Create

package main import( "context" "github.com/conductorone/conductorone-sdk-go/pkg/models/shared" conductoronesdkgo "github.com/conductorone/conductorone-sdk-go" "github.com/conductorone/conductorone-sdk-go/pkg/models/operations" "log" ) func main() { ctx := context.Background() s := conductoronesdkgo.New( conductoronesdkgo.WithSecurity(shared.Security{ BearerAuth: "<YOUR_BEARER_TOKEN_HERE>", Oauth: "<YOUR_OAUTH_HERE>", }), ) res, err := s.AppEntitlements.Create(ctx, operations.C1APIAppV1AppEntitlementsCreateRequest{ AppID: "<id>", }) if err != nil { log.Fatal(err) } if res.CreateAppEntitlementResponse != nil { // handle response } }

{ "appEntitlementView": { "appEntitlement": { "alias": "<string>", "appId": "<string>", "appResourceId": "<string>", "appResourceTypeId": "<string>", "certifyPolicyId": "<string>", "complianceFrameworkValueIds": [ "<string>" ], "createdAt": "2023-11-07T05:31:56Z", "defaultValuesApplied": true, "deletedAt": "2023-11-07T05:31:56Z", "deprovisionerPolicy": { "action": { "actionName": "<string>", "appId": "<string>", "connectorId": "<string>", "displayName": "<string>" }, "connector": { "account": { "config": {}, "connectorId": "<string>", "doNotSave": {}, "saveToVault": { "vaultIds": [ "<string>" ] }, "schemaId": "<string>" }, "defaultBehavior": { "connectorId": "<string>" }, "deleteAccount": { "connectorId": "<string>" } }, "delegated": { "appId": "<string>", "entitlementId": "<string>", "implicit": true }, "externalTicket": { "appId": "<string>", "connectorId": "<string>", "externalTicketProvisionerConfigId": "<string>", "instructions": "<string>" }, "manual": { "assignee": { "appOwners": { "allowReassignment": true, "fallbackUserIds": [ "<string>" ] }, "entitlementOwners": { "allowReassignment": true, "fallbackUserIds": [ "<string>" ] }, "expression": { "allowReassignment": true, "expressions": [ "<string>" ], "fallbackUserIds": [ "<string>" ] }, "group": { "allowReassignment": true, "appGroupId": "<string>", "appId": "<string>", "fallbackUserIds": [ "<string>" ] }, "manager": { "allowReassignment": true, "fallbackUserIds": [ "<string>" ] }, "users": { "allowReassignment": true, "userIds": [ "<string>" ] } }, "instructions": "<string>", "userIds": [ "<string>" ] }, "multiStep": { "provisionSteps": "<array>" }, "unconfigured": {}, "webhook": { "webhookId": "<string>" } }, "description": "<string>", "displayName": "<string>", "durationGrant": "<string>", "durationUnset": {}, "emergencyGrantEnabled": true, "emergencyGrantPolicyId": "<string>", "externalId": "<string>", "grantCount": "<string>", "grantPolicyId": "<string>", "id": "<string>", "isAutomationEnabled": true, "isManuallyManaged": true, "matchBatonId": "<string>", "overrideAccessRequestsDefaults": true, "provisionerPolicy": { "action": { "actionName": "<string>", "appId": "<string>", "connectorId": "<string>", "displayName": "<string>" }, "connector": { "account": { "config": {}, "connectorId": "<string>", "doNotSave": {}, "saveToVault": { "vaultIds": [ "<string>" ] }, "schemaId": "<string>" }, "defaultBehavior": { "connectorId": "<string>" }, "deleteAccount": { "connectorId": "<string>" } }, "delegated": { "appId": "<string>", "entitlementId": "<string>", "implicit": true }, "externalTicket": { "appId": "<string>", "connectorId": "<string>", "externalTicketProvisionerConfigId": "<string>", "instructions": "<string>" }, "manual": { "assignee": { "appOwners": { "allowReassignment": true, "fallbackUserIds": [ "<string>" ] }, "entitlementOwners": { "allowReassignment": true, "fallbackUserIds": [ "<string>" ] }, "expression": { "allowReassignment": true, "expressions": [ "<string>" ], "fallbackUserIds": [ "<string>" ] }, "group": { "allowReassignment": true, "appGroupId": "<string>", "appId": "<string>", "fallbackUserIds": [ "<string>" ] }, "manager": { "allowReassignment": true, "fallbackUserIds": [ "<string>" ] }, "users": { "allowReassignment": true, "userIds": [ "<string>" ] } }, "instructions": "<string>", "userIds": [ "<string>" ] }, "multiStep": { "provisionSteps": "<array>" }, "unconfigured": {}, "webhook": { "webhookId": "<string>" } }, "purpose": "APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED", "requestSchemaId": "<string>", "revokePolicyId": "<string>", "riskLevelValueId": "<string>", "slug": "<string>", "sourceConnectorIds": {}, "systemBuiltin": true, "updatedAt": "2023-11-07T05:31:56Z", "userEditedMask": "<string>" }, "appPath": "<string>", "appResourcePath": "<string>", "appResourceTypePath": "<string>", "objectPermissions": { "delete": true, "edit": true, "extra": {}, "read": true } }, "expanded": [ { "@type": "<string>" } ] }

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization

string

header

required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

app_id

string

required

The ID of the app to create the entitlement in.

Body

application/json

The CreateAppEntitlementRequest message.

This message contains a oneof named max_grant_duration. Only a single field of the following list may be set at a time:

durationUnset
durationGrant

displayName

string

required

The display name of the new entitlement.

alias

string

A unique alias for the entitlement, used for programmatic lookups and Cone.

appEntitlementOwnerIds

string[] | null

The IDs of users to set as owners of this entitlement.

appResourceId

string

The ID of the resource that this entitlement belongs to.

appResourceTypeId

string

The ID of the resource type that this entitlement belongs to.

certifyPolicyId

string

The ID of the policy to use for certification tasks.

complianceFrameworkValueIds

string[] | null

The IDs of compliance frameworks to associate with this entitlement (e.g., SOX, HIPAA).

description

string

The description of the new entitlement.

durationGrant

string<duration>

durationUnset

object

emergencyGrantEnabled

boolean

Whether emergency grant requests are enabled for this entitlement.

emergencyGrantPolicyId

string

The ID of the policy to use for emergency grant tasks. Required if emergency_grant_enabled is true.

expandMask

App Entitlement Expand Mask · object

The app entitlement expand mask allows the user to get additional information when getting responses containing app entitlement views.

Show child attributes

grantPolicyId

string

The ID of the policy to use for grant request tasks.

matchBatonId

string

If supplied, it's implied that the entitlement is created before sync and needs to be merged with connector entitlement.

overrideAccessRequestsDefaults

boolean

Whether to override the app-level access request defaults for this entitlement.

provisionPolicy

Provision Policy · object

ProvisionPolicy is a oneOf that indicates how a provision step should be processed.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

connector
manual
delegated
webhook
multiStep
externalTicket
unconfigured
action

Show child attributes

purpose

enum<string>

The purpose of the entitlement (e.g., assignment, permission, ownership).

Available options:

APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED,

APP_ENTITLEMENT_PURPOSE_VALUE_ASSIGNMENT,

APP_ENTITLEMENT_PURPOSE_VALUE_PERMISSION,

APP_ENTITLEMENT_PURPOSE_VALUE_OWNERSHIP

revokePolicyId

string

The ID of the policy to use for revoke request tasks.

riskLevelValueId

string

The ID of the risk level to assign to this entitlement.

slug

string

A short label describing the permission the entitlement grants (e.g., "Admin", "Read").

Response

200 - application/json

Successful response

The CreateAppEntitlementResponse message.

appEntitlementView

App Entitlement View · object

The app entitlement view contains the serialized app entitlement and paths to objects referenced by the app entitlement.

Show child attributes

expanded

object[] | null

The expanded field.

Show child attributes

Welcome

Endpoints

Authorizations

Path Parameters

Body

Response

Welcome

Endpoints

Documentation Index

Authorizations

Path Parameters

Body

Response