Back to top
Vastuu Group

Manage User Access in Digital Twins

Version: 1.0
Last updated: Feb. 18, 2021
|
Reading time: 10 min

Overview


The Access Control List (ACL) API provides a means for managing access control lists of identities.

Capabilities:

  • Allows generating a list of permissions on an identity. List contains all other identities that can access this identity and their access privileges (read, write, link, manage)
  • Allows to check if an identity requesting permission to the current identity has specific privilege(s) on an identity
  • Allows to check if an identity requesting permission has specific privilege(s) on a batch of identities
  • Allows owner of identity to set permissions on giving the from identity read, write, link and/or manage access to the to target identity
  • Owner of an Identity can delete permission given to other identities.


You need to be logged in into Platform of Trust Sandbox and get your bearer token to execute the following cURL requests.

POST permissions "from an identity" to a "target identity"

curl -i -X POST \
   --url "https://api-sandbox.oftrust.net/acl/v1/{from_identity}/{target_identity}" \
   --header "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9eyJzY29w...DVs5aaf'" \
   --header "Content-Type: application/json" \
   --data \
   "{
         \"read\": true,
         \"write\": true,
         \"link\": true,
         \"manage\": false
   }"

GET permissions and privileges on an identity with {identity_id}*

curl -i -X GET \
   --url "https://api-sandbox.oftrust.net/acl/v1/{identity_id}" \
   --header "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9eyJzY29w...DVs5aaf'" \

*NOTE: This will list all identities that can access the identity with identity_id and what access privileges they have.

GET specific permissions of an identity with {identity_id}**

curl -i -X GET \
   --url "https://api-sandbox.oftrust.net/acl/v1/{identity_id}/{permissions}" \
   --header "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9eyJzY29w...DVs5aaf'" \

**NOTE: This request will check if the requester has specific privilege(s) on an identity (identity_id).

permissions: A comma-separated list of permissions to check: READ, WRITE, MANAGE, LINK

POST to check specific privileges of the requester to a batch of identities

curl -i -X POST \
   --url "https://api-sandbox.oftrust.net/acl/v1/batch/{permissions}" \
   --header "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9eyJzY29w...DVs5aaf'" \
   --header "Content-Type: application/json" \
   --data \
   "{
         \"targets\": [
             \"82440763-b208-4eab-bc13-1f2620184ea1\",
             \"fed4bd28-fca4-4287-9389-b87dd77b815c\",
             \"e45f1815-167f-4348-b194-64cd01b5c52f\",
             \"016dfc04-4f4a-499c-a289-7861df876392\",
             \"3e0d7600-2a81-4be1-842e-81e14739e52c\"
        ]
   }"

NOTE: checkout doc.oftrust.net to see more requests to the Access Control List (ACL) API and code samples in Java, Python and JavaScript.


API Specification

Download Open API Specifications (OAS) for Access Control List here

Download RESTful API Modeling Language (RAML) specifications for Access Control List here

API Documentation

Checkout API endpoints, HTTP calls and associated parameters in details at docs.oftrust.net

Developer Guides

Read on how to get your Bearer Token to start accessing and using Platform of Trust APIs in this Guide

Read more about Identities and permissions on them in our Identities and Links guide

Profiles in Other Platforms

ProgrammableWeb

Questions and Feedback

Have a question on Access Control List API? Shoot it in Platform of Trust Stack Overflow community page.

Did Access Control List API miss some feature? Make a Wish in GitHub.

Did we miss something? Make a Wish!

Tell us in Github

See all APIs