• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Boundary
  • Install
  • Tutorials
  • Documentation
  • API
  • Try Cloud(opens in new tab)
  • Sign up
Boundary Home

API

Skip to main content
  • API

  • Account Service
  • Auth Method Service
  • Auth Token Service
  • Credential Library Service
  • Credential Service
  • Credential Store Service
  • Group Service
  • Host Catalog Service
  • Host Service
  • Host Set Service
  • Managed Group Service
  • Role Service
  • Scope Service
  • Session Service
  • Target Service
  • User Service
  • Worker Service

  • Resources

  • Tutorial Library
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. Boundary
  3. API
  4. Scope Service

Boundary Controller HTTP API

Scope Service


Lists all Scopes within the Scope provided in the request.

Query Parameters

scope_id string
recursive boolean
filter string

Successful Response


id string

Output only. The ID of the Scope.

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.


Creates a single Scope.

Query Parameters

skip_admin_role_creation boolean
skip_default_role_creation boolean

Body Parameters

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

Successful Response

id string

Output only. The ID of the Scope.

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.


Gets a single Scope.

Path Parameters

id string RequiredRequired

Successful Response

id string

Output only. The ID of the Scope.

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.


Deletes a Scope.

Path Parameters

id string RequiredRequired

Successful Response

No content.

Updates a Scope.

Path Parameters

id string RequiredRequired

Query Parameters

update_mask string

Body Parameters

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

Successful Response

id string

Output only. The ID of the Scope.

scope_id string

The ID of the Scope this resource is in. If this is the "global" Scope this field will be empty.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set descripton for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The type of the resource.

primary_auth_method_id string

The ID of the primary auth method for this scope. A primary auth method is allowed to vivify users when new accounts are created and is the source for the users account info

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.


List all keys in a Scope.

Path Parameters

id string RequiredRequired

Successful Response


id string

The ID of the Key.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

purpose string

The purpose of the Key.

created_time string

The time this Key was created.

type string

The type of the Key.


id string

The ID of the key version.

version integer

The iteration of the Key that this version represents.

created_time string

When this version was created.


Lists all pending key version destruction jobs in a Scope.

Path Parameters

scope_id string RequiredRequired

Successful Response


key_version_id string

The ID of the Key version this job relates to.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

status string

The current status of the key version destruction job. One of "pending", "running" or "completed".

created_time string

The time this key version destruction job was created.

completed_count string

The number of rows that have been successfully re-encrypted with a new key version. All rows must be re-encrypted before the key version can be destroyed.

total_count string

The total number of rows that need re-encrypting.


Destroy the specified key version in a Scope. This may start an asynchronous job that re-encrypts all data encrypted by the specified key version. Use GET /v1/scopes/{scope_id}:list-key-version-destruction-jobs to monitor pending destruction jobs.

Body Parameters

scope_id string
key_version_id string

Successful Response

state string

Destruction state. One of "pending" or "completed". Use GET /v1/scopes/{scope_id}:list-key-version-destruction-jobs to monitor pending destruction jobs.


Rotate all keys in a Scope.

Body Parameters

scope_id string
rewrap boolean

Successful Response

No content.
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)