# Access Management API Manage access control, identity, and authorization for the Anypoint Platform. Create and configure organizations, environments, role-based access control (RBAC), teams, connected applications (OAuth c... - **Version:** 1.0.0 - **Category:** Access & Identity - **OpenAPI Spec:** [api.yaml](https://dev-portal.mulesoft.com/apis/access-management/api.yaml) ## Servers - `https://anypoint.mulesoft.com/accounts/api` — The server for the US region - `https://{region}.anypoint.mulesoft.com/accounts/api` — The server for the EU region - `https://{region}.platform.mulesoft.com/accounts/api` — The server for a specific region ## Operations (267) ### GET /authorize **Operation ID:** `listAuthorize` Authorize for a single resource **Parameters:** | `namespace` | query | The permission namespace to check authorization against (e.g., cloudhub, exchange). | required | | `action` | query | The action to authorize (e.g., GET, POST, PUT, DELETE). | required | | `resource` | query | The resource path to check authorization for. | required | ### POST /authorize **Operation ID:** `createAuthorize` Authorize for many resources ### GET /authorize/client **Operation ID:** `listAuthorizeClient` Authorizes a client application for access to a specific resource using client credentials. **Parameters:** | `client_id` | query | The unique identifier of the client application. | required | | `client_secret` | query | The secret credential for the client application. | required | | `namespace` | query | The permission namespace to check authorization against (e.g., cloudhub, exchange). | required | | `action` | query | The action to authorize (e.g., GET, POST, PUT, DELETE). | required | | `resource` | query | The resource path to check authorization for. | required | ### POST /authorize/context **Operation ID:** `createAuthorizeContext` Get the set of contexts in which the caller can perform an action on resources that match a template ### GET /clients **Operation ID:** `listClients` Get all clients ### POST /clients **Operation ID:** `createClients` Create a new client ### GET /clients/{clientId} **Operation ID:** `getClients` Get a single client **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### PATCH /clients/{clientId} **Operation ID:** `updateClients` Patches a single client **Parameters:** | `resetSecret` | query | Asks service to reset secret as part of this operation | required | | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /clients/{clientId} **Operation ID:** `deleteClients` Deletes a single client **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### GET /clients/{clientId}/roles **Operation ID:** `listClientsRoles` Return a list of roles that are assigned to a client **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### POST /clients/{clientId}/roles **Operation ID:** `createClientsRoles` Assign a list of roles to a client **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /clients/{clientId}/roles **Operation ID:** `deleteClientsRoles` Unassign a list of roles from a client **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### GET /clients/{clientId}/roles/{roleId} **Operation ID:** `getClientsRoles` Return a role is assigned to a client **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | | `roleId` | query | The unique identifier of the role. | required | ### POST /clients/{clientId}/roles/{roleId} **Operation ID:** `createClientRole` Assign a role to a client **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | | `roleId` | query | The unique identifier of the role. | required | ### DELETE /clients/{clientId}/roles/{roleId} **Operation ID:** `deleteClientRole` Unassign a role from a client **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | | `roleId` | query | The unique identifier of the role. | required | ### POST /clients/search **Operation ID:** `createClientsSearch` Search clients ### GET /connectedApplications **Operation ID:** `listConnectedApplications` Get all connected applications for the organization **Parameters:** | `includeUsage` | query | flag to indicate whether to return usage statistics | required | | `organizationId` | query | Provide an orgId to get all clients from other organization | optional | | `hide_managed` | query | Hides the managed connected apps when set to true. | optional | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on all object properties | optional | | `sort` | query | The field to sort on. | optional | | `ascending` | query | Whether to sort ascending or descending | required | ### POST /connectedApplications **Operation ID:** `createConnectedApplications` Create a new connected application ### GET /connectedApplications/{clientId} **Operation ID:** `getConnectedApplications` Get a single connected application **Parameters:** | `includeUsage` | query | flag to indicate whether to return usage statistics | required | | `clientId` | query | The unique identifier of the client application. | required | ### PATCH /connectedApplications/{clientId} **Operation ID:** `updateConnectedApplications` Patches a single connected application **Parameters:** | `resetSecret` | query | Asks service to reset secret as part of this operation | optional | | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /connectedApplications/{clientId} **Operation ID:** `deleteConnectedApplications` Deletes a single connected application **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### GET /connectedApplications/{clientId}/scopes **Operation ID:** `listConnectedApplicationsScopes` Retrieves context-aware scopes assigned to the connected application **Parameters:** | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `clientId` | query | The unique identifier of the client application. | required | ### PUT /connectedApplications/{clientId}/scopes **Operation ID:** `updateConnectedApplicationsScopes` Replaces the entire list of context-aware scopes assigned to the connected application **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### PATCH /connectedApplications/{clientId}/scopes **Operation ID:** `updateConnectedApplicationScopes` Assigns additional context-aware scopes to the connected application. Does not unassign any existing scopes. Duplicate entries are ignored. **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /connectedApplications/{clientId}/scopes **Operation ID:** `deleteConnectedApplicationsScopes` Unassigns context-aware scopes from the connected application. Scopes must exactly match in order to be removed. **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /connectedApplications/{clientId}/revoke **Operation ID:** `deleteConnectedApplicationsRevoke` Revoke all access tokens and refresh tokens issued to the connected application **Parameters:** | `clientId` | query | The unique identifier of the client application. | required | ### GET /deletedResources/organizations **Operation ID:** `listDeletedResources` returns the deleted organizations **Parameters:** | `deletedBefore` | query | search for all organizations deleted before a certain date | required | | `deletedAfter` | query | search for all organizations deleted after a certain date | required | | `parentOrgId` | query | search for all organizations deleted that are children of the specified orgnization | required | | `organizationId` | query | search for the organization deleted | required | ### GET /deletedResources/environments **Operation ID:** `listDeletedResourcesEnvironments` returns the deleted environments **Parameters:** | `deletedBefore` | query | search for all environments deleted before a certain date | required | | `deletedAfter` | query | search for all environments deleted after a certain date | required | | `organizationId` | query | search for all environments deleted that are associated with the specified orgnization | required | | `envId` | query | search for the environment deleted | required | ### GET /environments/{environmentId} **Operation ID:** `getEnvironments` Retrieves an environment by id **Parameters:** | `environmentId` | query | The id of an environment | required | ### PUT /environments/{environmentId} **Operation ID:** `updateEnvironments` Update an environment, implemented as a patch. Note that only the name is allowed to be updated, isProduction and type can not. **Parameters:** | `environmentId` | query | The id of an environment | required | ### POST /featureFlags/{featureFlagName}/check **Operation ID:** `createFeatureFlagsCheck` check a feature for a list or organizations **Parameters:** | `featureFlagName` | query | The name of the feature flag to evaluate. | required | ### GET /featureFlags/{featureFlagName}/enabled **Operation ID:** `listFeatureFlagsEnabled` get all enabled featureFlags includes organizations and additional context **Parameters:** | `featureFlagName` | query | The name of the feature flag to evaluate. | required | ### GET /invites **Operation ID:** `listInvites` get outstanding or expired invites that match the criteria **Parameters:** | `organizationId` | query | the id of the organization that the invites are for joining. | required | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on invited emails | optional | | `sort` | query | The field to sort on. | optional | | `ascending` | query | Whether to sort ascending or descending | required | ### POST /invites **Operation ID:** `createInvites` Invite a person to join the organization ### DELETE /invites **Operation ID:** `deleteInvites` Invite a person to join your organization ### GET /invites/{inviteId} **Operation ID:** `getInvites` get an invite **Parameters:** | `inviteId` | query | The ID of the invite | required | ### GET /invites/accept **Operation ID:** `listInvitesAccept` Redirect to anypoint signin to accept an invite ### POST /invites/resend **Operation ID:** `createInvitesResend` Resend a list of invites ### POST /login **Operation ID:** `createLogin` login to the Anypoint Platform ### GET /logout **Operation ID:** `listLogout` destroy the user's session and logout from the Anypoint Platform ### GET /me **Operation ID:** `listMe` Retrieve information about the caller ### POST /notifications **Operation ID:** `createNotifications` Creates a new notifications. ### GET /oauth2/authorize **Operation ID:** `listOauth2Authorize` OAuth2 authorization route to have the user authorize an application defined in our system **Parameters:** | `redirect_uri` | query | Redirect uri for the application | required | | `response_type` | query | Describes the type of object that the application wishes to receive upon success | required | | `client_id` | query | The application's client_id that identifies the application | required | | `state` | query | A parameter with a string that will be supplied in a redirect back to the application upon success | required | ### GET /oauth2/authorize/{domain} **Operation ID:** `listOauth2AuthorizeByDomain` OAuth2 authorization route that will route federated users to their authentication system and non-federated users to ours **Parameters:** | `redirect_uri` | query | Redirect uri for the application | required | | `response_type` | query | Describes the type of object that the application wishes to receive upon success | required | | `client_id` | query | The application's client_id that identifies the application | required | | `state` | query | A parameter with a string that will be supplied in a redirect back to the application upon success | required | | `domain` | query | Domain name to identify the organization to identify what identity management system needs to authentication the user. | required | ### GET /oauth2/authorize/{domain}/providers/{providerId} **Operation ID:** `getOauth2AuthorizeProviders` OAuth2 authorization route that will route federated users to their authentication system **Parameters:** | `redirect_uri` | query | Redirect uri for the application | required | | `response_type` | query | Describes the type of object that the application wishes to receive upon success | required | | `client_id` | query | The application's client_id that identifies the application | required | | `state` | query | A parameter with a string that will be supplied in a redirect back to the application upon success | required | | `domain` | query | Domain name to identify the organization to identify what identity management system needs to authentication the user. | required | | `providerId` | query | The identity provider configuration id used to identify the identity management system needed to authenticate the user. | required | ### POST /oauth2/decision/{domain} **Operation ID:** `createOauth2Decision` Confirms whether a user grants consent to add his user to an external organization **Parameters:** | `domain` | query | Domain name to identify the organization to identify what identity management system needs to authentication the user. | required | ### POST /oauth2/introspect **Operation ID:** `createOauth2Introspect` Look up caller information from an access token This implements RFC-7662: OAuth 2.0 Token Introspection ### POST /oauth2/token **Operation ID:** `createOauth2Token` create or retrieve an OAuth2 token ### GET /organizationname/{organizationName} **Operation ID:** `getOrganizationname` Check if organization name is being used **Parameters:** | `organizationName` | query | The name of the organization | required | ### GET /organizations/{organizationId} **Operation ID:** `getOrganizations` Returns the referenced organization. In platform terms, **Business Group** scope for APIs such as API Manager is identified by either **id** (this org) or any **subOrganizationIds** entry (child Business Group); downstream `organizationId` path params accept any of those GUIDs when the resource lives under that group. The response body includes: - **id** — GUID of this organization. - **subOrganizationIds** — GUIDs of child organizations (each valid as `organizationId` where the resource is under that subgroup). - **environments** — snapshot of environments for **this** org (may be partial). For a reliable **`environmentId`** in API Manager, prefer **listEnvironments** (GET `/organizations/{organizationId}/environments`) and use **`data[].id`**. Also returns entitlements, owner, domain, and related metadata. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId} **Operation ID:** `updateOrganizations` Updates the referenced organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId} **Operation ID:** `deleteOrganizations` Deletes the referenced organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/clientProviders **Operation ID:** `listClientProviders` Returns list of client management providers for the root organization with a subset of values (providerId, organizationId, name, type (name, description, version)) **Parameters:** | `provider_id` | query | One or more ids of the provider(s) to return. | optional | | `offset` | query | The number of records to omit from the response. | optional | | `ascending` | query | Whether to sort ascending or descending | required | | `cp_type` | query | One or more types of provider(s) to return. | optional | | `sort` | query | The field to sort on. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on name | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/clientProviders **Operation ID:** `createClientProviders` Adds a new client management provider for the organization. This can be called only on Root Organizations **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/clientProviders/{clientProviderId} **Operation ID:** `getClientProviders` Returns the associated client management provider config for the root organization and a subset of values (providerId, organizationId, name, type (name, description, version)) for Business Groups **Parameters:** | `includeSecrets` | query | flag to include the secrets as part of the response or not | required | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | ### PUT /organizations/{organizationId}/clientProviders/{clientProviderId} **Operation ID:** `updateClientProviders` Replaces the associated client management provider config **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | ### PATCH /organizations/{organizationId}/clientProviders/{clientProviderId} **Operation ID:** `updateOrganizationClientProvider` Updates the associated client management provider config **Parameters:** | `recreateTokenValidationClient` | query | flag to indicate whether to recreate token validation client on update or not | required | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | ### DELETE /organizations/{organizationId}/clientProviders/{clientProviderId} **Operation ID:** `deleteClientProviders` Deletes the associated client management provider **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | ### GET /organizations/{organizationId}/clientProviders/{clientProviderId}/grantTypes **Operation ID:** `listClientProvidersGrantTypes` Returns the associated client management provider type and grant types it suppports. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | ### GET /organizations/{organizationId}/clientProviders/{clientProviderId}/clients **Operation ID:** `listClientProvidersClients` Returns the clients created using this specific Client Management Provider **Parameters:** | `client_id` | query | One or more ids of the client(s) to return. | optional | | `offset` | query | The number of records to omit from the response. | optional | | `ascending` | query | Whether to sort ascending or descending | required | | `sort` | query | The field to sort on. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on client_name | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | ### POST /organizations/{organizationId}/clientProviders/{clientProviderId}/clients **Operation ID:** `createClientProvidersClients` Adds a new client using the Client Management Provider **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | ### GET /organizations/{organizationId}/clientProviders/{clientProviderId}/clients/{clientId} **Operation ID:** `getClientProvidersClients` Returns the associated clients info **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | | `clientId` | query | The unique identifier of the client application. | required | ### PATCH /organizations/{organizationId}/clientProviders/{clientProviderId}/clients/{clientId} **Operation ID:** `updateClientProvidersClients` Updates the associated client **Parameters:** | `force` | query | If true, client is going to be updated in Anypoint no matter if it's updated from the external client provider. | optional | | `resetSecret` | query | Asks service to reset secret as part of this operation | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /organizations/{organizationId}/clientProviders/{clientProviderId}/clients/{clientId} **Operation ID:** `deleteClientProvidersClients` Deletes the associated client **Parameters:** | `force` | query | If true, client is going to be deleted from Anypoint no matter if it's deleted from the external client provider. | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientProviderId` | query | The unique identifier of the client provider id. | required | | `clientId` | query | The unique identifier of the client application. | required | ### GET /organizations/{organizationId}/clients **Operation ID:** `listOrganizationClients` Get all clients **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/clients **Operation ID:** `createOrganizationClient` Create a new client **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/clients/{clientId} **Operation ID:** `getOrganizationClient` Get a single client **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### PATCH /organizations/{organizationId}/clients/{clientId} **Operation ID:** `updateOrganizationClient` Patches a single client **Parameters:** | `resetSecret` | query | Asks service to reset secret as part of this operation | required | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /organizations/{organizationId}/clients/{clientId} **Operation ID:** `deleteOrganizationClient` Deletes a single client **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### POST /organizations/{organizationId}/clients/{clientId}/roles **Operation ID:** `createOrganizationClientRole` Assign a list of roles to a client **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /organizations/{organizationId}/clients/{clientId}/roles **Operation ID:** `deleteOrganizationClientRoles` Unassign a list of roles from a client **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### POST /organizations/{organizationId}/clients/{clientId}/roles/{roleId} **Operation ID:** `createOrganizationClientRoleById` Assign a role to a client **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | | `roleId` | query | The unique identifier of the role. | required | ### DELETE /organizations/{organizationId}/clients/{clientId}/roles/{roleId} **Operation ID:** `deleteOrganizationClientRole` Unassign a role from a client **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | | `roleId` | query | The unique identifier of the role. | required | ### POST /organizations/{organizationId}/clients/search **Operation ID:** `createOrganizationClientsSearch` Search clients **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/clients/validate **Operation ID:** `createClientsValidate` Validate clients **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/connectedApplications **Operation ID:** `listOrganizationConnectedApplications` Get all connected applications for the organization **Parameters:** | `includeUsage` | query | flag to indicate whether to return usage statistics | required | | `hide_managed` | query | Hides the managed connected apps when set to true. | optional | | `organizationId` | query | Provide an orgId to get all clients from other organization | optional | | `offset` | query | The number of records to omit from the response. | optional | | `ascending` | query | Whether to sort ascending or descending | required | | `sort` | query | The field to sort on. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on all object properties | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/connectedApplications **Operation ID:** `createOrganizationConnectedApplication` Create a new connected application **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/connectedApplications/{clientId} **Operation ID:** `getOrganizationConnectedApplication` Get a single connected application **Parameters:** | `includeUsage` | query | flag to indicate whether to return usage statistics | required | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### PATCH /organizations/{organizationId}/connectedApplications/{clientId} **Operation ID:** `updateOrganizationConnectedApplication` Patches a single connected application **Parameters:** | `resetSecret` | query | Asks service to reset secret as part of this operation | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /organizations/{organizationId}/connectedApplications/{clientId} **Operation ID:** `deleteOrganizationConnectedApplication` Deletes a single connected application **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### GET /organizations/{organizationId}/connectedApplications/{clientId}/scopes **Operation ID:** `listOrganizationConnectedApplicationScopes` Retrieves context-aware scopes assigned to the connected application **Parameters:** | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### PUT /organizations/{organizationId}/connectedApplications/{clientId}/scopes **Operation ID:** `updateOrganizationConnectedApplicationScopes` Replaces the entire list of context-aware scopes assigned to the connected application **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### PATCH /organizations/{organizationId}/connectedApplications/{clientId}/scopes **Operation ID:** `replaceOrganizationConnectedApplicationScopes` Assigns additional context-aware scopes to the connected application. Does not unassign any existing scopes. Duplicate entries are ignored. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /organizations/{organizationId}/connectedApplications/{clientId}/scopes **Operation ID:** `deleteOrganizationConnectedApplicationScopes` Unassigns context-aware scopes from the connected application. Scopes must exactly match in order to be removed. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### DELETE /organizations/{organizationId}/connectedApplications/{clientId}/revoke **Operation ID:** `revokeOrganizationConnectedApplication` Revoke all access tokens and refresh tokens issued to the connected application **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `clientId` | query | The unique identifier of the client application. | required | ### GET /organizations/{organizationId}/connectedApplications/authorizations **Operation ID:** `listConnectedApplicationsAuthorizations` Returns all the authorizations that grant access to resources in the organization. **Parameters:** | `user_id` | query | Only return authorizations granted by that user | optional | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId}/connectedApplications/authorizations **Operation ID:** `deleteConnectedApplicationsAuthorizations` Revoke all authorizations that grant rights to accessing resources in the business group. Only available on the root organization. **Parameters:** | `user_id` | query | Only delete authorizations granted by that user | required | | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/connectedApplications/authorizations/{authorizationId} **Operation ID:** `getConnectedApplicationsAuthorizations` Returns a single authorization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `authorizationId` | query | The ID of the authorization | required | ### DELETE /organizations/{organizationId}/connectedApplications/authorizations/{authorizationId} **Operation ID:** `deleteOrganizationConnectedApplicationAuthorization` Revokes an authorization. Only available on the root organization. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `authorizationId` | query | The ID of the authorization | required | ### GET /organizations/{organizationId}/connectedApplications/settings **Operation ID:** `listConnectedApplicationsSettings` Returns the organization's Connected Application settings. For business groups, this will return the root organization's settings. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PATCH /organizations/{organizationId}/connectedApplications/settings **Operation ID:** `updateConnectedApplicationsSettings` Updates the organization's connected application settings **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/connectedApplications/allowlist **Operation ID:** `listConnectedApplicationsAllowlist` Returns the entries on the organization's Connected Application allowlist **Parameters:** | `client_id` | query | search for allowlist entries by specific client_id | optional | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId}/connectedApplications/allowlist **Operation ID:** `updateConnectedApplicationsAllowlist` Replaces the organization's Connected Application allowlist with a new one **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PATCH /organizations/{organizationId}/connectedApplications/allowlist **Operation ID:** `updateOrganizationConnectedApplicationsAllowlist` Inserts the entries into the organization's Connected Application allowlist **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId}/connectedApplications/allowlist **Operation ID:** `deleteConnectedApplicationsAllowlist` Deletes the entries from the organization's Connected Application allowlist **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/connectedApplications/whitelist **Operation ID:** `listConnectedApplicationsWhitelist` Returns the entries on the organization's Connected Application allowlist **Parameters:** | `client_id` | query | search for allowlist entries by specific client_id | optional | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId}/connectedApplications/whitelist **Operation ID:** `updateConnectedApplicationsWhitelist` Replaces the organization's Connected Application allowlist with a new one **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PATCH /organizations/{organizationId}/connectedApplications/whitelist **Operation ID:** `updateOrganizationConnectedApplicationsWhitelist` Inserts the entries into the organization's Connected Application allowlist **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId}/connectedApplications/whitelist **Operation ID:** `deleteConnectedApplicationsWhitelist` Deletes the entries from the organization's Connected Application allowlist **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/entitlements **Operation ID:** `listEntitlements` Returns the entitlements for the organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/entitlements/{entitlementName} **Operation ID:** `getEntitlements` Get an entitlement by name **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `entitlementName` | query | The name of an entitlement | required | ### PUT /organizations/{organizationId}/entitlements/{entitlementName} **Operation ID:** `updateEntitlements` Update an entitlement. Note: Connected apps cannot perform this action and is reserved only for org admins. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `entitlementName` | query | The name of an entitlement | required | ### GET /organizations/{organizationId}/environments **Operation ID:** `listEnvironments` Returns all matching environments **Parameters:** | `name` | query | Case sensitive match on the environment name | optional | | `isProduction` | query | Whether returns only production or non-production environments | optional | | `expandAll` | query | Returns all environments within the rootOrg that caller has access to. If this is true, orgId has to be a valid rootOrgId. | optional | | `offset` | query | The number of records to omit from the response. | optional | | `type` | query | The type of environment - production, sandbox, or/or design | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on environment names | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/environments **Operation ID:** `createEnvironments` Creates an environment **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/environments/{environmentId} **Operation ID:** `getOrganizationEnvironment` Retrieves an environment by id **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `environmentId` | query | The id of an environment | required | ### PUT /organizations/{organizationId}/environments/{environmentId} **Operation ID:** `updateOrganizationEnvironment` Update an environment, implemented as a patch. Note that only the name is allowed to be updated, isProduction and type can not. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `environmentId` | query | The id of an environment | required | ### DELETE /organizations/{organizationId}/environments/{environmentId} **Operation ID:** `deleteEnvironments` Delete an environment **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `environmentId` | query | The id of an environment | required | ### GET /organizations/{organizationId}/environments/{environmentId}/clientManagementProviders **Operation ID:** `listEnvironmentsClientManagementProviders` Retrieves client management providers for the environment **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `environmentId` | query | The id of an environment | required | ### PUT /organizations/{organizationId}/environments/{environmentId}/clientManagementProviders **Operation ID:** `updateEnvironmentsClientManagementProviders` Upsert client providers for the environment **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `environmentId` | query | The id of an environment | required | ### GET /organizations/{organizationId}/featureFlags **Operation ID:** `listFeatureFlags` get all feature flags of an given organization **Parameters:** | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/featureFlags/{featureFlagName} **Operation ID:** `getFeatureFlags` API to get a feature flag for a given org. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `featureFlagName` | query | The name of the feature flag to evaluate. | required | ### POST /organizations/{organizationId}/featureFlags/{featureFlagName} **Operation ID:** `createFeatureFlags` API to upsert a feature flag. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `featureFlagName` | query | The name of the feature flag to evaluate. | required | ### GET /organizations/{organizationId}/hierarchy **Operation ID:** `listHierarchy` get Business Groups (down to the leaves) of this organization. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/identityProviders **Operation ID:** `listIdentityProviders` Returns list of identity management providers for the root organization with a subset of values. **Parameters:** | `include_full_details` | query | If true, returns the full set of properties | required | | `provider_id` | query | One or more ids of the provider(s) to return. | optional | | `offset` | query | The number of records to omit from the response. | optional | | `idp_type` | query | One or more types of provider(s) to return. | optional | | `ascending` | query | Whether to sort ascending or descending | required | | `sort` | query | The field to sort on. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on name | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/identityProviders **Operation ID:** `createIdentityProviders` Add a new identity management provider to the root organization. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/identityProviders/saml-sp-metadata **Operation ID:** `listIdentityProvidersSamlSpMetadata` Download the SAML SP metadata of the associated SAML identity management provider **Parameters:** | `provider_id` | query | ID of the provider to get the associated SAML SP metadata. | required | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/identityProviders/ldap-test **Operation ID:** `createIdentityProvidersLdapTest` Test the LDAP config before saving the configuration **Parameters:** | `provider_id` | query | ID of the provider to get the associated LDAP config that's already persisted | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/identityProviders/{identityProviderId} **Operation ID:** `getIdentityProviders` Returns the associated identity management provider config. **Parameters:** | `include_secrets` | query | If true, include secrets in the response | required | | `organizationId` | query | The ID of the organization in GUID format | required | | `identityProviderId` | query | The unique identifier of the identity provider id. | required | ### PATCH /organizations/{organizationId}/identityProviders/{identityProviderId} **Operation ID:** `updateIdentityProviders` Updates the associated identity management provider config **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `identityProviderId` | query | The unique identifier of the identity provider id. | required | ### DELETE /organizations/{organizationId}/identityProviders/{identityProviderId} **Operation ID:** `deleteIdentityProviders` Deletes the associated identity management provider **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `identityProviderId` | query | The unique identifier of the identity provider id. | required | ### GET /organizations/{organizationId}/identityProviders/{identityProviderId}/saml-sp-keys **Operation ID:** `listIdentityProvidersSamlSpKeys` Returns the list of SAML SP keys associated to the identity management provider config **Parameters:** | `primary` | query | If true, return only the primary SAML SP key | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `identityProviderId` | query | The unique identifier of the identity provider id. | required | ### POST /organizations/{organizationId}/identityProviders/{identityProviderId}/saml-sp-keys **Operation ID:** `createIdentityProvidersSamlSpKeys` Add or generate a new SAML SP key pair **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `identityProviderId` | query | The unique identifier of the identity provider id. | required | ### GET /organizations/{organizationId}/identityProviders/{identityProviderId}/saml-sp-keys/{samlSpKeyId} **Operation ID:** `getIdentityProvidersSamlSpKeys` Returns the SAML SP certificate in .pem format **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `identityProviderId` | query | The unique identifier of the identity provider id. | required | | `samlSpKeyId` | query | The unique identifier of the saml sp key id. | required | ### DELETE /organizations/{organizationId}/identityProviders/{identityProviderId}/saml-sp-keys/{samlSpKeyId} **Operation ID:** `deleteIdentityProvidersSamlSpKeys` Delete the SAML SP key **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `identityProviderId` | query | The unique identifier of the identity provider id. | required | | `samlSpKeyId` | query | The unique identifier of the saml sp key id. | required | ### POST /organizations/{organizationId}/identityProviders/{identityProviderId}/saml-sp-keys/{samlSpKeyId}/setPrimary **Operation ID:** `createIdentityProvidersSamlSpKeysSetPrimary` Make the key the primary SAML SP key for the identity management provider config **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `identityProviderId` | query | The unique identifier of the identity provider id. | required | | `samlSpKeyId` | query | The unique identifier of the saml sp key id. | required | ### GET /organizations/{organizationId}/identityProviderSettings **Operation ID:** `listIdentityProviderSettings` Get the identity provider settings for the org **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PATCH /organizations/{organizationId}/identityProviderSettings **Operation ID:** `updateIdentityProviderSettings` Update the identity provider settings for the org **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/invites **Operation ID:** `listOrganizationInvites` get outstanding or expired invites that match the criteria **Parameters:** | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on invited emails | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/invites **Operation ID:** `createOrganizationInvite` Invite a person to join the organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId}/invites **Operation ID:** `deleteOrganizationInvites` Invite a person to join your organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/invites/{inviteId} **Operation ID:** `getOrganizationInvite` get an invite **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `inviteId` | query | The ID of the invite | required | ### POST /organizations/{organizationId}/invites/resend **Operation ID:** `resendOrganizationInvite` Resend a list of invites **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/members **Operation ID:** `listMembers` Get members from an organization **Parameters:** | `username` | query | Search users with the matching username | required | | `lastName` | query | Search users with the matching lastName | required | | `firstName` | query | Search users with the matching firstName | required | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | Search string to find users. It will look up the string in the username, email, firstName and lastName | required | | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId}/members **Operation ID:** `updateMembers` Add a group of users to the organization by their IDs **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId}/members **Operation ID:** `deleteMembers` Remove a group of users from the organization by their IDs **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId}/members/{userId} **Operation ID:** `updateOrganizationMember` Add the user to the organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### DELETE /organizations/{organizationId}/members/{userId} **Operation ID:** `deleteOrganizationMember` Remove the user from the organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### GET /organizations/{organizationId}/owner **Operation ID:** `listOwner` get owner for an organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId}/owner/{userId} **Operation ID:** `updateOwner` Switch out organization's owner to the one specified by userId **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The unique identifier of the user. | required | ### GET /organizations/{organizationId}/provider/users **Operation ID:** `listProviderUsers` Returns the identity provider details **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId}/provider/users **Operation ID:** `updateProviderUsers` Updates the identity provider for the organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId}/provider/users **Operation ID:** `deleteProviderUsers` Revert to using the default identity provider **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/provider/users/ldap/test **Operation ID:** `createLdapTest` To test the ldap identity provider configuration before persisting **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/provider/users/saml-sp-metadata **Operation ID:** `listProviderUsersSamlSpMetadata` Download the SAML SP metadata **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/proxyusers/{userId} **Operation ID:** `createProxyusers` Creates a proxy user in an organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The unique identifier of the user. | required | ### GET /organizations/{organizationId}/rolegroups **Operation ID:** `listRolegroups` Returns all role groups that belong to this organization **Parameters:** | `displayProviderId` | query | if true, force display of the provider_id property of external names | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/rolegroups **Operation ID:** `createRolegroups` Creates a role group for this org **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId}/rolegroups **Operation ID:** `deleteRolegroups` Deletes role groups that belong to this organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/rolegroups/{roleGroupId} **Operation ID:** `getRolegroups` Returns a role group **Parameters:** | `displayProviderId` | query | if true, force display of the provider_id property of external names | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### PUT /organizations/{organizationId}/rolegroups/{roleGroupId} **Operation ID:** `updateRolegroups` Updates a role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### DELETE /organizations/{organizationId}/rolegroups/{roleGroupId} **Operation ID:** `deleteOrganizationRolegroup` Deletes a role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### GET /organizations/{organizationId}/rolegroups/{roleGroupId}/roles **Operation ID:** `listRolegroupsRoles` Returns all roles assigned to this role group **Parameters:** | `namepace` | query | return only role assignments where a role contains a permission that is part of the given namespace | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### POST /organizations/{organizationId}/rolegroups/{roleGroupId}/roles **Operation ID:** `createRolegroupsRoles` Assigns roles to this role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### DELETE /organizations/{organizationId}/rolegroups/{roleGroupId}/roles **Operation ID:** `deleteRolegroupsRoles` Removes roles from this role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### GET /organizations/{organizationId}/rolegroups/{roleGroupId}/users **Operation ID:** `listRolegroupsUsers` Returns users assigned to this role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### POST /organizations/{organizationId}/rolegroups/{roleGroupId}/users **Operation ID:** `createRolegroupsUsers` Assigns a group of users to this role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### DELETE /organizations/{organizationId}/rolegroups/{roleGroupId}/users **Operation ID:** `deleteRolegroupsUsers` Unassigns a group of users from this role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | ### POST /organizations/{organizationId}/rolegroups/{roleGroupId}/users/{userId} **Operation ID:** `addUserToOrganizationRolegroup` Assigns this user to the role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | | `userId` | query | GUID of the user to assign | required | ### DELETE /organizations/{organizationId}/rolegroups/{roleGroupId}/users/{userId} **Operation ID:** `removeUserFromOrganizationRolegroup` Removes this user from the role group **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `roleGroupId` | query | GUID of the organization role group | required | | `userId` | query | GUID of the user to assign | required | ### DELETE /organizations/{organizationId}/roles **Operation ID:** `deleteRoles` Remove assignments for a given context, the context for the roles being deleted should be sent on the query string **Parameters:** | `match` | query | Type of matching strategy to use for context matching. Use "exact" (default) to only remove assignments that have the exact set of given context parameter(s). Use "partial" to all remove assignments that contain the given context parameter(s). | required | | `<<contextParamName>>` | query | Target role assignments should have the context parameter name/value pair. At least one parameter that is not 'org' or 'envId' must be provided. | required | | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/smtp **Operation ID:** `listSmtp` Returns the SMTP details **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId}/smtp **Operation ID:** `updateSmtp` Updates the SMTP details **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/teams **Operation ID:** `listTeams` Returns all teams or search for teams or get a list of teams by ids **Parameters:** | `ancestor_team_id` | query | team_id that must appear in the team's ancestor_team_ids. | optional | | `team_id` | query | One or more ids of the team(s) to return. Type should be primitives.IdString but Osprey can't handle custom types in query params | optional | | `parent_team_id` | query | team_id of the immediate parent of the team to return. | optional | | `offset` | query | The number of records to omit from the response. | optional | | `ascending` | query | Whether to sort ascending or descending | required | | `team_type` | query | One or more types of team(s) to return. Type should be teams.TeamType but Osprey can't handle custom types in query params | optional | | `sort` | query | The field to sort on. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on team name | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/teams **Operation ID:** `createTeams` Creates a new team. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/teams/{teamId} **Operation ID:** `getTeams` Returns the team **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### PATCH /organizations/{organizationId}/teams/{teamId} **Operation ID:** `updateTeams` Update or move the team **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### DELETE /organizations/{organizationId}/teams/{teamId} **Operation ID:** `deleteTeams` Delete the team, including all child teams. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### PUT /organizations/{organizationId}/teams/{teamId}/parent **Operation ID:** `updateTeamsParent` Move the team and its child teams under a new parent team **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### GET /organizations/{organizationId}/teams/{teamId}/groupmappings **Operation ID:** `listTeamsGroupmappings` get all group access mappings configured for the team **Parameters:** | `membership_type?` | query | Include the group access mappings that grant the provided membership type By default, all group access mappings are returned | optional | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on external group name | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### PUT /organizations/{organizationId}/teams/{teamId}/groupmappings **Operation ID:** `updateTeamsGroupmappings` Replace the entire list of group mappings associated with this team **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### PATCH /organizations/{organizationId}/teams/{teamId}/groupmappings **Operation ID:** `updateOrganizationTeamGroupmappings` bulk add mappings and/or modify mappings' membership_type to the team. Removing mappings is not supported by this method. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### DELETE /organizations/{organizationId}/teams/{teamId}/groupmappings **Operation ID:** `deleteTeamsGroupmappings` bulk remove mappings from the team **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### GET /organizations/{organizationId}/teams/{teamId}/roles **Operation ID:** `listTeamsRoles` get all role assignments or search for role assignments **Parameters:** | `role_id` | query | return only role assignments containing one of the supplied role_ids | optional | | `search` | query | A search string to use for case-insensitive partial matches on role name | optional | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### POST /organizations/{organizationId}/teams/{teamId}/roles **Operation ID:** `createTeamsRoles` bulk assign roles to the team **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### DELETE /organizations/{organizationId}/teams/{teamId}/roles **Operation ID:** `deleteTeamsRoles` bulk unassign roles from the team **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### GET /organizations/{organizationId}/teams/{teamId}/members **Operation ID:** `listTeamsMembers` get all members or search for members of this team or get a list of members by ids **Parameters:** | `membership_type` | query | Include the members of the team that have this membership_type. By default, all types of members are returned. | optional | | `identity_type` | query | Include the members of the team that have this type. By default, all types of members are returned. | optional | | `displayUserDetails` | query | If true, include additional user fields. Only compatible with the user identity_type | optional | | `member_ids` | query | Include the members of the team that have ids in this list | optional | | `offset` | query | The number of records to omit from the response. | optional | | `ascending` | query | Whether to sort ascending or descending | required | | `sort` | query | The field to sort on. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on member name | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### PATCH /organizations/{organizationId}/teams/{teamId}/members **Operation ID:** `updateTeamsMembers` bulk add users and/or modify users' membership_type to the team. Removing members is not supported by this method. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### DELETE /organizations/{organizationId}/teams/{teamId}/members **Operation ID:** `deleteTeamsMembers` bulk remove user members from the team **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | ### PUT /organizations/{organizationId}/teams/{teamId}/members/{userId} **Operation ID:** `updateOrganizationTeamMember` add the user as a member of the team. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | | `userId` | query | user id | required | ### DELETE /organizations/{organizationId}/teams/{teamId}/members/{userId} **Operation ID:** `removeOrganizationTeamMember` remove the user from the team. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `teamId` | query | id of the team | required | | `userId` | query | user id | required | ### GET /organizations/{organizationId}/tenantRelationships **Operation ID:** `listTenantRelationships` List Tenant Relationships by Root Organization **Parameters:** | `enabled` | query | Used to filter by whether tenant relationship is enabled | optional | | `incomingTrust` | query | Used to filter by incoming trust value | optional | | `offset` | query | The number of records to omit from the response. | optional | | `outgoingTrust` | query | Used to filter by outgoing trust value | optional | | `ascending` | query | Whether to sort ascending or descending | required | | `rel_type` | query | Used to filter by type of Tenant Relationship | optional | | `tenantKey` | query | Used to filter by tenantKey value | optional | | `sort` | query | The field to sort on. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/tenantRelationships **Operation ID:** `createTenantRelationships` Establish manual tenant relationships **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/tenantRelationships/{relationshipId} **Operation ID:** `getTenantRelationships` Get a particular Tenant Relationship by ID **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `relationshipId` | query | id of the Tenant Relationship | required | ### PATCH /organizations/{organizationId}/tenantRelationships/{relationshipId} **Operation ID:** `updateTenantRelationships` Patch update a particular Tenant Relationship by ID **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `relationshipId` | query | id of the Tenant Relationship | required | ### DELETE /organizations/{organizationId}/tenantRelationships/{relationshipId} **Operation ID:** `deleteTenantRelationships` Delete a particular Tenant Relationship by ID **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `relationshipId` | query | id of the Tenant Relationship | required | ### PATCH /organizations/{organizationId}/tenantRelationships/{relationshipId}/repair **Operation ID:** `updateTenantRelationshipsRepair` Repairs certain types of connection errors between the MuleSoft org and the remote Tenant **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `relationshipId` | query | id of the Tenant Relationship | required | ### PUT /organizations/{organizationId}/myTenantRelationship/{statusKey}/status **Operation ID:** `updateMyTenantRelationshipStatus` Update the status of a specific SFDC organization feature for tenant relationships **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `statusKey` | query | The unique identifier of the status key. | required | ### GET /organizations/{organizationId}/myTenantRelationship/assignments **Operation ID:** `listMyTenantRelationshipAssignments` Get business group assignments for the Tenant Relationship for the caller utilizing a C2C token **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/users **Operation ID:** `listUsers` Returns a group of users that belong to the organization **Parameters:** | `type` | query | Specify the type of user you want to retrieve. | required | | `mfaVerificationExcluded` | query | Specify if you want to retrieve only users with a given mfaVerificationExcluded value | required | | `search` | query | The query string to search for an user by username, firstName, lastName or email | optional | | `deleted` | query | Specify if you want to retrieve only deleted | required | | `organizationId` | query | The ID of the organization in GUID format | required | ### POST /organizations/{organizationId}/users **Operation ID:** `createUsers` Create a single user under the organization **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### PUT /organizations/{organizationId}/users **Operation ID:** `updateUsers` Update a group of users **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### DELETE /organizations/{organizationId}/users **Operation ID:** `deleteUsers` Deletes a group of users **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | ### GET /organizations/{organizationId}/users/{userId} **Operation ID:** `getUsers` Returns a single user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### PUT /organizations/{organizationId}/users/{userId} **Operation ID:** `updateOrganizationUser` Updates a single user. Modifying email may require reauthentication. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### DELETE /organizations/{organizationId}/users/{userId} **Operation ID:** `deleteOrganizationUser` Deletes a user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### GET /organizations/{organizationId}/users/{userId}/manage_verifiers **Operation ID:** `listUsersManageVerifiers` Returns information about how to initiate a redirect to the VaaS Verifier Management UI. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### PUT /organizations/{organizationId}/users/{userId}/properties **Operation ID:** `updateUsersProperties` Updates an existing users properties in the platform user directory. **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### GET /organizations/{organizationId}/users/{userId}/rolegroups **Operation ID:** `listUsersRolegroups` Returns the role groups assigned to the user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### POST /organizations/{organizationId}/users/{userId}/rolegroups/{roleGroupId} **Operation ID:** `createUsersRolegroups` Assigns the role group to the user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | | `roleGroupId` | query | The ID of the role group in GUID format | required | ### DELETE /organizations/{organizationId}/users/{userId}/rolegroups/{roleGroupId} **Operation ID:** `deleteUsersRolegroups` Unassigns the role group from the user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | | `roleGroupId` | query | The ID of the role group in GUID format | required | ### GET /organizations/{organizationId}/users/{userId}/roles **Operation ID:** `listUsersRoles` Returns a list of roles/permissions assigned to the user, excluding inherited roles/permissions. Note: the `/authorize` API is more appropriate for checking authorization against assigned permissions. **Parameters:** | `role_groups` | query | include permissions assigned via Business Group Role (a.k.a Role Group) membership | optional | | `teams` | query | include permissions assigned via Team membership | optional | | `namespace` | query | return only role/permission assignments where a role contains a permission that is part of the given namespace | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### POST /organizations/{organizationId}/users/{userId}/roles **Operation ID:** `createUsersRoles` Bulk assign roles to the user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### POST /organizations/{organizationId}/users/{userId}/roles/{roleId} **Operation ID:** `addRoleToOrganizationUser` Assign a role to the user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | | `roleId` | query | The ID of the role in GUID format | required | ### DELETE /organizations/{organizationId}/users/{userId}/roles/{roleId} **Operation ID:** `deleteUsersRoles` Unassign a role from the user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | | `roleId` | query | The ID of the role in GUID format | required | ### GET /organizations/{organizationId}/users/{userId}/teams **Operation ID:** `listUsersTeams` Returns a list of teams the user is a member of **Parameters:** | `ancestor_team_id` | query | team_id that must appear in the team's ancestor_team_ids. | optional | | `membership_type` | query | return only teams where the user is this type of member | optional | | `parent_team_id` | query | team_id of the immediate parent of the team to return. | optional | | `offset` | query | The number of records to omit from the response. | optional | | `ascending` | query | Whether to sort ascending or descending | required | | `team_type` | query | return only teams that are of this type | optional | | `sort` | query | The field to sort on. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on team name | optional | | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### DELETE /organizations/{organizationId}/users/{userId}/verifiers **Operation ID:** `deleteUsersVerifiers` Revokes all mfa verifiers associated with the user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### GET /organizations/{organizationId}/users/{userId}/identityProviderProfiles **Operation ID:** `listUsersIdentityProviderProfiles` Returns the list of the identity provider profiles of the user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### DELETE /organizations/{organizationId}/users/{userId}/identityProviderProfiles **Operation ID:** `deleteUsersIdentityProviderProfiles` Removes an identity provider profile from a user **Parameters:** | `organizationId` | query | The ID of the organization in GUID format | required | | `userId` | query | The ID of the user in GUID format | required | ### GET /profile **Operation ID:** `listProfile` Returns the user bound to the provided access token ### POST /recover/password **Operation ID:** `createRecoverPassword` sends a 'forgot password' email with password reset link to the email associated with the given username ### GET /recover/password/{recoverCode} **Operation ID:** `listRecoverPassword` Checks the validity of the password reset code **Parameters:** | `recoverCode` | query | A code sent in a password reset email used to prove the bearer has the right to change a user's password | required | ### POST /recover/password/{recoverCode} **Operation ID:** `createRecoverPasswordByCode` Sets a new password for the user associated with the password reset code **Parameters:** | `recoverCode` | query | A code sent in a password reset email used to prove the bearer has the right to change a user's password | required | ### POST /recover/username **Operation ID:** `createRecoverUsername` sends email with list of usernames associated with the given email ### GET /roles **Operation ID:** `listRoles` Retrieves a list of roles **Parameters:** | `name` | query | The name of a role | optional | | `description` | query | The description of a role | optional | | `include_internal` | query | Include internal roles | optional | | `offset` | query | The number of records to omit from the response. | optional | | `limit` | query | Maximum records to retrieve per request. | optional | | `search` | query | A search string to use for case-insensitive partial matches on role names | optional | | `sort` | query | The field to sort on. | optional | | `ascending` | query | Whether to sort ascending or descending | required | ### GET /roles/{roleId} **Operation ID:** `getRoles` Returns a single role by ID **Parameters:** | `roleId` | query | The ID of the role in GUID format | required | ### GET /roles/{roleId}/users **Operation ID:** `listRolesUsers` Returns users for a single role. This endpoint is rate lmited. **Parameters:** | `roleId` | query | The ID of the role in GUID format | required | ### GET /roles/{roleId}/permissions **Operation ID:** `listRolesPermissions` List permissions assigned to a given role **Parameters:** | `roleId` | query | The ID of the role in GUID format | required | ### POST /roles/rolegroups/search **Operation ID:** `createRolesRolegroupsSearch` Search rolegroups by role assignments ### POST /roles/teams/search **Operation ID:** `createRolesTeamsSearch` Search teams by role assignments **Parameters:** | `include_inherited` | query | Include child teams who inherited the matching permissions | optional | ### GET /roles/users **Operation ID:** `listAllRolesUsers` Retrieve users by roles **Parameters:** | `role_groups` | query | Flag that indicates if we should include role groups assignments when looking for the role | required | | `teams` | query | Flag that indicates if we should include team role assignments when looking for the role | required | ### POST /roles/users/search **Operation ID:** `createRolesUsersSearch` Seach users by role assignments ### GET /session **Operation ID:** `listSession` Retrieves session timeout meta data ### POST /session **Operation ID:** `createSession` Extend the session timeout time ### GET /signup **Operation ID:** `listSignup` Retrieves data about joining an organization via invite code **Parameters:** | `code` | query | Invite code | required | ### POST /signup **Operation ID:** `createSignup` Creates a new user and organization, or accepts an invite to join an existing organization. Supports two modes: full signup or accepting an invite via code. Authentication: For full signup, either provide captchaCode or Authorization header. ### POST /signup/existingUser **Operation ID:** `createSignupExistingUser` Get information about signing up (accepting an invite) with an existing user ### GET /status **Operation ID:** `listStatus` Retrieves the health of the application. **Parameters:** | `db` | query | Flag that indicates if we should perform a root DB connection check or not as part of the healthcheck. | required | | `replicas` | query | Flag that indicates if we should check all replica DB connections or not as part of the healthcheck. | required | | `arc` | query | Flag that indicates if we should check if ARC (Anypoint Roles Clients) is loaded as part of the healthcheck. | required | | `keys` | query | Flag that indicates if we should check if the JWKS key store is loaded as part of the healthcheck. | required | | `ld` | query | Flag that indicates if we should check if the LaunchDarkly client is initialized as part of the healthcheck. | required | | `all` | query | Flag that indicates if we should perform all registered checks | required | ### GET /subscriptions **Operation ID:** `listSubscriptions` Retrieve the subscriptions supported ### GET /support **Operation ID:** `listSupport` Redirect to the support portal or the getting help documentation ### GET /username/{username} **Operation ID:** `getUsername` Check if the username is already taken **Parameters:** | `username` | query | Username to search | required | ### GET /users **Operation ID:** `listAllUsers` Returns a group of users **Parameters:** | `deleted` | query | Specify if you want to retrieve only deleted | required | | `type` | query | Specify the type of user you want to retrieve. | required | | `mfaVerificationExcluded` | query | Specify if you want to retrieve only users with a given mfaVerificationExcluded value | required | ### POST /users **Operation ID:** `createUser` Creates new users ### PUT /users **Operation ID:** `updateAllUsers` Update a group of users ### DELETE /users **Operation ID:** `deleteAllUsers` Delete a group of users ### GET /users/{userId} **Operation ID:** `getUserById` Returns a single user **Parameters:** | `userId` | query | The ID of the user in GUID format | required | ### PUT /users/{userId} **Operation ID:** `updateUserById` Updates a single user. Modifying email may require reauthentication. **Parameters:** | `userId` | query | The ID of the user in GUID format | required | ### DELETE /users/{userId} **Operation ID:** `deleteUserById` Deletes a user **Parameters:** | `userId` | query | The ID of the user in GUID format | required | ### POST /users/{userId}/banpassword **Operation ID:** `createUsersBanpassword` Ban a user's password such that no new users can set that as their password ever again. When the user logs in with the banned password, they will be taken through the reset password flow **Parameters:** | `userId` | query | The ID of the user in GUID format | required | ### PUT /users/{userId}/properties **Operation ID:** `updateUserProperties` Update the properties of a user **Parameters:** | `userId` | query | The ID of the user in GUID format | required | ### GET /users/{userId}/roles **Operation ID:** `listAllUserRoles` Returns a list of roles assigned to the user **Parameters:** | `namepace` | query | return only role assignments where a role contains a permission that is part of the given namespace | optional | | `role_groups` | query | get user roles from role_groups | optional | | `teams` | query | get team roles from team_role_assignments | optional | | `userId` | query | The ID of the user in GUID format | required | ### POST /users/{userId}/roles/{roleId} **Operation ID:** `addRoleToUser` Assign a role to the user **Parameters:** | `userId` | query | The ID of the user in GUID format | required | | `roleId` | query | The ID of the role in GUID format | required | ### DELETE /users/{userId}/roles/{roleId} **Operation ID:** `removeRoleFromUser` Unassign a role from the user **Parameters:** | `userId` | query | The ID of the user in GUID format | required | | `roleId` | query | The ID of the role in GUID format | required | ### GET /users/me **Operation ID:** `listUsersMe` Returns the user bound to the provided access token ### GET /version **Operation ID:** `listVersion` Retrieve the version info for the application ### GET /v2/oauth2/authorize **Operation ID:** `listV2Oauth2Authorize` Starts an OAuth2 authorization flow; allows the logged-in user to authorize 3rd-party access to their data **Parameters:** | `client_id` | query | The ID of the application attempting to be authorized | optional | | `scope` | query | Space-delimited list of scopes the client is requesting | optional | | `state` | query | a parameter with a string that will be supplied in a redirect back to the application upon success | optional | | `redirect_uri` | query | Redirect uri for the application's authorization callback | optional | | `response_type` | query | describes the type of object that the application wishes to receive upon success | optional | | `nonce` | query | value used to mitigate replay attacks | optional | ### POST /v2/oauth2/authorize **Operation ID:** `createV2Oauth2Authorize` Starts an OAuth2 authorization flow; allows the logged-in user to authorize 3rd-party access to their data ### GET /v2/oauth2/authorize/{domain} **Operation ID:** `listV2Oauth2AuthorizeByDomain` Starts an OAuth2 authorization flow; allows the logged-in user to authorize 3rd-party access to their data **Parameters:** | `nonce` | query | value used to mitigate replay attacks | optional | | `state` | query | a parameter with a string that will be supplied in a redirect back to the application upon success | optional | | `scope` | query | Space-delimited list of scopes the client is requesting | optional | | `redirect_uri` | query | Redirect uri for the application's authorization callback | optional | | `client_id` | query | The ID of the application attempting to be authorized | optional | | `response_type` | query | describes the type of object that the application wishes to receive upon success | optional | | `domain` | query | Domain name to identify the organization to identify what identity management system needs to authentication the user. | required | ### POST /v2/oauth2/authorize/{domain} **Operation ID:** `createV2Oauth2AuthorizeByDomain` Starts an OAuth2 authorization flow; allows the logged-in user to authorize 3rd-party access to their data **Parameters:** | `domain` | query | Domain name to identify the organization to identify what identity management system needs to authentication the user. | required | ### POST /v2/oauth2/decision **Operation ID:** `createV2Oauth2Decision` Confirms whether a user grants consent to a 3rd-party application ### POST /v2/oauth2/token **Operation ID:** `createV2Oauth2Token` Allows 3rd-party applications to receive tokens via a variety of supported grant types ### GET /v2/oauth2/keys **Operation ID:** `listV2Oauth2Keys` Public JWK Set used to sign OpenID Connect id_tokens ### GET /v2/oauth2/.well-known/openid-configuration **Operation ID:** `getOpenidConfiguration` OpenID Connect Discovery Configuration ### GET /v2/oauth2/userinfo **Operation ID:** `listV2Oauth2Userinfo` OpenID Connect Userinfo endpoint. ### POST /v2/oauth2/userinfo **Operation ID:** `createV2Oauth2Userinfo` OpenID Connect Userinfo endpoint. ### POST /v2/oauth2/introspect **Operation ID:** `createV2Oauth2Introspect` Introspect an access token or refresh token ### POST /v2/oauth2/revoke **Operation ID:** `createV2Oauth2Revoke` Revoke an access token or a refresh token ### GET /v2/organizations/{organizationId} **Operation ID:** `getV2Organization` Retrieves details of v2. **Parameters:** | `organizationId` | query | The id of the organization | required | ### DELETE /v2/organizations/{organizationId} **Operation ID:** `deleteV2Organization` Deletes an existing v2. **Parameters:** | `force` | query | If true, safety validations should be ignored | optional | | `organizationId` | query | The id of the organization | required | ### GET /v2/organizations/{organizationId}/einstein/status **Operation ID:** `listV2EinsteinStatus` Get the org-wide Einstein status **Parameters:** | `organizationId` | query | The id of the organization | required | ### PUT /v2/organizations/{organizationId}/einstein/status **Operation ID:** `updateV2EinsteinStatus` Set the org-wide Einstein status **Parameters:** | `organizationId` | query | The id of the organization | required | ### GET /v2/organizations/{organizationId}/einstein/termsAndConditions **Operation ID:** `listV2EinsteinTermsAndConditions` Get the agreement status for einstein terms and conditions **Parameters:** | `organizationId` | query | The id of the organization | required | ### PUT /v2/organizations/{organizationId}/einstein/termsAndConditions **Operation ID:** `updateV2EinsteinTermsAndConditions` Toggle the agreement status for einstein terms and conditions **Parameters:** | `organizationId` | query | The id of the organization | required | ### GET /v2/organizations/{organizationId}/entitlements **Operation ID:** `listV2Entitlements` Retrieves a list of v2 entitlements. **Parameters:** | `organizationId` | query | The id of the organization | required | ### PUT /v2/organizations/{organizationId}/entitlements **Operation ID:** `updateV2Entitlements` Sets one or more values for entitlements **Parameters:** | `organizationId` | query | The id of the organization | required | ### GET /v2/organizations/{organizationId}/entitlements/{entitlementName} **Operation ID:** `getV2Entitlements` Returns the name and value of the specified entitlement **Parameters:** | `organizationId` | query | The id of the organization | required | | `entitlementName` | query | The name of the entitlement | required | ### DELETE /v2/organizations/{organizationId}/environments/{environmentId} **Operation ID:** `deleteV2Environments` Delete an environment **Parameters:** | `organizationId` | query | The id of the organization | required | | `environmentId` | query | The unique identifier of the environment. | required | ### GET /v2/roles/users **Operation ID:** `listV2RolesUsers` Retrieve users by roles **Parameters:** | `role_groups` | query | Flag that indicates if we should include role groups assignments when looking for the role | required | | `teams` | query | Flag that indicates if we should include team role assignments when looking for the role | required | ## Related Skills - [apply-policy-to-api-instance](https://dev-portal.mulesoft.com/skills/apply-policy-to-api-instance.md) — Apply a policy to an existing API Manager instance. Use when the user wants to add a policy, enforce security, configure rate limiting, apply OAuth2, set up IP allowlisting, or protect an API with any policy template from the catalog. - [run-agent-scan-and-view-results](https://dev-portal.mulesoft.com/skills/run-agent-scan-and-view-results.md) — Executes an agent scanner and views the discovered AI agents. Use when running an agent scan, checking scan status, viewing scan history, reviewing discovered agents from external platforms, or importing agents into Anypoint Exchange. - [secure-agent](https://dev-portal.mulesoft.com/skills/secure-agent.md) — Secure an agent by applying a policy from the catalog. Handles multiple starting points: from an existing API Manager instance, from an agent asset in Exchange, or from scratch by publishing the agent first. Use when the user wants to secure an agent, add rate limiting, apply OAuth2, enforce IP allowlisting, or protect any agent with a policy — regardless of where they are in the setup process. - [secure-api](https://dev-portal.mulesoft.com/skills/secure-api.md) — Secure an API by applying a policy from the catalog. Handles multiple starting points: from an existing API Manager instance, from an Exchange asset that needs an instance, or from scratch. Use when the user wants to secure an API, add rate limiting, apply OAuth2, enforce IP allowlisting, or protect any API with a policy — regardless of where they are in the setup process. - [secure-mcp-server](https://dev-portal.mulesoft.com/skills/secure-mcp-server.md) — Secure an MCP server by applying a policy from the catalog. Handles multiple starting points: from an existing API Manager instance, from an MCP server asset in Exchange, or from scratch by publishing the MCP server first. Use when the user wants to secure an MCP server, add rate limiting, apply OAuth2, enforce IP allowlisting, or protect any MCP server with a policy — regardless of where they are in the setup process. - [setup-agent-scanner](https://dev-portal.mulesoft.com/skills/setup-agent-scanner.md) — Creates a scanner configuration to discover AI agents from external platforms like AWS Bedrock, Microsoft Copilot, or Google Vertex AI. Use when setting up agent discovery, configuring a new scanner, connecting to cloud AI platforms, or importing agents into Anypoint Exchange.