcaaabfahfpdp",
"permissions": [
"actions:create",
"places:list,read,update",
"products:list,read",
"purchaseOrders:list,read",
"thngs:read"
],
"uiPermissions": [],
"tags": [],
"identifiers": {},
"customFields": {}
}
Read an access policy
Read an access policy resource.
GET /accessPolicies/:accessPolicyId
Authorization: $OPERATOR_API_KEY
curl -i \
-H Authorization:$OPERATOR_API_KEY \
-X GET https://api.evrythng.com/accessPolicies/:accessPolicyId
HTTP/1.1 200 OK
Content-Type: application/json
{
"name": "FactoryAdministratorPolicy",
"id": "UsSNYMPhapktcaaabfahfpdp",
"permissions": [
"actions:create",
"places:list,read,update",
"products:list,read",
"purchaseOrders:list,read",
"thngs:read"
],
"uiPermissions": [],
"tags": [],
"identifiers": {},
"customFields": {}
}
Read all access policies
Read all access policies in an account
GET /accessPolicies
Authorization: $OPERATOR_API_KEY
curl -i \
-H Authorization:$OPERATOR_API_KEY \
-X GET https://api.evrythng.com/accessPolicies
HTTP/1.1 200 OK
Content-Type: application/json
[
{
"name": "FactoryAdministratorPolicy",
"id": "UsSNYMPhapktcaaabfahfpdp",
"description": "Description of FactoryAdministratorPolicy",
"permissions": [
"actions:create",
"places:list,read,update",
"products:list,read",
"purchaseOrders:list,read",
"thngs:read"
],
"uiPermissions": [
"activation",
"adiOrders",
"authenticate"
],
"tags": [],
"identifiers": {},
"customFields": {}
},
{
"name": "BrandOwnerPolicy",
"id": "UsSNYMPhapktcaaabfahfpdp",
"permissions": [
"actions:create",
"places:list,read,update",
"products:list,read",
"purchaseOrders:list,read",
"thngs:read"
],
"uiPermissions": [],
"tags": [],
"identifiers": {},
"customFields": {}
}
]
Update an access policy
Update an access policy resource.
PUT /accessPolicies/:accessPolicyId
Content-Type: application/json
Authorization: $OPERATOR_API_KEY
AccessPolicyDocument (partial)
curl -i -H Content-Type:application/json \
-H Authorization:$OPERATOR_API_KEY \
-X PUT https://api.evrythng.com/accessPolicies/:accessPolicyId \
-d '{
"name": "FactoryAdministratorPolicy",
"permissions": [
"actions:create",
"places:list,read,update",
"products:list,read",
"purchaseOrders:list,read",
"thngs:read"
]
}'
HTTP/1.1 200 OK
Content-Type: application/json
{
"name": "FactoryAdministratorPolicy",
"id": "UsSNYMPhapktcaaabfahfpdp",
"permissions": [
"actions:create",
"places:list,read,update",
"products:list,read",
"purchaseOrders:list,read",
"thngs:read"
],
"uiPermissions": [],
"tags": [],
"identifiers": {},
"customFields": {}
}
Delete an access policy
Delete an access policy.
DELETE /accessPolicies/:accessPolicyId
Authorization: $OPERATOR_API_KEY
curl -i \
-H Authorization:$OPERATOR_API_KEY \
-X DELETE https://api.evrythng.com/accessPolicies/:accessPolicyId
HTTP/1.1 204 No Content