Resource Access Grant API

Allows you to grant a user access to specific resouces in a workspace.


Prerequisites

The user needs to exist - see the User Management API documentation for how to invite users via the API.

Access Grant Object

FieldTypeDescription
idUUIDThe unique identifier for the access grant.
grant_typeenum (string)The type of resource the access grant is for. At the moment ‘CUSTOMER’ is the only resource an access grant can be created for.
user_idUUIDThe unique identifier for the user.
resource_idUUIDThe unique identifier for the resource.
expires_atstring (ISO 8601 datetime)The UTC datetime when the access grant will expire.
revokedbooleanWhether or not the access grant has been revoked.
revoked_atstring (ISO 8601 datetime) or nullThe UTC datetime when the access grant was revoked or null if the access grant was never revoked.

List All Access Grants for User: GET /api/v2/users/:user_uuid/grants

This endpoint retrieves all access grants associated with a user including revoked and expired grants. The returned access grants are in descending expires_at order.

Path Parameters

  • user_uuid (string, required): The UUID of the user with access grants.

Request

curl -X GET "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants"\
     -H "Authorization: Inscribe <YOUR_API_KEY>"

Response

{
    "data": [
        {
		  "id": "123e4567-e89b-12d3-a456-426614174000",
		  "grant_type": "CUSTOMER",
	          "user_id": "<USER_UUID>",
	          "resource_id": "123e4567-e89b-12d3-a456-426614174000",
	          "expires_at": "2026-01-02T10:35:00Z",
	          "revoked": false,
	          "revoked_at": null,
	}
    ]
}        

Get a single access grant: GET /api/v2/users/:user_uuid/grants/:grant_uuid

This endpoint retrieves a single access grant via the unique id associated with the grant.

Path Parameters

  • user_uuid (string, required): The UUID of the user with the access grant.
  • grant_uuid (string, required): The UUID of the grant.

Request

curl -X GET "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants/<GRANT_UUID>" \
     -H "Authorization: Inscribe <YOUR_API_KEY>"

Response

{
    "id": "<GRANT_UUID>",
    "grant_type": "CUSTOMER",
    "user_id": "<USER_UUID>",
    "resource_id": "123e4567-e89b-12d3-a456-426614174000",
    "expires_at": "2026-01-02T10:35:00Z",
    "revoked": false,
    "revoked_at": null,
}

Create an access grant: POST /api/v2/users/:user_uuid/grants

This endpoint creates an access grant for a user. It grants the user view/edit access to the specified resource.

  • It requires an expires_at datetime to be specified - this defines the time after which the user will no longer have access to the resource.
  • Multiple access grants can exist for the same user/resource pair.
  • The user and the resource must both exist in the same workspace.

Path Parameters

  • user_uuid (string, required): The UUID of the user with access grants.

Request Body

  • grant_type (string, required): The type of the resource that the access grant is for. CUSTOMER is the only resource supported at the moment.
  • resource_id (string, required): The UUID of the resource that you want to grant access to.
  • expires_at (string, required): An ISO8601 formatted datetime string. We recommend sending UTC datetime strings but datetimes with an explicit time offset (YYYY-MM-DDThh:mm(+|-)hh:mm) are also accepted.

Request

curl -X POST "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants" \
     -H "Authorization: Inscribe <YOUR_API_KEY>" \
     -H "Content-Type: application/json" \
     -d '{"grant_type": "CUSTOMER", 
          "resource_id": "<CUSTOMER_UUID>", 
          "expires_at": "<YYYY-MM-DDThh:mmZ>"}'

Response

{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "grant_type": "CUSTOMER",
    "user_id": "<USER_UUID>",
    "resource_id": "123e4567-e89b-12d3-a456-426614174000",
    "expires_at": "<YYYY-MM-DDThh:mmZ>",
    "revoked": false,
    "revoked_at": null,
}

Revoke an access grant: POST /api/v2/users/:user_uuid/grants/:grant_uuid/revoke

This endpoint modifies an existing access grant to revoke the grant prior to the grant’s expires_at datetime.

  • An expired grant cannot be revoked.
  • A revoked grant cannot be revoked again.

Request

curl -X POST "https://api.inscribe.ai/api/v2/users/<USER_UUID>/grants/<GRANT_UUID>/revoke" \
     -H "Authorization: Inscribe <YOUR_API_KEY>"

Response

{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "grant_type": "CUSTOMER",
    "user_id": "<USER_UUID>",
    "resource_id": "123e4567-e89b-12d3-a456-426614174000",
    "expires_at": "2026-01-02T10:35:00Z",
    "revoked": true,
    "revoked_at": "<CURRENT_TIMESTAMP>",
}