Webhook Payload Schema Reference
Send Apono access request data to your internal systems with event-triggered HTTP messages
This reference describes each of the properties of the webhook payload schema.
The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the Handlebars templating language to format expressions for certain data fields.
{
"event_type": "AccessRequestCreated",
"event_time": 1696263265.851898000,
"data": {
"id": "123",
"friendly_id": "AR-123",
"requester": {
"id": "user-1",
"name": "User",
"email": "[email protected]"
},
"justification": "I need access to this",
"creation_date": 1696263265.852378000,
"revocation_date": 1696266865.852380000,
"access_flow": {
"id": "flow-1",
"name": "Flow 1"
},
"access_bundle": {
"id": "bundle-1",
"name": "Bundle 1"
},
"access_groups": [
{
"integration": {
"id": "integration-1",
"type": "Postgresql",
"name": "prod db"
},
"resource_types": [
{
"id": "postgresql-database",
"name": "Database",
"display_path": "Postgresql/Database"
}
],
"access_units": [
{
"resource": {
"id": "res-1",
"name": "DB 1",
"path": "prod db/res-1",
"type": {
"id": "postgresql-database",
"name": "Database",
"display_path": "Postgresql/Database"
}
},
"permission": {
"id": "ReadOnly",
"name": "ReadOnly"
}
},
{
"resource": {
"id": "res-2",
"name": "DB 2",
"path": "prod db/res-2",
"type": {
"id": "postgresql-database",
"name": "Database",
"display_path": "Postgresql/Database"
}
},
"permission": {
"id": "ReadOnly",
"name": "ReadOnly"
}
}
]
}
],
"approvals_logical_relation": "AllOf",
"approvals": [
{
"name": "Manager",
"type": "Manager",
"status": "Pending"
},
{
"name": "Admins",
"type": "Group",
"status": "Approved",
"approver": {
"id": "admin-1",
"name": "Admin 1",
"email": "[email protected]"
}
}
]
}
}
(Top level)
| Property | Description |
|---|---|
| event_type string | Webhook trigger, corresponding to different access request statuses |
| event_time float | Time of the event occurrence in epoch seconds.milliseconds |
| data object | Field containing an embedded object with contextual information about the triggering event
See data object. |
data object
| Property | Description |
|---|---|
| id string | Apono request ID |
| friendly_id string | Human-readable ID that also appears in the Apono UI |
| requester object | Metadata about the user requesting access
See data.requester object |
| justification string | Reason provided by requester for needing access |
| creation_date float | Date the access request was created in epoch seconds.milliseconds |
| revocation_date float | Date the access request was revoked in epoch seconds.milliseconds |
| access_flow object | Metadata about a related access flow
See data.access_flow object. |
| access_bundle object | Metadata about a related access bundle
See data.access_bundle object |
| access_groups object | Metadata about related integrations and resources that the requester wants to access
See data.access_groups object |
| approvals_logical_relation string | Whether the request requires one approver (AnyOf value) or all approvers within a group (AllOf value) |
| approvals object | Metadata about approved access requests
See data.approvals object |
data.requester object
| Property | Description |
|---|---|
| id string | Requester's Apono ID |
| name string | Requester’s Apono username |
| email string | Requester’s email address |
data.access_flow object
| Property | Description |
|---|---|
| id string | Apono ID for the access flow |
| name string | Customer-created name for the access flow |
data.access_bundle object
| Property | Description |
|---|---|
| id string | Apono ID for the access bundle |
| name string | Customer-created name for the access bundle |
data.access_groups object
| Property | Description |
|---|---|
| integration object | Metadata about the integration that the requester wants to access
See data.access_groups.integration object. |
| resource_types object | Metadata about the resource types that the requester wants to access
See data.access_groups.resource_types object. |
| access_units object | Metadata about the requested access unit, which is a pairing of a resource and a permission
See data.access_groups.access_units object. |
data.access_groups.integration object
| Property | Description |
|---|---|
| id string | Apono ID of the integration |
| type string | Type of resource the requester wants to access, such as Postgresql |
| name string | Customer-created resource name |
data.access_groups.resource_types object
| Property | Description |
|---|---|
| id string | Apono ID of the integration |
| name string | Display name for the resource |
| display_path string | Logical, hierarchical container for the resource
For example, the display path for an AWS bucket resource type might be AWS-account/us-east/bucket/E2
|
data.access_groups.access_units object
| Property | Description |
|---|---|
| resource object | Metadata about the resource the requester wants to access
See data.access_groups.access_units.resource object. |
| permissions object | Metadata about resource permission granted to the requester
See data.access_groups.access_units.permissions object. |
data.access_groups.access_units.resource object
| Property | Description |
|---|---|
| id string | Apono ID of the resource |
| name string | Customer-created name for the resource |
| path string | Physical path of the resource
For example, the path of a database would be database-name/table-name |
| type object | Metadata about the resource type the requester wants to access
See data.access_groups.access_units.resource.type object |
data.access_groups.access_units.resource.type object
| Property | Description |
|---|---|
| id string | Apono ID of the resource type |
| name string | Name of the resource type |
| display_path string | Logical, hierarchical container for the resource
For example, the display path for an AWS bucket resource type might be AWS-account/us-east/bucket/E2.
|
data.access_groups.access_units.permissions object
| Property | Description |
|---|---|
| id string | Apono ID for the permission |
| name string | Name of the permission granted to the requester, such as ReadOnly |
data.approvals object
| Property | Description |
|---|---|
| name string | Name of the entity approving the request, which could be:
|
| type string | Type of approver
Possible values:
|
| status string | Status of the request
Possible values:
|
| approver object | Metadata about the person approving the access request
See data.approvals.approver object. |
data.approvals.approver object
| Property | Description |
|---|---|
| id string | Approver's Apono ID |
| name string | Approver's Apono username |
| email string | Approver's email address |
Updated about 2 months ago