Boundary controller HTTP API

Account Service

List AccountsGET/v1/accounts

Lists all accounts in a specific auth method.

Query Parameters

auth_method_id string

The ID of the auth method whose accounts should be listed.

filter string

You can specify that the filter should only return items that match. Refer to filter expressions for more information.

list_token string

An opaque token that Boundary uses to continue an existing iteration or request updated items. If you do not specify a token, pagination starts from the beginning. To learn more about list pagination in Boundary, refer to list pagination.

page_size integer

The maximum size of a page in this iteration. If you do not set a page size, Boundary uses the configured default page size. If the page_size is greater than the default page size configured, Boundary truncates the page size to this number.

Successful Response

items object[]

Account contains all fields related to an account resource

id string

The ID of the account.

scope object

Scope information for the account.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation fails if the version does not match the latest known good version. Version is not required when you create an account.

type string

The type of this account. If you do not set an account type, Boundary infers it from the type of the auth method.

auth_method_id string

The ID of the auth method that is associated with this account.

attributes object

The attributes that are applicable for the specific account type. The schema of this field depends on the type of the auth method that you create the account in. For password auth methods, the parameters are:

{
  "login_name": "login_name",
  "password": "password"
}

For OIDC auth methods, the parameters are:

{
  "issuer": "issuer",
  "subject": "subject",
  "full_name": "full_name",
  "email": "email",
  "token_claims": {},
  "userinfo_claims": {}
}

For LDAP auth methods, the parameters are:

{
  "login_name": "login_name",
  "full_name": "full_name",
  "email": "email",
  "dn": "dn",
  "member_of_groups": ["member_of_groups"]
}

managed_group_ids string[]

authorized_actions string[]

response_type string

The type of response, either "delta" or "complete". Delta signifies that this is part of a paginated result or an update to a previously completed pagination. Complete signifies that it is the last page.

list_token string

An opaque token used to continue an existing pagination or request updated items. Use this token in the next list request to request the next page.

sort_by string

The name of the field which the items are sorted by.

sort_dir string

The direction of the sort, either "asc" or "desc".

removed_ids string[]

est_item_count integer

An estimate at the total items available. This may change during pagination.

Create AccountPOST/v1/accounts

Creates a single account in the provided auth method.

Body Parameters

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

type string

The type of this account. If you do not set an account type, Boundary infers it from the type of the auth method.

auth_method_id string

The ID of the auth method that is associated with this account.

attributes object

{
  "login_name": "login_name",
  "password": "password"
}

For OIDC auth methods, the parameters are:

{
  "issuer": "issuer",
  "subject": "subject",
  "full_name": "full_name",
  "email": "email",
  "token_claims": {},
  "userinfo_claims": {}
}

For LDAP auth methods, the parameters are:

{
  "login_name": "login_name",
  "full_name": "full_name",
  "email": "email",
  "dn": "dn",
  "member_of_groups": ["member_of_groups"]
}

Successful Response

id string

The ID of the account.

scope object

Scope information for the account.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

type string

The type of this account. If you do not set an account type, Boundary infers it from the type of the auth method.

auth_method_id string

The ID of the auth method that is associated with this account.

attributes object

{
  "login_name": "login_name",
  "password": "password"
}

For OIDC auth methods, the parameters are:

{
  "issuer": "issuer",
  "subject": "subject",
  "full_name": "full_name",
  "email": "email",
  "token_claims": {},
  "userinfo_claims": {}
}

For LDAP auth methods, the parameters are:

{
  "login_name": "login_name",
  "full_name": "full_name",
  "email": "email",
  "dn": "dn",
  "member_of_groups": ["member_of_groups"]
}

managed_group_ids string[]

authorized_actions string[]

Get AccountGET/v1/accounts/{id}

Gets a single account based on the input ID

Path Parameters

id string

The ID of the account that should be retrieved.

Successful Response

id string

The ID of the account.

scope object

Scope information for the account.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

type string

The type of this account. If you do not set an account type, Boundary infers it from the type of the auth method.

auth_method_id string

The ID of the auth method that is associated with this account.

attributes object

{
  "login_name": "login_name",
  "password": "password"
}

For OIDC auth methods, the parameters are:

{
  "issuer": "issuer",
  "subject": "subject",
  "full_name": "full_name",
  "email": "email",
  "token_claims": {},
  "userinfo_claims": {}
}

For LDAP auth methods, the parameters are:

{
  "login_name": "login_name",
  "full_name": "full_name",
  "email": "email",
  "dn": "dn",
  "member_of_groups": ["member_of_groups"]
}

managed_group_ids string[]

authorized_actions string[]

Delete AccountDELETE/v1/accounts/{id}

Deletes an account.

Path Parameters

id string

The ID of the account to delete.

Update AccountPATCH/v1/accounts/{id}

Updates an account.

Path Parameters

id string

The ID of the account that should be updated.

Body Parameters

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

type string

The type of this account. If you do not set an account type, Boundary infers it from the type of the auth method.

auth_method_id string

The ID of the auth method that is associated with this account.

attributes object

{
  "login_name": "login_name",
  "password": "password"
}

For OIDC auth methods, the parameters are:

{
  "issuer": "issuer",
  "subject": "subject",
  "full_name": "full_name",
  "email": "email",
  "token_claims": {},
  "userinfo_claims": {}
}

For LDAP auth methods, the parameters are:

{
  "login_name": "login_name",
  "full_name": "full_name",
  "email": "email",
  "dn": "dn",
  "member_of_groups": ["member_of_groups"]
}

Successful Response

id string

The ID of the account.

scope object

Scope information for the account.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

type string

The type of this account. If you do not set an account type, Boundary infers it from the type of the auth method.

auth_method_id string

The ID of the auth method that is associated with this account.

attributes object

{
  "login_name": "login_name",
  "password": "password"
}

For OIDC auth methods, the parameters are:

{
  "issuer": "issuer",
  "subject": "subject",
  "full_name": "full_name",
  "email": "email",
  "token_claims": {},
  "userinfo_claims": {}
}

For LDAP auth methods, the parameters are:

{
  "login_name": "login_name",
  "full_name": "full_name",
  "email": "email",
  "dn": "dn",
  "member_of_groups": ["member_of_groups"]
}

managed_group_ids string[]

authorized_actions string[]

Change PasswordPOST/v1/accounts/{id}:change-password

Sets the password for the provided account.

Path Parameters

id string

The ID of the account for which the password should be changed.

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

current_password string

The current password for the account.

new_password string

The new password that should be set.

Successful Response

id string

The ID of the account.

scope object

Scope information for the account.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

type string

The type of this account. If you do not set an account type, Boundary infers it from the type of the auth method.

auth_method_id string

The ID of the auth method that is associated with this account.

attributes object

{
  "login_name": "login_name",
  "password": "password"
}

For OIDC auth methods, the parameters are:

{
  "issuer": "issuer",
  "subject": "subject",
  "full_name": "full_name",
  "email": "email",
  "token_claims": {},
  "userinfo_claims": {}
}

For LDAP auth methods, the parameters are:

{
  "login_name": "login_name",
  "full_name": "full_name",
  "email": "email",
  "dn": "dn",
  "member_of_groups": ["member_of_groups"]
}

managed_group_ids string[]

authorized_actions string[]

Set PasswordPOST/v1/accounts/{id}:set-password

Sets the password for the provided account.

Path Parameters

id string

The ID of the account for which the password should be set.

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

password string

The password that should be set.

Successful Response

id string

The ID of the account.

scope object

Scope information for the account.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

The time this resource was created.

updated_time string

The time this resource was last updated.

version integer

type string

The type of this account. If you do not set an account type, Boundary infers it from the type of the auth method.

auth_method_id string

The ID of the auth method that is associated with this account.

attributes object

{
  "login_name": "login_name",
  "password": "password"
}

For OIDC auth methods, the parameters are:

{
  "issuer": "issuer",
  "subject": "subject",
  "full_name": "full_name",
  "email": "email",
  "token_claims": {},
  "userinfo_claims": {}
}

For LDAP auth methods, the parameters are:

{
  "login_name": "login_name",
  "full_name": "full_name",
  "email": "email",
  "dn": "dn",
  "member_of_groups": ["member_of_groups"]
}

managed_group_ids string[]

authorized_actions string[]