Boundary Controller HTTP API

Scope Service

List ScopesGET/v1/scopes

Lists all Scopes within the Scope provided in the request.

Query Parameters

scope_id string

recursive boolean

filter string

Successful Response

items object[]

Scope contains all fields related to a Scope resource

id string

Output only. The ID of the Scope.

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

Output only. The authorized actions for the scope's collections.

Create ScopePOST/v1/scopes

Creates a single Scope.

Query Parameters

skip_admin_role_creation boolean

skip_default_role_creation boolean

Body Parameters

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

Successful Response

id string

Output only. The ID of the Scope.

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

Output only. The authorized actions for the scope's collections.

Get ScopeGET/v1/scopes/{id}

Gets a single Scope.

Path Parameters

id string

Successful Response

id string

Output only. The ID of the Scope.

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

Output only. The authorized actions for the scope's collections.

Delete ScopeDELETE/v1/scopes/{id}

Deletes a Scope.

Path Parameters

id string

Update ScopePATCH/v1/scopes/{id}

Updates a Scope.

Path Parameters

id string

Query Parameters

update_mask string

Body Parameters

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

Successful Response

id string

Output only. The ID of the Scope.

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]

authorized_collection_actions object

Output only. The authorized actions for the scope's collections.

List KeysGET/v1/scopes/{id}:list-keys

List all keys in a Scope.

Path Parameters

id string

Successful Response

items object[]

Key contains all fields related to a Key in a Scope.

id string

The ID of the Key.

scope object

Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

purpose string

The purpose of the Key.

created_time string

The time this Key was created.

type string

The type of the Key.

versions object[]

KeyVersion describes a specific version of a key and holds the actual key material

id string

The ID of the key version.

version integer

The iteration of the Key that this version represents.

created_time string

When this version was created.

List Key Version Destruction JobsGET/v1/scopes/{scope_id}:list-key-version-destruction-jobs

Lists all pending key version destruction jobs in a Scope.

Path Parameters

scope_id string

Successful Response

items object[]

KeyVersionDestructionJob holds information about a pending key version destruction job.

key_version_id string

The ID of the Key version this job relates to.

scope object

Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

status string

The current status of the key version destruction job. One of "pending", "running" or "completed".

created_time string

The time this key version destruction job was created.

completed_count string

The number of rows that have been successfully re-encrypted with a new key version. All rows must be re-encrypted before the key version can be destroyed.

total_count string

The total number of rows that need re-encrypting.

Destroy Key VersionPOST/v1/scopes:destroy-key-version

Destroy the specified key version in a Scope. This may start an asynchronous job that re-encrypts all data encrypted by the specified key version. Use GET /v1/scopes/{scope_id}:list-key-version-destruction-jobs to monitor pending destruction jobs.

Body Parameters

scope_id string

key_version_id string

Rotate KeysPOST/v1/scopes:rotate-keys

Rotate all keys in a Scope.

Body Parameters

scope_id string

rewrap boolean