Resource Access Grant API
Allows you to grant a user access to specific resouces in a workspace.
Prerequisites
The user needs to exist - see the User Management API documentation for how to invite users via the API.
Access Grant Object
| Field | Type | Description | 
|---|---|---|
| id | UUID | The unique identifier for the access grant. | 
| grant_type | enum (string) | The type of resource the access grant is for. At the moment ‘CUSTOMER’ is the only resource an access grant can be created for. | 
| user_id | UUID | The unique identifier for the user. | 
| resource_id | UUID | The unique identifier for the resource. | 
| expires_at | string (ISO 8601 datetime) | The UTC datetime when the access grant will expire. | 
| revoked | boolean | Whether or not the access grant has been revoked. | 
| revoked_at | string (ISO 8601 datetime) or null | The UTC datetime when the access grant was revoked or null if the access grant was never revoked. | 
List All Access Grants for User: GET /api/v2/users/:user_uuid/grants
GET /api/v2/users/:user_uuid/grantsThis endpoint retrieves all access grants associated with a user including revoked and expired grants. The returned access grants are in descending expires_at order.
Path Parameters
- user_uuid(string, required): The UUID of the user with access grants.
Request
curl -X GET "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants"\
     -H "Authorization: Inscribe <YOUR_API_KEY>"Response
{
    "data": [
        {
		  "id": "123e4567-e89b-12d3-a456-426614174000",
		  "grant_type": "CUSTOMER",
	          "user_id": "<USER_UUID>",
	          "resource_id": "123e4567-e89b-12d3-a456-426614174000",
	          "expires_at": "2026-01-02T10:35:00Z",
	          "revoked": false,
	          "revoked_at": null,
	}
    ]
}        Get a single access grant: GET /api/v2/users/:user_uuid/grants/:grant_uuid
GET /api/v2/users/:user_uuid/grants/:grant_uuidThis endpoint retrieves a single access grant via the unique id associated with the grant.
Path Parameters
- user_uuid(string, required): The UUID of the user with the access grant.
- grant_uuid(string, required): The UUID of the grant.
Request
curl -X GET "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants/<GRANT_UUID>" \
     -H "Authorization: Inscribe <YOUR_API_KEY>"Response
{
    "id": "<GRANT_UUID>",
    "grant_type": "CUSTOMER",
    "user_id": "<USER_UUID>",
    "resource_id": "123e4567-e89b-12d3-a456-426614174000",
    "expires_at": "2026-01-02T10:35:00Z",
    "revoked": false,
    "revoked_at": null,
}Create an access grant:  POST /api/v2/users/:user_uuid/grants
POST /api/v2/users/:user_uuid/grantsThis endpoint creates an access grant for a user. It grants the user view/edit access to the specified resource.
- It requires an expires_atdatetime to be specified - this defines the time after which the user will no longer have access to the resource.
- Multiple access grants can exist for the same user/resource pair.
- The user and the resource must both exist in the same workspace.
Path Parameters
- user_uuid(string, required): The UUID of the user with access grants.
Request Body
- grant_type(string, required): The type of the resource that the access grant is for.- CUSTOMERis the only resource supported at the moment.
- resource_id(string, required): The UUID of the resource that you want to grant access to.
- expires_at(string, required): An ISO8601 formatted datetime string. We recommend sending UTC datetime strings but datetimes with an explicit time offset (- YYYY-MM-DDThh:mm(+|-)hh:mm) are also accepted.
Request
curl -X POST "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants" \
     -H "Authorization: Inscribe <YOUR_API_KEY>" \
     -H "Content-Type: application/json" \
     -d '{"grant_type": "CUSTOMER", 
          "resource_id": "<CUSTOMER_UUID>", 
          "expires_at": "<YYYY-MM-DDThh:mmZ>"}'
Response
{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "grant_type": "CUSTOMER",
    "user_id": "<USER_UUID>",
    "resource_id": "123e4567-e89b-12d3-a456-426614174000",
    "expires_at": "<YYYY-MM-DDThh:mmZ>",
    "revoked": false,
    "revoked_at": null,
}Revoke an access grant: POST /api/v2/users/:user_uuid/grants/:grant_uuid/revoke
POST /api/v2/users/:user_uuid/grants/:grant_uuid/revokeThis endpoint modifies an existing access grant to revoke the grant prior to the grant’s expires_at datetime.
- An expired grant cannot be revoked.
- A revoked grant cannot be revoked again.
Request
curl -X POST "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants/<GRANT_UUID>/revoke" \
     -H "Authorization: Inscribe <YOUR_API_KEY>"Response
{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "grant_type": "CUSTOMER",
    "user_id": "<USER_UUID>",
    "resource_id": "123e4567-e89b-12d3-a456-426614174000",
    "expires_at": "2026-01-02T10:35:00Z",
    "revoked": true,
    "revoked_at": "<CURRENT_TIMESTAMP>",
}Updated 21 days ago
