Embedded APIResourcesAPI platform

Create access profile

Create an access profile belonging to an API client. To use this endpoint, the account must contain at least one API to assign to the access profile.

DEPRECATION NOTICE
This endpoint is planned for deprecation on December 1, 2025. Transition to the Create API key endpoint before this date to ensure uninterrupted service.
The response returned depends on the auth type you choose:

  • Auth token authorization: returns the auth token in the secret response.
  • JWT token: has two signing methods: HMAC and RSA. Depending on the method you choose, the respective secret or public is required in the payload.
  • OAuth 2.0: authorization returns the client ID and secret in oauth_client_id and oauth_client secret.

Path parameters

managed_user_idstringRequired

Embedded customer ID (external ID). The External ID must be URL encoded and prefixed with an E. For example, EA2300.

Headers

AuthorizationstringRequired

Bearer authentication of the form Bearer <token>, where token is your auth token.

Request

This endpoint expects an object.
namestringRequired
Name of the access profile.
api_collection_idslist of integersRequired
IDs of collections to add to the access profile.
auth_typestringRequired

Authentication method to validate requests. Available types are: token, jwt, oauth2, and oidc.

api_client_idstringOptional
ID of the API client
jwt_methodstringOptional

The JWT signing method. If the auth_type is jwt, this is required. Available methods are hmac and rsa for HMAC and RSA respectively.

jwt_secretstringOptional
Based on the method, specify the HMAC shared secret or the RSA public key.
oidc_issuerstringOptional

Discovery URL of identity provider or OIDC service. Provide only one of this or oidc_jwks_uri, not both. Only applicable if auth_type is jwt or oidc.

oidc_jwks_uristringOptional

JWKS URL of identity provider or OIDC service. Provide the URL or oidc_issuer, not both. Only applicable if auth_type is jwt or oidc.

access_profile_claimstringOptional

If you wish to use a custom claim to identify this access profile, provide the JWT claim key here. Only applicable if auth_type is jwt or oidc.

required_claimslist of stringsOptional

Provide a list of claims that you plan to enforce. Only applicable if auth_type is jwt or oidc.

allowed_issuerslist of stringsOptional

Provide a list of issuers (represented by the ‘iss’ value in JWT claims) that you plan to allow. If the iss claim is enforced in required_claims, leave this field blank to accept any iss value. This parameter is only applicable when auth_type is set to jwt or oidc.

ip_allow_listlist of stringsOptional
List of IP addresses to be allowlisted.
activestringOptional
Whether the access profile is disabled or not. A client with a disabled access profile cannot call an API.

Response

Success reply
idinteger
ID of the access profile.
namestring
Name of the access profile.
api_client_idinteger
ID of the API client to which this access profile belongs.
api_collection_idslist of integers
IDs of the API collections that are accessible by this access profile.
activeboolean
Indicates whether the access profile is disabled or not.
auth_typestring

Authentication method used in the access profile. Possible values are: token, jwt, oauth2, or oidc.

jwt_methodstring

The JWT signing method. Available methods are hmac and rsa for HMAC and RSA respectively. Only applicable if the auth_type is jwt.

jwt_secretstring
Based on the method, specify the HMAC shared secret or the RSA public key.
oidc_issuerstring

Discovery URL of identity provider or OIDC service. Provide the URL or oidc_jwks_uri, not both. Only applicable if auth_type is jwt or oidc.

oidc_jwks_uristring

JWKS URL of identity provider or OIDC service. Provide only one of this or oidc_issuer, not both. Only applicable if auth_type is jwt or oidc.

access_profile_claimstring

Provide the JWT claim if you plan to use a custom claim to identify this access profile. Only applicable if auth_type is jwt or oidc.

required_claimslist of strings

Provide a list of claims that you plan to enforce. Only applicable if auth_type is jwt or oidc.

allowed_issuerslist of strings

Provide a list of issuers (represented by the iss value in JWT claims) that you plan to allow. If the iss claim is enforced in required_claims, leave this field blank to accept any iss value. This parameter is only applicable when auth_type is set to jwt or oidc.

ip_allow_listlist of strings
List of IP addresses to be allowlisted.
created_atstring
Timestamp in ISO 8601 format.
updated_atstring
Timestamp in ISO 8601 format.

Errors