Send Apono access request data to your internal systems with event-triggered HTTP messages
This reference describes each of the properties of the webhook payload schema.
The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the Handlebars templating language to format expressions for certain data fields.
event_type string
Webhook trigger, corresponding to different
event_time float
Time of the event occurrence in epoch seconds.milliseconds
data object
Field containing an embedded object with contextual information about the triggering event See .
{
"event_type": "string",
"event_time": "{seconds}.{nanos}",
"data": {
"id": "string",
"friendly_id": "string",
"requester": {
"id": "string",
"name": "string",
"email": "string"
},
"grantee": {
"id": "string",
"source_id": "string",
"name": "string",
"type": "string"
},
"justification": "string",
"creation_date": "{seconds}.{nanos}",
"revocation_date": "number",
"access_flow": {
"id": "string",
"name": "string"
},
"access_bundle": {
"id": "string",
"name": "string"
},
"access_duration_in_seconds": "number",
"access_groups": [
{
"integration": {
"id": "string",
"type": "string",
"name": "string"
},
"resource_types": [
{
"id": "string",
"name": "string",
"display_path": "string"
}
],
"access_units": [
{
"resource": {
"id": "string",
"name": "string",
"path": "string",
"type": {
"id": "string",
"name": "string",
"display_path": "string"
}
},
"permission": {
"id": "string",
"name": "string"
}
}
]
}
],
"approvals_logical_relation": "string",
"approvals": [
{
"name": "string",
"type": "string",
"status": "string",
"approver": {
"id": "string",
"name": "string",
"email": "string"
}
}
],
"custom_fields": {}
}
}revocation_date float
Date the access request was in epoch seconds.milliseconds
access_flow object
Metadata about a related See
access_bundle object
Metadata about a related See
access_groups object
Metadata about related and resources that the requester wants to access See
approvals_logical_relation string
Whether the request requires one approver (AnyOf value) or all approvers within a group (AllOf value)
approvals object
Metadata about approved access requests See
id string
Apono request ID
friendly_id string
Human-readable ID that also appears in the Apono UI
grantee object
Metadata about the recipient of requested access
requester object
Metadata about the user requesting access See data.requester object
justification string
Reason provided by requester for needing access
creation_date float
Date the access request was created in epoch seconds.milliseconds
id string
Grantee's Apono ID
source_id string
Grantee's ID, such as email or cloud provider ID like ARN
name string
Grantee's Apono username
type string
Identifies if the grantee is a human or machine
id string
Requester's Apono ID
name string
Requester’s Apono username
email string
Requester’s email address
id string
Apono ID for the access flow
name string
Customer-created name for the access flow
id string
Apono ID for the access bundle
name string
Customer-created name for the access bundle
integration object
Metadata about the integration that the requester wants to access See data.access_groups.integration object
resource_types object
Metadata about the resource types that the requester wants to access See data.access_groups.resource_types object
access_units object
Metadata about the requested access unit, which is a pairing of a resource and a permission See data.access_groups.access_units object
id string
Apono ID of the integration
type string
Type of resource the requester wants to access, such as Postgresql
name string
Customer-created resource name
id string
Apono ID of the integration
name string
Display name for the resource
display_path string
Logical, hierarchical container for the resource
For example, the display path for an AWS bucket resource type might be AWS-account/us-east/bucket/E2
resource object
Metadata about the resource the requester wants to access See data.access_groups.access_units.resource object
permissions object
Metadata about resource permission granted to the requester See data.access_groups.access_units.permissions object
id string
Apono ID of the resource
name string
Customer-created name for the resource
path string
Physical path of the resource
For example, the path of a database would be database-name/table-name
type object
Metadata about the resource type the requester wants to access See data.access_groups.access_units.resource.type object
id string
Apono ID of the resource type
name string
Name of the resource type
display_path string
Logical, hierarchical container for the resource
For example, the display path for an AWS bucket resource type might be AWS-account/us-east/bucket/E2.
id string
Apono ID for the permission
name string
Name of the permission granted to the requester, such as ReadOnly
name string
Name of the entity approving the request, which could be:
A person
A group, such as an Okta group
A work shift
The word Manager
type string
Type of approver Possible values:
Person
Group, such as an Okta group
Shift, such as an on-call shift
Manager
status string
Status of the request Possible values:
Approved
Rejected
Pending
approver object
Metadata about the person approving the access request See data.approvals.approver object
Send Apono access request data to your internal systems with event-triggered HTTP messages
This reference describes each of the properties of the webhook payload schema.
The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the Handlebars templating language to format expressions for certain data fields.
event_type string
Type of audit log event
event_time string
Date the event occurred
data object
Field containing an embedded object with contextual information about the triggering event See:
{
"event_type": "string",
"event_time": "{seconds}.{nanos}",
"data": {
"timestamp": "{seconds}.{nanos}",
"action": "string",
"actor_id": "string",
"actor_name": "string",
"actor_type": "string",
"source": "string",
"target_id": "string",
"target_type": "string",
"target_name": "string",
"metadata": "object",
"current_target_object": "object",
"previous_target_object": "object"
}
}target_id string
Unique identifier of the object affected by the action
target_type string
Type of object affected by the action
Possible Values:
access flow
bundle
integration
target_name string
Friendly name of the object affected by the action
current_target_object object
Updated details of the object affected by the action
IMPORTANT: The webhook will return all data within this object. Specific values within a target object cannot be targeted. The following details of each target are provided for information purposes only.
Target Objects:
previous_target_object object
Previous details of the object affected by the action
IMPORTANT: The webhook will return all data within this object. Specific values within a target object cannot be targeted. The following details of each target are provided for information purposes only.
Target Objects:
access_targets object
Integrations, bundles, or access scopes to which access will be given See:
approver_policy object
Identities authorized to approve the access flow request
settings object
Access flow settings (, ) applied to the access flow
labels object
Identifies access flows for streamlined organization and use See: or
created_date string
Creation date of the access flow
updated_date string
Most recent modified date of the access flow
require_duration_for_access_request boolean
Requires the requester to specify duration of access
period object
Relative time of the report window
time_zone string
Time zone of the report
fields [string]
Data fields included in the report
schedule object
Generation frequency, format, and recipients of the report
created_date string
Creation date of the report
updated_date string
Most recent modified date of the report
connected_resource_types [string]
List of resources associated with the integration
params object
Parameters associated with the integration
custom_instructions_access_message string
Instructions explaining how to access this integration's resources
last_sync_date string (date-time)
Most recent date that Apono synced the integration
secret_config object
for the integration
timestamp string
Date and time the event occurred
action string
Event performed, such as creating, editing, or deleting an item
actor_id string
Email address of the user who performed the action
actor_name string
Full name of the user who performed the action
actor_type string
Type of user who performed the action
source string
Location where the action originated
Possible Values:
API
integration
Terraform
web application
id string
Unique identifier of the access flow
name string
Friendly name of the access flow
active boolean
Status of the access flow Possible Values:
true
false
revoke_after_in_sec integer
Access duration (in seconds) granted for the resources within the access flow
trigger string | object
Event associated with the access flow
grantees object
Identities for whom access is requested See: grantees object
logical_operator string
Logical operator applied to the attribute_filters objects
attribute_filters object
List of grantees See: grantees.attribute_filters object
operator string
Comparative operator relating the attribute_type_id and attribute_value
attribute_type_id string
Type of grantee
Possible Values:
group
user
attribute_value [string]
Unique identifier of the grantee
integration object
Integration definition See: access_targets.integration object
bundle object
Unique identifier of the bundle, contained within the bundle_id property
The bundle_id is the sole property of this object.
saved_query object
Unique identifier of the access scope, contained within the saved_query_id property
The saved_query_id is the sole property of this object.
resource_integration_id string
Unique identifier of the resource
resource_type string
Type of resource
resource_tag_restrictors object
Resources excluded from the integration
permissions object
Permissions granted to the resource
groups_operator string
Logical operator applied to the condition_groups objects
condition_groups object
Grouped list of approvers See: approver_policy.condition_groups object
logical_operator string
Logical operator applied to the conditions objects
conditions object
List of individual approver criteria See: approver_policy.condition_groups.conditions object
attribute_condition object
Attributes of a specific approver See: approver_policy.condition_groups.conditions.attribute_condition object
request_context_based_attribution_filter object
Attributes of a specific approver based on context See: approver_policy.condition_groups.conditions.request_context_based_attribution_filter object
operator string
Comparative operator relating the attribute_type_id and attribute_value
attribute_type_id string
Type of approver
attribute_value [string]
Unique identifier of the approver
attribute_type_id string
Type of approver
integration_id string
Identifying value of the associated integration
require_approver_justification boolean
Indicates if approvers are required to enter a justification for approving or rejecting a request See: Self Serve Access Flows
require_justification boolean
Indicates if grantees are required to enter a justification for their requests See: Self Serve Access Flows
approver_cannot_approve_himself boolean
Indicates if users can approve their own access See: Self Serve Access Flows
require_mfa boolean
Indicates if users will be required to pass multi-factor authentication when requesting access
account_id string
Unique identifier of the account
account_name string
Friendly name of the account
enable_flow_failure_notifications boolean
Notifications sent to admins about access flow failures
credential_rotation_period_in_days integer
Number of days after which the credentials must be rotated
inactive_user_retention_in_days integer
Number of days after which to delete a user Apono created if no grant is active See: Periodic User Cleanup & Deletion
integrations_updates_notifications boolean
Email notifications sent to admins about integration status updates
id string
Unique identifier of the activity report
name string
Friendly name of the activity report
active boolean
Status of the activity report
filters object
Selected report filters
start_date string
Absolute start date of the report window
end_date string
Absolute end date of the report window
id string
Unique identifier of the bundle
name string
Friendly name of the bundle
create_date string
Creation date of the bundle
access_targets object
Resources within the bundle See: (bundles) access_targets
id string
Unique identifier of the resource
name string
Friendly name of the resource
type string
Type of resource
id string
Unique identifier of the integration
name string
Friendly name of the integration
type string
Type of integration
status string
Status of the integration
connector_id string
Unique identifier of the connector used for the integration
parent_integration_id string
Unique identifier of the parent integration associated with this integration
id string
Unique identifier of the user
email string
Email address of the user
first_name string
First name of the user
last_name string
Last name of the user
active boolean
Status of the user
roles [string]
Role-based access assigned to the user
id string
Unique identifier of the webhook
name string
Friendly name of the webhook
active boolean
Status of the webhook
triggers [string]
Associated webhook triggers
Possible Values:
AuditEventTriggered
Manual
RequestCreated
RequestApproved
RequestRejected
RequestGranted
RequestExpired
RequestFailed
created_date string (date-time)
Creation date of the webhook Example: 2023-10-01T12:34:56Z
updated_date string (date-time)
Most recent modified date of the webhook Example: 2023-10-03T1:32:57Z
{
"id": "flow123",
"name": "example_access_flow",
"active": true,
"revoke_after_in_sec": 3600,
"trigger": {
"type": "time_based",
"timeframe": {
"days_in_week": ["Monday", "Tuesday"],
"time_zone": "UTC"
}
},
"grantees": {
"logical_operator": "AND",
"attribute_filters": [
{
"operator": "EQUALS",
"attribute_type": "role",
"attribute_value": "admin",
"integration_id": "integration123"
}
]
},
"access_targets": [
{
"integration": {
"resource_integration_id": "integration123",
"resource_type": "database",
"resource_tag_restrictors": [
{
"name": "env",
"value": "production"
}
],
"resource_tag_restrictors": [],
"permissions": ["read", "write"]
}
}
],
"approver_policy": {
"groups_operator": "OR",
"condition_groups": [
{
"logical_operator": "AND",
"conditions": [
{
"attribute_condition": {
"operator": "EQUALS",
"attribute_type": "department",
"attribute_value": "IT",
"integration_id": "integration123"
}
}
]
}
]
},
"settings": {
"require_approver_justification": true,
"require_justification": false,
"approver_cannot_approve_himself": true,
"require_mfa": true
},
"labels": [
{
"key": "priority",
"value": "high"
}
],
"created_date": "2023-10-01T12:34:56Z",
"updated_date": "2023-10-02T12:34:56Z"
}{
"account_id": "account123",
"account_name": "example_account",
"enable_flow_failure_notifications": true,
"credentials_rotation_period_in_days": 90,
"inactive_user_retention_in_days": 180,
"integrations_updates_notifications": true,
"require_duration_for_access_request": false
}{
"id": "report123",
"name": "example_activity_report",
"active": true,
"filters": {
"filter_key1": "filter_value1",
"filter_key2": "filter_value2"
},
"start_date": "2023-10-01T12:34:56Z",
"end_date": "2023-10-02T12:34:56Z",
"period": {
"unit": "day",
"value": 1,
"rounded": true
},
"time_zone": "UTC",
"fields": ["field1", "field2"],
"schedule": {
"cron": "0 0 * * *",
"format": "json",
"recipients": ["[email protected]"]
},
"created_date": "2023-10-01T12:34:56Z",
"updated_date": "2023-10-02T12:34:56Z"
}{
"id": "12345",
"name": "example_access_bundle",
"created_date": "2023-10-01T12:34:56Z",
"access_targets": [
{
"id": "target1",
"name": "target_1",
"type": "example_type"
},
{
"id": "target2",
"name": "target_2",
"type": "example_type"
}
]
}{
"id": "integration123",
"name": "example_integration",
"type": "example_type",
"status": "active",
"connector_id": "connector123",
"parent_integration_id": "parent_integration123",
"connected_resource_types": ["resource_type1", "resource_type2"],
"params": {
"param_key1": "param_value1",
"param_key2": "param_value2"
},
"custom_instructions_access_message": "please follow the instructions.",
"last_sync_date": "2023-10-01T12:34:56Z",
"secret_config": {
"secret_key1": "secret_value1",
"secret_key2": "secret_value2"
}
}{
"id": "user123",
"email": "[email protected]",
"first_name": "John",
"last_name": "Doe",
"active": true,
"roles": ["admin", "user"]
}{
"id": "webhook123",
"name": "example_webhook",
"active": true,
"triggers": ["trigger1", "trigger2"],
"created_date": "2023-10-01T12:34:56Z",
"updated_date": "2023-10-02T12:34:56Z"
}