Skip to main content
POST
/
api
/
v1
/
apps
/
{app_id}
/
entitlements
Create
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.AppEntitlements.Create(ctx, operations.C1APIAppV1AppEntitlementsCreateRequest{
        AppID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.CreateAppEntitlementResponse != nil {
        // handle response
    }
}
{
  "appEntitlementView": {
    "appEntitlement": {
      "alias": "<string>",
      "appId": "<string>",
      "appResourceId": "<string>",
      "appResourceTypeId": "<string>",
      "certifyPolicyId": "<string>",
      "complianceFrameworkValueIds": [
        "<string>"
      ],
      "createdAt": "2023-11-07T05:31:56Z",
      "defaultValuesApplied": true,
      "deletedAt": "2023-11-07T05:31:56Z",
      "deprovisionerPolicy": {
        "action": {
          "actionName": "<string>",
          "appId": "<string>",
          "connectorId": "<string>",
          "displayName": "<string>"
        },
        "connector": {
          "account": {
            "config": {},
            "connectorId": "<string>",
            "doNotSave": {},
            "saveToVault": {
              "vaultIds": [
                "<string>"
              ]
            },
            "schemaId": "<string>"
          },
          "defaultBehavior": {
            "connectorId": "<string>"
          },
          "deleteAccount": {
            "connectorId": "<string>"
          }
        },
        "delegated": {
          "appId": "<string>",
          "entitlementId": "<string>",
          "implicit": true
        },
        "externalTicket": {
          "appId": "<string>",
          "connectorId": "<string>",
          "externalTicketProvisionerConfigId": "<string>",
          "instructions": "<string>"
        },
        "manual": {
          "instructions": "<string>",
          "userIds": [
            "<string>"
          ]
        },
        "multiStep": {
          "provisionSteps": "<array>"
        },
        "unconfigured": {},
        "webhook": {
          "webhookId": "<string>"
        }
      },
      "description": "<string>",
      "displayName": "<string>",
      "durationGrant": "<string>",
      "durationUnset": {},
      "emergencyGrantEnabled": true,
      "emergencyGrantPolicyId": "<string>",
      "grantCount": "<string>",
      "grantPolicyId": "<string>",
      "id": "<string>",
      "isAutomationEnabled": true,
      "isManuallyManaged": true,
      "matchBatonId": "<string>",
      "overrideAccessRequestsDefaults": true,
      "provisionerPolicy": {
        "action": {
          "actionName": "<string>",
          "appId": "<string>",
          "connectorId": "<string>",
          "displayName": "<string>"
        },
        "connector": {
          "account": {
            "config": {},
            "connectorId": "<string>",
            "doNotSave": {},
            "saveToVault": {
              "vaultIds": [
                "<string>"
              ]
            },
            "schemaId": "<string>"
          },
          "defaultBehavior": {
            "connectorId": "<string>"
          },
          "deleteAccount": {
            "connectorId": "<string>"
          }
        },
        "delegated": {
          "appId": "<string>",
          "entitlementId": "<string>",
          "implicit": true
        },
        "externalTicket": {
          "appId": "<string>",
          "connectorId": "<string>",
          "externalTicketProvisionerConfigId": "<string>",
          "instructions": "<string>"
        },
        "manual": {
          "instructions": "<string>",
          "userIds": [
            "<string>"
          ]
        },
        "multiStep": {
          "provisionSteps": "<array>"
        },
        "unconfigured": {},
        "webhook": {
          "webhookId": "<string>"
        }
      },
      "purpose": "APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED",
      "requestSchemaId": "<string>",
      "revokePolicyId": "<string>",
      "riskLevelValueId": "<string>",
      "slug": "<string>",
      "sourceConnectorIds": {},
      "systemBuiltin": true,
      "updatedAt": "2023-11-07T05:31:56Z",
      "userEditedMask": "<string>"
    },
    "appPath": "<string>",
    "appResourcePath": "<string>",
    "appResourceTypePath": "<string>"
  },
  "expanded": [
    {
      "@type": "<string>"
    }
  ]
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

app_id
string
required

The appId field.

Body

application/json

The CreateAppEntitlementRequest message.

This message contains a oneof named max_grant_duration. Only a single field of the following list may be set at a time:

  • durationUnset
  • durationGrant
displayName
string
required

The displayName field.

alias
string

The alias field.

appEntitlementOwnerIds
string[] | null

The appEntitlementOwnerIds field.

appResourceId
string

The appResourceId field.

appResourceTypeId
string

The appResourceTypeId field.

certifyPolicyId
string

The certifyPolicyId field.

complianceFrameworkValueIds
string[] | null

The complianceFrameworkValueIds field.

description
string

The description field.

durationGrant
string<duration>
durationUnset
object
emergencyGrantEnabled
boolean

The emergencyGrantEnabled field.

emergencyGrantPolicyId
string

The emergencyGrantPolicyId field.

expandMask
App Entitlement Expand Mask · object

The app entitlement expand mask allows the user to get additional information when getting responses containing app entitlement views.

grantPolicyId
string

The grantPolicyId field.

matchBatonId
string

If supplied, it's implied that the entitlement is created before sync and needs to be merged with connector entitlement.

overrideAccessRequestsDefaults
boolean

The overrideAccessRequestsDefaults field.

provisionPolicy
Provision Policy · object

ProvisionPolicy is a oneOf that indicates how a provision step should be processed.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

  • connector
  • manual
  • delegated
  • webhook
  • multiStep
  • externalTicket
  • unconfigured
  • action
purpose
enum<string>

The purpose field.

Available options:
APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED,
APP_ENTITLEMENT_PURPOSE_VALUE_ASSIGNMENT,
APP_ENTITLEMENT_PURPOSE_VALUE_PERMISSION
revokePolicyId
string

The revokePolicyId field.

riskLevelValueId
string

The riskLevelValueId field.

slug
string

The slug field.

Response

200 - application/json

Successful response

The CreateAppEntitlementResponse message.

appEntitlementView
App Entitlement View · object

The app entitlement view contains the serialized app entitlement and paths to objects referenced by the app entitlement.

expanded
object[] | null

The expanded field.