Turia IAM API Product (1.1.0)

Turia IAM API Product

Healthcheck

Operations for checking the API status.

Check API status

Responses

Response samples

200

Content type

application/json

{"status": "OK"
}

Members

Operations with members, including creation, listing, deletion, and management of individual or batch grants.

Returns a list of members of the organization

Authorizations:

OAuth2

query Parameters

Email (string) or Email (null) (Email)

Example: email=john.doe@example.com

Responses

Response samples

200
403

Content type

application/json

[{"uuid": "550e8400-e29b-41d4-a716-446655440000",
"email": "john.doe@example.com",
"name": "John Doe",
"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"profile": "administrator"
}
]

Add a member to the organization or send an invite if the member does not have an account

Authorizations:

OAuth2

Request Body schema: application/json
required

email required	string <email> (Email)
roles	Array of strings (Roles)
permissions	Array of strings (Permissions)

Responses

Request samples

Payload

Content type

application/json

{"email": "user@example.com",
"roles": ["editor"
],
"permissions": ["turia_iam_editor"
]
}

Response samples

200
403
422

Content type

application/json

{"uuid": "550e8400-e29b-41d4-a716-446655440000",
"email": "john.doe@example.com",
"name": "John Doe",
"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"profile": "administrator",
"action": "added"
}

Removes a member from the organization using their UUID

Authorizations:

OAuth2

path Parameters

uuid

required

string <uuid> (Uuid)

Example: 9f1c2d3e-4567-89ab-cdef-1234567890ab

Responses

Response samples

400
403

Content type

application/json

{"detail": {"message": "Only organization owner can remove another administrator account",
"error_code": 20025
}
}

Retrieve grants assigned to a member

Authorizations:

OAuth2

path Parameters

uuid

required

string <uuid> (Uuid)

Example: 9f1c2d3e-4567-89ab-cdef-1234567890ab

Responses

Response samples

200
403
422

Content type

application/json

{"roles": ["editor"
],
"permissions": ["turia_iam_editor"
]
}

Add or remove roles and permissions for a member

Authorizations:

OAuth2

path Parameters

uuid

required

string <uuid> (Uuid)

Example: 9f1c2d3e-4567-89ab-cdef-1234567890ab

Request Body schema: application/json
required

operation required	string (Operation) Enum: "add" "remove"
roles	Array of strings (Roles) Default: []
permissions	Array of strings (Permissions) Default: []

Responses

Request samples

Payload

Content type

application/json

{"operation": "add",
"roles": ["editor"
],
"permissions": ["turia_iam_editor"
]
}

Response samples

403
422

Content type

application/json

{"origin": "permissionsAPI",
"permission": "turia_iam_editor",
"product": "turiaiam",
"message": "User action not authorized for permission turia_iam_editor"
}

Add or remove roles and permissions for multiple members at once

Authorizations:

OAuth2

Request Body schema: application/json
required

member_ids required	Array of strings <uuid> (Member Ids) [ items <uuid > ]
operation required	string (Operation) Enum: "add" "remove"
role_names	Array of strings (Role Names) Default: []
permission_names	Array of strings (Permission Names) Default: []

Responses

Request samples

Payload

Content type

application/json

{"member_ids": ["550e8400-e29b-41d4-a716-446655440000"
],
"operation": "add",
"role_names": ["editor"
],
"permission_names": ["turia_iam_editor"
]
}

Response samples

403
422

Content type

application/json

{"origin": "permissionsAPI",
"permission": "turia_iam_editor",
"product": "turiaiam",
"message": "User action not authorized for permission turia_iam_editor"
}

Access-Control

Operations with access control, including detailed retrieval, creation, and updating of settings

Retrieve access control settings

Authorizations:

OAuth2

Responses

Response samples

200
403

Content type

application/json

{"name": "Turia",
"description": "Organization managing IAM and access settings",
"tenant_id": "8e4f75f4-4298-49e7-87c9-652178c0ecd0",
"enabled": true,
"enforce_mfa": true
}

Create access control

Authorizations:

OAuth2

Request Body schema: application/json
required

	Name (string) or Name (null) (Name)
	Description (string) or Description (null) (Description)

Responses

Request samples

Payload

Content type

application/json

{"name": "Turia",
"description": "Organization managing IAM and access settings"
}

Response samples

202
403
422

Content type

application/json

null

Update access control settings

Authorizations:

OAuth2

Request Body schema: application/json
required

status	boolean (Status)
enforce_mfa	boolean (Enforce Mfa)

Responses

Request samples

Payload

Content type

application/json

{"status": true,
"enforce_mfa": true
}

Response samples

200
403
422

Content type

application/json

{"name": "Turia",
"description": "Organization managing IAM and access settings",
"tenant_id": "8e4f75f4-4298-49e7-87c9-652178c0ecd0",
"enabled": true,
"enforce_mfa": true
}

Permissions

Operations with permissions, including listing all available permissions.

Get Products And Permissions

Authorizations:

OAuth2

query Parameters

	Product Name (string) or Product Name (null) (Product Name)
	Partial Match (boolean) or Partial Match (null) (Partial Match) Default: false
	Case Sensitive (boolean) or Case Sensitive (null) (Case Sensitive) Default: true

Responses

Response samples

200
403
422

Content type

application/json

[{"id": "string",
"name": "string",
"permissions": [{"id": "string",
"name": "string",
"description": "string"
}
]
}
]

Roles

Operations with roles, including creation, listing, deletion, permission management, and member listing.

Retrieve roles

Authorizations:

OAuth2

query Parameters

role_name

string

Example: role_name=editor

Optional role name to filter results

Responses

Response samples

200
403
422

Content type

application/json

[{"name": "financeiro",
"description": "Papel com responsabilidade de leitura de dados de faturamento",
"origin": "default"
}
]

Create a new role

Authorizations:

OAuth2

Request Body schema: application/json
required

name required	string (Name)
description	string (Description)
permissions	Array of strings (Permissions) Default: []
based_role	string (Based Role)

Responses

Request samples

Payload

Content type

application/json

{"name": "manager",
"description": "Role with administrative privileges for managing users",
"permissions": ["turia_iam_editor"
],
"based_role": "editor"
}

Response samples

201
400
403

Content type

application/json

{"name": "financeiro",
"description": "Papel com responsabilidade de leitura de dados de faturamento",
"origin": "default"
}

Delete a role

Authorizations:

OAuth2

path Parameters

role_name

required

string (Role Name)

Responses

Response samples

403
422

Content type

application/json

{"origin": "permissionsAPI",
"permission": "turia_iam_editor",
"product": "turiaiam",
"message": "User action not authorized for permission turia_iam_editor"
}

Retrieve permissions of a role

Authorizations:

OAuth2

path Parameters

role_name

required

string (Role Name)

Responses

Response samples

200
403
422

Content type

application/json

{"name": "manager",
"description": "Role with administrative privileges for managing users",
"origin": "custom",
"permissions": ["turia_iam_editor"
]
}

Update role permissions

Authorizations:

OAuth2

path Parameters

role_name

required

string (Role Name)

Example: manager

Name of the role to update

Request Body schema: application/json
required

add	Array of strings (Add) Default: []
remove	Array of strings (Remove) Default: []

Responses

Request samples

Payload

Content type

application/json

{"add": ["turia_iam_adm"
],
"remove": ["turia_iam_editor"
]
}

Response samples

200
403
422

Content type

application/json

[{"name": "financeiro",
"description": "Papel com responsabilidade de leitura de dados de faturamento",
"origin": "default"
}
]

Retrieve members of a role

Authorizations:

OAuth2

path Parameters

role_name

required

string (Role Name)

Responses

Response samples

200
403
422

Content type

application/json

[{"member_uuid": "a4bddb3f-0acf-4981-bb85-03feb4ee0d08",
"name": "John Doe",
"email": "john.doe@example.com",
"member_role": "administrator",
"profile_image_url": "https://example.com/profile.jpg",
"roles": ["editor"
]
}
]

Service-Accounts

Operations with service accounts, including creation, listing, editing, deletion, and management of their API keys.

Retrieve service accounts

Authorizations:

OAuth2

Responses

Response samples

200
403

Content type

application/json

[{"uuid": "d4f3a9c2-1b8a-4e6b-b5a1-9f2d3e7c4b1a",
"name": "Analytics Engine",
"description": "Service account for analytics pipelines",
"email": "analytics.engine.001@company.example.com",
"tenant": {"uuid": "f1a2b3c4-5678-90ab-cdef-1234567890ab",
"legal_name": "Example Corp Ltda"
}
}
]

Create service account

Authorizations:

OAuth2

Request Body schema: application/json
required

name required	string (Name)
description required	string (Description)
email required	string <email> (Email)

Responses

Request samples

Payload

Content type

application/json

{"name": "Analytics Engine",
"description": "Service account for analytics pipelines",
"email": "analytics.engine.001@company.example.com"
}

Response samples

201
403
422

Content type

application/json

{"uuid": "d4f3a9c2-1b8a-4e6b-b5a1-9f2d3e7c4b1a",
"name": "Analytics Engine",
"description": "Service account for analytics pipelines",
"email": "analytics.engine.001@company.example.com",
"tenant": {"uuid": "f1a2b3c4-5678-90ab-cdef-1234567890ab",
"legal_name": "Example Corp Ltda"
}
}

Remove service account

Authorizations:

OAuth2

path Parameters

sa_uuid

required

string <uuid> (Service Account Uuid)

Example: d4f3a9c2-1b8a-4e6b-b5a1-9f2d3e7c4b1a

Responses

Response samples

403
404
422

Content type

application/json

{"origin": "permissionsAPI",
"permission": "turia_iam_editor",
"product": "turiaiam",
"message": "User action not authorized for permission turia_iam_editor"
}

Update service account

Authorizations:

OAuth2

path Parameters

sa_uuid

required

string <uuid> (Service Account Uuid)

Example: d4f3a9c2-1b8a-4e6b-b5a1-9f2d3e7c4b1a

Request Body schema: application/json
required

	Name (string) or Name (null) (Name)
	Description (string) or Description (null) (Description)

Responses

Request samples

Payload

Content type

application/json

{"name": "Analytics Engine",
"description": "Service account for analytics pipelines"
}

Response samples

200
403
404
422

Content type

application/json

{"uuid": "d4f3a9c2-1b8a-4e6b-b5a1-9f2d3e7c4b1a",
"name": "Analytics Engine",
"description": "Service account for analytics pipelines",
"email": "analytics.engine.001@company.example.com",
"tenant": {"uuid": "f1a2b3c4-5678-90ab-cdef-1234567890ab",
"legal_name": "Example Corp Ltda"
}
}

Create API key for service account

Authorizations:

OAuth2

path Parameters

sa_uuid

required

string <uuid> (Service Account Uuid)

Example: d4f3a9c2-1b8a-4e6b-b5a1-9f2d3e7c4b1a

Request Body schema: application/json
required

name required	string (Name)
	Description (string) or Description (null) (Description)
	Array of Scopes (strings) or Scopes (null) (Scopes) Default: []

Responses

Request samples

Payload

Content type

application/json

{"name": "Analytics Key",
"description": "Key for accessing analytics service",
"scopes": ["iam:read"
]
}

Response samples

201
403
404
422

Content type

application/json

{"uuid": "e8a77a53-ea0b-49a7-9f8d-a7116a800df5",
"name": "Analytics Key",
"description": "Key for accessing analytics service",
"key_pair_id": "be88e4f8-24ac-4cab-a59d-42cfdc02cbe7",
"key_pair_secret": "8b4c58bc-d905-435b-8cd0-05bf4b150d52",
"scopes": ["iam:read"
],
"scopes_pending_approval": ["iam:write"
],
"start_validity": "string",
"end_validity": "string",
"revoked_at": "string",
"revoked_by": "string",
"api_key": "eeac0a24-9948-4e92-b5d4-0aa2ea91d539"
}

Get API keys for a service account

Authorizations:

OAuth2

path Parameters

sa_uuid

required

string <uuid> (Sa Uuid)

Example: 8cf19575-674c-4bb0-b5c7-4dde54923183

query Parameters

APIKeyStatusEnum (string) or Status (null) (Status)

Responses

Response samples

200
403
422

Content type

application/json

[{"uuid": "e8a77a53-ea0b-49a7-9f8d-a7116a800df5",
"name": "Analytics Key",
"description": "Key for accessing analytics service",
"key_pair_id": "be88e4f8-24ac-4cab-a59d-42cfdc02cbe7",
"key_pair_secret": "8b4c58bc-d905-435b-8cd0-05bf4b150d52",
"scopes": ["iam:read"
],
"scopes_pending_approval": ["iam:write"
],
"start_validity": "string",
"end_validity": "string",
"revoked_at": "string",
"revoked_by": "string",
"api_key": "eeac0a24-9948-4e92-b5d4-0aa2ea91d539"
}
]

Revoke an API key for a service account

Authorizations:

OAuth2

path Parameters

sa_uuid required	string <uuid> (Sa Uuid) Example: 8cf19575-674c-4bb0-b5c7-4dde54923183
apikey_uuid required	string <uuid> (Apikey Uuid) Example: e8a77a53-ea0b-49a7-9f8d-a7116a800df5

Responses

Response samples

403
422

Content type

application/json

{"origin": "permissionsAPI",
"permission": "turia_iam_editor",
"product": "turiaiam",
"message": "User action not authorized for permission turia_iam_editor"
}

Update API key

Authorizations:

OAuth2

path Parameters

sa_uuid required	string <uuid> (Sa Uuid) Example: 8cf19575-674c-4bb0-b5c7-4dde54923183
apikey_uuid required	string <uuid> (Apikey Uuid) Example: e8a77a53-ea0b-49a7-9f8d-a7116a800df5

Request Body schema: application/json
required

	Name (string) or Name (null) (Name)
	Description (string) or Description (null) (Description)
	Array of Scopes (strings) or Scopes (null) (Scopes) Default: []

Responses

Request samples

Payload

Content type

application/json

{"name": "My API Key",
"description": "API key for automation tasks",
"scopes": ["iam:read"
]
}

Response samples

200
403
422

Content type

application/json

{"uuid": "e8a77a53-ea0b-49a7-9f8d-a7116a800df5",
"name": "Analytics Key",
"description": "Key for accessing analytics service",
"key_pair_id": "be88e4f8-24ac-4cab-a59d-42cfdc02cbe7",
"key_pair_secret": "8b4c58bc-d905-435b-8cd0-05bf4b150d52",
"scopes": ["iam:read"
],
"scopes_pending_approval": ["iam:write"
],
"start_validity": "string",
"end_validity": "string",
"revoked_at": "string",
"revoked_by": "string",
"api_key": "eeac0a24-9948-4e92-b5d4-0aa2ea91d539"
}

Scopes

Operations with scopes, including listing all available API scopes.

List scope groups, products, and scopes

Authorizations:

OAuth2

Responses

Response samples

200
403

Content type

application/json

[{"uuid": "c5457157-4359-44d7-a0ed-188362c91013",
"name": "Magalu Cloud",
"api_products": [{"uuid": "1dcfa8ce-4576-4944-a4fe-a0ca1f2f455d",
"name": "API Product CMS",
"scopes": [{"uuid": "28beb8a2-9d99-44db-8fb7-5b724eac79a2",
"name": "cms:cloud-product-management:write",
"title": "Write permission for cloud product management"
}
]
}
]
}
]

Invitations

Operations with invitations, including sending, resending, canceling, and listing organization invites.

Retrieve all invitations for the organization

Authorizations:

OAuth2

query Parameters

InviteStatusEnum (string) or Status (null) (Status)

Responses

Response samples

200
403
422

Content type

application/json

[{"id": "9f1c2d3e-4567-89ab-cdef-1234567890ab",
"email": "john.doe@example.com",
"status": "pending",
"profile": "employee"
}
]

Cancel an existing invitation

Authorizations:

OAuth2

path Parameters

invite_id

required

string (Invite Id)

Responses

Response samples

403
422

Content type

application/json

{"origin": "permissionsAPI",
"permission": "turia_iam_editor",
"product": "turiaiam",
"message": "User action not authorized for permission turia_iam_editor"
}

Resend an existing invitation to a member

Authorizations:

OAuth2

path Parameters

invite_id

required

string (Invite Id)

Responses

Response samples

200
403
422

Content type

application/json

{ }

Groups

Operations with groups, including creation, listing, updating, deletion, and management of group members.

List groups for the organization

List groups for the authenticated user. PF (Pessoa Física) returns groups with profile and email. PJ (Pessoa Jurídica) returns groups with email but without profile.

Authorizations:

OAuth2

query Parameters

Email (string) or Email (null) (Email)

Example: email=group@example.com

Responses

Response samples

200
403
422

Content type

application/json

Example

PFGroupListResponse

{"items": [{"id": "b3c4d5e6-7890-12ab-cdef-1234567890ab",
"name": "Finance Team",
"description": "Group for the finance department",
"email": "finance-team@company.example.com",
"profile": "administrator"
}
]
}

Create a new group

Authorizations:

OAuth2

Request Body schema: application/json
required

identifier required	string (Identifier)
name required	string (Name)
	Description (string) or Description (null) (Description)

Responses

Request samples

Payload

Content type

application/json

{"identifier": "finance-team",
"name": "Finance Team",
"description": "Group for the finance department"
}

Response samples

201
403
422

Content type

application/json

{"id": "b3c4d5e6-7890-12ab-cdef-1234567890ab",
"name": "Finance Team",
"description": "Group for the finance department",
"email": "finance-team@company.example.com"
}

Update a group description

Authorizations:

OAuth2

path Parameters

group_id

required

string (Group Id)

Example: a1b2c3d4-5678-90ab-cdef-1234567890ab

Request Body schema: application/json
required

	Description (string) or Description (null) (Description)
Any of string (Description)

Responses

Request samples

Payload

Content type

application/json

{"description": "Updated group description"
}

Response samples

200
403
422

Content type

application/json

{"id": "b3c4d5e6-7890-12ab-cdef-1234567890ab",
"name": "Finance Team",
"description": "Group for the finance department",
"email": "finance-team@company.example.com"
}

Delete a group

Authorizations:

OAuth2

path Parameters

group_id

required

string (Group Id)

Example: a1b2c3d4-5678-90ab-cdef-1234567890ab

Responses

Response samples

403
422

Content type

application/json

{"origin": "permissionsAPI",
"permission": "turia_iam_editor",
"product": "turiaiam",
"message": "User action not authorized for permission turia_iam_editor"
}

List members of a group with pagination

List members of a group with pagination (max 20 per page).

Authorizations:

OAuth2

path Parameters

group_id

required

string (Group Id)

Example: a1b2c3d4-5678-90ab-cdef-1234567890ab

query Parameters

page	integer (Page) >= 1 Default: 1 Example: page=1 Page number
per_page	integer (Per Page) [ 1 .. 20 ] Default: 20 Example: per_page=20 Items per page (max 20)

Responses

Response samples

200
403
422

Content type

application/json

{"items": [{"group_id": "a1b2c3d4-5678-90ab-cdef-1234567890ab",
"member_id": "550e8400-e29b-41d4-a716-446655440000",
"profile": "administrator",
"email": "john.doe@example.com",
"name": "John Doe"
}
],
"meta": {"page": 1,
"per_page": 20,
"total_pages": 5,
"total_items": 100
}
}

Add a member to a group

Authorizations:

OAuth2

path Parameters

group_id

required

string (Group Id)

Example: a1b2c3d4-5678-90ab-cdef-1234567890ab

Request Body schema: application/json
required

member_id required	string (Member Id)
profile required	string (Profile)

Responses

Request samples

Payload

Content type

application/json

{"member_id": "550e8400-e29b-41d4-a716-446655440000",
"profile": "administrator"
}

Response samples

201
403
422

Content type

application/json

{"group_id": "a1b2c3d4-5678-90ab-cdef-1234567890ab",
"member_id": "550e8400-e29b-41d4-a716-446655440000",
"profile": "administrator",
"email": "john.doe@example.com",
"name": "John Doe"
}

Update a member's profile in a group

Authorizations:

OAuth2

path Parameters

group_id required	string (Group Id) Example: a1b2c3d4-5678-90ab-cdef-1234567890ab
member_id required	string (Member Id) Example: 550e8400-e29b-41d4-a716-446655440000

Request Body schema: application/json
required

profile

required

string (Profile)

Responses

Request samples

Payload

Content type

application/json

{"profile": "employee"
}

Response samples

200
403
422

Content type

application/json

{"group_id": "a1b2c3d4-5678-90ab-cdef-1234567890ab",
"member_id": "550e8400-e29b-41d4-a716-446655440000",
"profile": "administrator",
"email": "john.doe@example.com",
"name": "John Doe"
}

Remove a member from a group

Authorizations:

OAuth2

path Parameters

group_id required	string (Group Id) Example: a1b2c3d4-5678-90ab-cdef-1234567890ab
member_id required	string (Member Id) Example: 550e8400-e29b-41d4-a716-446655440000

Responses

Response samples

403
422

Content type

application/json

{"origin": "permissionsAPI",
"permission": "turia_iam_editor",
"product": "turiaiam",
"message": "User action not authorized for permission turia_iam_editor"
}

Turia IAM API Product (1.1.0)

Healthcheck

Check API status

Responses

Response samples

Members

Returns a list of members of the organization

Authorizations:

query Parameters

Responses

Response samples

Add a member to the organization or send an invite if the member does not have an account

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Removes a member from the organization using their UUID

Authorizations:

path Parameters

Responses

Response samples

Retrieve grants assigned to a member

Authorizations:

path Parameters

Responses

Response samples

Add or remove roles and permissions for a member

Authorizations:

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Add or remove roles and permissions for multiple members at once

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Access-Control

Retrieve access control settings

Authorizations:

Responses

Response samples

Create access control

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Update access control settings

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Permissions

Get Products And Permissions

Authorizations:

query Parameters

Responses

Response samples

Roles

Retrieve roles

Authorizations:

query Parameters

Responses

Response samples

Create a new role

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Delete a role

Authorizations:

path Parameters

Responses

Response samples

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required