Boundary controller HTTP API

Scope Service

List ScopesGET/v1/scopes

Lists all Scopes within the Scope provided in the request.

Query Parameters

scope_id string

recursive boolean

filter string

You can specify that the filter should only return items that match. Refer to filter expressions for more information.

list_token string

An opaque token used to continue an existing iteration or request updated items. If paginating, use this token in the next list request.

page_size integer

The maximum size of a page in this iteration. If you do not set a page size, Boundary uses the configured default page size. If the page_size is greater than the default page size configured, Boundary truncates the page size to this number.

Successful Response

items object[]

Scope contains all fields related to a scope resource

id string

The ID of the scope.

scope_id string

The ID of the scope this resource is in. If this is the "global" scope this field will be empty.

scope object

Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

The authorized actions for the scope's collections.

storage_policy_id string

The attached storage policy id.

response_type string

The type of response, either "delta" or "complete". Delta signifies that this is part of a paginated result or an update to a previously completed pagination. Complete signifies that it is the last page.

list_token string

An opaque token used to continue an existing pagination or request updated items. Use this token in the next list request to request the next page.

sort_by string

The name of the field which the items are sorted by.

sort_dir string

The direction of the sort, either "asc" or "desc".

removed_ids string[]

est_item_count integer

An estimate at the total items available. This may change during pagination.

Create ScopePOST/v1/scopes

Creates a single Scope.

Query Parameters

skip_admin_role_creation boolean

skip_default_role_creation boolean

Body Parameters

scope_id string

The ID of the scope this resource is in. If this is the "global" scope this field will be empty.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

Successful Response

id string

The ID of the scope.

scope_id string

The ID of the scope this resource is in. If this is the "global" scope this field will be empty.

scope object

Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

The authorized actions for the scope's collections.

storage_policy_id string

The attached storage policy id.

Get ScopeGET/v1/scopes/{id}

Gets a single Scope.

Path Parameters

id string

Successful Response

id string

The ID of the scope.

scope_id string

The ID of the scope this resource is in. If this is the "global" scope this field will be empty.

scope object

Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

The authorized actions for the scope's collections.

storage_policy_id string

The attached storage policy id.

Delete ScopeDELETE/v1/scopes/{id}

Deletes a Scope.

Path Parameters

id string

Update ScopePATCH/v1/scopes/{id}

Updates a Scope.

Path Parameters

id string

Body Parameters

scope_id string

The ID of the scope this resource is in. If this is the "global" scope this field will be empty.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

Successful Response

id string

The ID of the scope.

scope_id string

The ID of the scope this resource is in. If this is the "global" scope this field will be empty.

scope object

Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

The authorized actions for the scope's collections.

storage_policy_id string

The attached storage policy id.

Attach Storage PolicyPOST/v1/scopes/{id}:attach-storage-policy

Attaches the specified Storage Policy to the Scope.

Path Parameters

id string

Body Parameters

storage_policy_id string

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

Successful Response

id string

The ID of the scope.

scope_id string

The ID of the scope this resource is in. If this is the "global" scope this field will be empty.

scope object

Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

The authorized actions for the scope's collections.

storage_policy_id string

The attached storage policy id.

Detach Storage PolicyPOST/v1/scopes/{id}:detach-storage-policy

Detaches the specified Storage Policy from the Scope.

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

Successful Response

id string

The ID of the scope.

scope_id string

The ID of the scope this resource is in. If this is the "global" scope this field will be empty.

scope object

Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

The authorized actions for the scope's collections.

storage_policy_id string

The attached storage policy id.

List KeysGET/v1/scopes/{id}:list-keys

List all keys in a Scope.

Path Parameters

id string

Successful Response

items object[]

Key contains all fields related to a Key in a Scope.

id string

The ID of the Key.

scope object

Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

purpose string

The purpose of the Key.

created_time string

The time this Key was created.

type string

The type of the Key.

versions object[]

KeyVersion describes a specific version of a key and holds the actual key material

id string

The ID of the key version.

version integer

The iteration of the Key that this version represents.

created_time string

When this version was created.

List Key Version Destruction JobsGET/v1/scopes/{scope_id}:list-key-version-destruction-jobs

Lists all pending key version destruction jobs in a Scope.

Path Parameters

scope_id string

Successful Response

items object[]

KeyVersionDestructionJob holds information about a pending key version destruction job.

key_version_id string

The ID of the Key version this job relates to.

scope object

Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

status string

The current status of the key version destruction job. One of "pending", "running" or "completed".

created_time string

The time this key version destruction job was created.

completed_count string

The number of rows that have been successfully re-encrypted with a new key version. All rows must be re-encrypted before the key version can be destroyed.

total_count string

The total number of rows that need re-encrypting.

Destroy Key VersionPOST/v1/scopes:destroy-key-version

Destroy the specified key version in a Scope. This may start an asynchronous job that re-encrypts all data encrypted by the specified key version. Use GET /v1/scopes/{scope_id}:list-key-version-destruction-jobs to monitor pending destruction jobs.

Body Parameters

scope_id string

key_version_id string

Rotate KeysPOST/v1/scopes:rotate-keys

Rotate all keys in a Scope.

Body Parameters

scope_id string

rewrap boolean