Webhook Payload Schema Reference
Send Apono access request data to your internal systems with event-triggered HTTP messages
This reference describes each of the properties of the webhook payload schema.
The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the Handlebars templating language to format expressions for certain data fields.
{
"event_type": "string",
"event_time": "{seconds}.{nanos}",
"data": {
"id": "string",
"friendly_id": "string",
"requester": {
"id": "string",
"name": "string",
"email": "string"
},
"grantee": {
"id": "string",
"source_id": "string",
"name": "string",
"type": "string"
},
"justification": "string",
"creation_date": "{seconds}.{nanos}",
"revocation_date": "number",
"access_flow": {
"id": "string",
"name": "string"
},
"access_bundle": {
"id": "string",
"name": "string"
},
"access_duration_in_seconds": "number",
"access_groups": [
{
"integration": {
"id": "string",
"type": "string",
"name": "string"
},
"resource_types": [
{
"id": "string",
"name": "string",
"display_path": "string"
}
],
"access_units": [
{
"resource": {
"id": "string",
"name": "string",
"path": "string",
"type": {
"id": "string",
"name": "string",
"display_path": "string"
}
},
"permission": {
"id": "string",
"name": "string"
}
}
]
}
],
"approvals_logical_relation": "string",
"approvals": [
{
"name": "string",
"type": "string",
"status": "string",
"approver": {
"id": "string",
"name": "string",
"email": "string"
}
}
],
"custom_fields": {}
}
}event_type string
Webhook trigger, corresponding to different access request statuses
event_time float
Time of the event occurrence in epoch seconds.milliseconds
data object
Field containing an embedded object with contextual information about the triggering event See data object.
data object
id string
Apono request ID
friendly_id string
Human-readable ID that also appears in the Apono UI
grantee object
Metadata about the recipient of requested access
requester object
Metadata about the user requesting access See data.requester object
justification string
Reason provided by requester for needing access
creation_date float
Date the access request was created in epoch seconds.milliseconds
revocation_date float
Date the access request was revoked in epoch seconds.milliseconds
access_flow object
Metadata about a related access flow See data.access_flow object
access_bundle object
Metadata about a related access bundle See data.access_bundle object
access_groups object
Metadata about related integrations and resources that the requester wants to access See data.access_groups object
approvals_logical_relation string
Whether the request requires one approver (AnyOf value) or all approvers within a group (AllOf value)
approvals object
Metadata about approved access requests See data.approvals object
data.grantee object
id string
Grantee's Apono ID
source_id string
Grantee's ID, such as email or cloud provider ID like ARN
name string
Grantee's Apono username
type string
Identifies if the grantee is a human or machine
data.requester object
id string
Requester's Apono ID
name string
Requester’s Apono username
email string
Requester’s email address
data.access_flow object
id string
Apono ID for the access flow
name string
Customer-created name for the access flow
data.access_bundle object
id string
Apono ID for the access bundle
name string
Customer-created name for the access bundle
data.access_groups object
integration object
Metadata about the integration that the requester wants to access See data.access_groups.integration object
resource_types object
Metadata about the resource types that the requester wants to access See data.access_groups.resource_types object
access_units object
Metadata about the requested access unit, which is a pairing of a resource and a permission See data.access_groups.access_units object
data.access_groups.integration object
id string
Apono ID of the integration
type string
Type of resource the requester wants to access, such as Postgresql
name string
Customer-created resource name
data.access_groups.resource_types object
id string
Apono ID of the integration
name string
Display name for the resource
display_path string
Logical, hierarchical container for the resource
For example, the display path for an AWS bucket resource type might be AWS-account/us-east/bucket/E2
data.access_groups.access_units object
resource object
Metadata about the resource the requester wants to access See data.access_groups.access_units.resource object
permissions object
Metadata about resource permission granted to the requester See data.access_groups.access_units.permissions object
data.access_groups.access_units.resource object
id string
Apono ID of the resource
name string
Customer-created name for the resource
path string
Physical path of the resource
For example, the path of a database would be database-name/table-name
type object
Metadata about the resource type the requester wants to access See data.access_groups.access_units.resource.type object
data.access_groups.access_units.resource.type object
id string
Apono ID of the resource type
name string
Name of the resource type
display_path string
Logical, hierarchical container for the resource
For example, the display path for an AWS bucket resource type might be AWS-account/us-east/bucket/E2.
data.access_groups.access_units.permissions object
id string
Apono ID for the permission
name string
Name of the permission granted to the requester, such as ReadOnly
data.approvals object
name string
Name of the entity approving the request, which could be:
A person
A group, such as an Okta group
A work shift
The word Manager
type string
Type of approver Possible values:
Person
Group, such as an Okta group
Shift, such as an on-call shift
Manager
status string
Status of the request Possible values:
Approved
Rejected
Pending
approver object
Metadata about the person approving the access request See data.approvals.approver object
data.approvals.approver object
Last updated
Was this helpful?