Resource Access Grant API
Allows you to grant a user access to specific resouces in a workspace.
Prerequisites
The user needs to exist - see the User Management API documentation for how to invite users via the API.
Access Grant Object
Field | Type | Description |
---|---|---|
id | UUID | The unique identifier for the access grant. |
grant_type | enum (string) | The type of resource the access grant is for. At the moment ‘CUSTOMER’ is the only resource an access grant can be created for. |
user_id | UUID | The unique identifier for the user. |
resource_id | UUID | The unique identifier for the resource. |
expires_at | string (ISO 8601 datetime) | The UTC datetime when the access grant will expire. |
revoked | boolean | Whether or not the access grant has been revoked. |
revoked_at | string (ISO 8601 datetime) or null | The UTC datetime when the access grant was revoked or null if the access grant was never revoked. |
List All Access Grants for User: GET /api/v2/users/:user_uuid/grants
GET /api/v2/users/:user_uuid/grants
This endpoint retrieves all access grants associated with a user including revoked and expired grants. The returned access grants are in descending expires_at
order.
Path Parameters
user_uuid
(string, required): The UUID of the user with access grants.
Request
curl -X GET "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants"\
-H "Authorization: Inscribe <YOUR_API_KEY>"
Response
{
"data": [
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"grant_type": "CUSTOMER",
"user_id": "<USER_UUID>",
"resource_id": "123e4567-e89b-12d3-a456-426614174000",
"expires_at": "2026-01-02T10:35:00Z",
"revoked": false,
"revoked_at": null,
}
]
}
Get a single access grant: GET /api/v2/users/:user_uuid/grants/:grant_uuid
GET /api/v2/users/:user_uuid/grants/:grant_uuid
This endpoint retrieves a single access grant via the unique id associated with the grant.
Path Parameters
user_uuid
(string, required): The UUID of the user with the access grant.grant_uuid
(string, required): The UUID of the grant.
Request
curl -X GET "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants/<GRANT_UUID>" \
-H "Authorization: Inscribe <YOUR_API_KEY>"
Response
{
"id": "<GRANT_UUID>",
"grant_type": "CUSTOMER",
"user_id": "<USER_UUID>",
"resource_id": "123e4567-e89b-12d3-a456-426614174000",
"expires_at": "2026-01-02T10:35:00Z",
"revoked": false,
"revoked_at": null,
}
Create an access grant: POST /api/v2/users/:user_uuid/grants
POST /api/v2/users/:user_uuid/grants
This endpoint creates an access grant for a user. It grants the user view/edit access to the specified resource.
- It requires an
expires_at
datetime to be specified - this defines the time after which the user will no longer have access to the resource. - Multiple access grants can exist for the same user/resource pair.
- The user and the resource must both exist in the same workspace.
Path Parameters
user_uuid
(string, required): The UUID of the user with access grants.
Request Body
grant_type
(string, required): The type of the resource that the access grant is for.CUSTOMER
is the only resource supported at the moment.resource_id
(string, required): The UUID of the resource that you want to grant access to.expires_at
(string, required): An ISO8601 formatted datetime string. We recommend sending UTC datetime strings but datetimes with an explicit time offset (YYYY-MM-DDThh:mm(+|-)hh:mm
) are also accepted.
Request
curl -X POST "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants" \
-H "Authorization: Inscribe <YOUR_API_KEY>" \
-H "Content-Type: application/json" \
-d '{"grant_type": "CUSTOMER",
"resource_id": "<CUSTOMER_UUID>",
"expires_at": "<YYYY-MM-DDThh:mmZ>"}'
Response
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"grant_type": "CUSTOMER",
"user_id": "<USER_UUID>",
"resource_id": "123e4567-e89b-12d3-a456-426614174000",
"expires_at": "<YYYY-MM-DDThh:mmZ>",
"revoked": false,
"revoked_at": null,
}
Revoke an access grant: POST /api/v2/users/:user_uuid/grants/:grant_uuid/revoke
POST /api/v2/users/:user_uuid/grants/:grant_uuid/revoke
This endpoint modifies an existing access grant to revoke the grant prior to the grant’s expires_at
datetime.
- An expired grant cannot be revoked.
- A revoked grant cannot be revoked again.
Request
curl -X POST "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants/<GRANT_UUID>/revoke" \
-H "Authorization: Inscribe <YOUR_API_KEY>"
Response
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"grant_type": "CUSTOMER",
"user_id": "<USER_UUID>",
"resource_id": "123e4567-e89b-12d3-a456-426614174000",
"expires_at": "2026-01-02T10:35:00Z",
"revoked": true,
"revoked_at": "<CURRENT_TIMESTAMP>",
}
Updated about 13 hours ago