This summary provides YOUnite’s complete set of allowable permissions.
-
For a full description of how permissions work with zones, groups and roles see the Zones, Users, Groups, Roles and Permissions guide.
-
The UI Permissions guide describes how permissions are applied to enable and disable UI components.
-
The YOUnite API Documentation is the definitive guide for all YOUnite API resource endpoints.
Permission, Wildcards and Resource Criteria
In the YOUnite UI, permissions are described using the following format:
Resource [Resource-Criteria]-
The
Resource-Criteriais not used on all resources. -
Resource-Criteriais described in the following table:
path variable |
uuid |
A specific identifier for a resource that is typically a UUID. For example, if a resource contains |
? |
ANY |
Wildcard for any resource at the current API endpoint. For example, |
* |
ALL |
Wildcard for ANY resource and ALL API resource endpoints beneath the current API endpoint. For example, |
Permissions
| Resource | Action | Description | Resource URI |
|---|---|---|---|
ACL Evaluator |
POST |
Mocks a data event Given a request body containing a mock federated data change to run through the ACL engine, this will return a manifest of the: * Messages which will be sent out to various adaptors, and what data will be included in those messages * The relevant ACL entries that were applied to the data event Valid request body values:
* ACL entries returned in the |
/zones/{zoneUuid}/acls/dry-run |
ACL Metrics |
GET |
Gets metrics for the zone’s inbound & outbound ACLs |
/zones/{zoneUuid}/acls/metrics |
API Endpoint Resources |
GET |
Gets the list of resources the API consumer can access |
/resources |
Access Tokens |
GET |
Gets the full token information for the current user based upon the bearer token in the authorization header. |
/token |
Adaptor |
GET |
Gets a specific adaptor Optionally, the count of linked data records can be included with the "include-linkages" option, ie: GET /zones/{zone uuid}/adaptors/{adaptor uuid}?options=include-linkages:true |
/zones/{zoneUuid}/adaptors/{adaptorUuid} |
Adaptor |
PUT |
Updates the specified adaptor’s configuration. Overwrites the name, description, capabilities, metadata, etc and replaces them with the supplied values. The state of the adaptor may be updated by passing in PLAY, PAUSE or REFRESH_STATE in the state field. If state is not supplied, no change will be made to the adaptor’s state. The active or inactive status of the adaptor may be updated by passing true or false in the status field. If no status is supplied, the status will not be changed. |
/zones/{zoneUuid}/adaptors/{adaptorUuid} |
Adaptor |
PATCH |
Updates the specified adaptor’s configuration. Only those values supplied will be updated in the adaptor’s configuration. The state of the adaptor may be updated by passing in PLAY, PAUSE or REFRESH_STATE in the state field. If state is not supplied, no change will be made to the adaptor’s state. The active or inactive status of the adaptor may be updated by passing true or false in the status field. If no status is supplied, the status will not be changed. |
/zones/{zoneUuid}/adaptors/{adaptorUuid} |
Adaptor |
DELETE |
Deletes the specified adaptor. If force is not set to true, the adaptor is set as inactive instead. To re-activate an inactivated adaptor, use the PATCH endpoint to change "active" back to true. Examples: DELETE /zones/{zoneUuid}/adaptors/{adaptorUuid} (soft delete, sets active to "false") DELETE /zones/{zoneUuid}/adaptors/{adaptorUuid}?force=true (hard delete) |
/zones/{zoneUuid}/adaptors/{adaptorUuid} |
Adaptor Type |
GET |
Gets the specified adaptorType entity identified by adaptor-type-uuid. |
/adaptor-types/{adaptorTypeUuid} |
Adaptor Type |
PUT |
Updates the specified adaptorType entity identified by adaptor-type-uuid. |
/adaptor-types/{adaptorTypeUuid} |
Adaptor Type |
PATCH |
Updates the specified adaptorType entity identified by adaptor-type-uuid. |
/adaptor-types/{adaptorTypeUuid} |
Adaptor Type |
DELETE |
Removes the specified adaptorType entity identified by adaptor-type-uuid. |
/adaptor-types/{adaptorTypeUuid} |
Adaptor Types |
GET |
Gets all adaptor types entities |
/adaptor-types |
Adaptor Types |
POST |
Creates a new adaptor type entity |
/adaptor-types |
Adaptor’s Health |
GET |
Gets the specified adaptor’s health data |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/health |
Adaptor’s Metrics |
GET |
Gets the specified adaptor’s metrics data By default, the adaptor’s zone is used to break down metrics by day / month. To use a different zone, specify the name of the zone in the options, ie: GET /zones/…/adaptors/…/metrics?options=zone:UTC |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/metrics |
Adaptor’s Queue |
GET |
Gets the specified adaptor’s queue attributes |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/queue |
Adaptor’s Registration Information |
GET |
Gets the specified adaptor’s registration data |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/registration |
Adaptor’s Shutdown Code |
GET |
Gets the specified adaptor’s shutdown code |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/shutdown-code |
Adaptors |
GET |
Gets a list of adaptors in the zone. Results can be filtered by By default only active adaptors are shown. To include inactivate adaptors use the Optionally, the count of linked data records can be included with the This endpoint uses pagination and sorting: |
/zones/{zoneUuid}/adaptors |
Adaptors |
POST |
Creates and registers a new adaptor entity |
/zones/{zoneUuid}/adaptors |
Adaptors Capable of Domain Version |
GET |
Get the capable adaptors for a given action (GET, PUT, POST or DELETE) for a data domain version and return if the zone has permission to the adaptor. |
/zones/{zoneUuid}/capable-adaptors/{domainVersionUuid} |
Bulk Data Record Import |
POST |
Create a bulk data import for a given domain version. The filter parameter is required and must include the domain name and version e.g. ?filters=name:customers,version:1 NOTE - by default the maximum file size is 10MB. |
/drs/bulk |
Child Zones |
GET |
Get a list of child zones of a zone |
/zones/{zoneUuid}/child-zones |
Child Zones |
POST |
Add a child zone |
/zones/{zoneUuid}/child-zones |
Data Domain |
GET |
Gets the specified data domain entity |
/domains/{domainUuid} |
Data Domain |
PUT |
Update a data domain |
/domains/{domainUuid} |
Data Domain |
PATCH |
Update a data domain |
/domains/{domainUuid} |
Data Domain Version |
GET |
Gets a data domain version entity With no queryParams, this will return the default version of the domain specified by {uuid}. filters allowed: version - return the specific version if the value is 1+, or ALL if the value is omitted. version:0 means the default version. |
/domains/{domainUuid}/versions |
Data Domain Version |
GET |
Gets a specified Domain Version entity |
/domains/{domainUuid}/versions/{domainVersionUuid} |
Data Domain Version |
GET |
Gets a specified Domain Version entity |
/domains/versions/{domainVersionUuid} |
Data Domain Version |
POST |
Creates a new data domain version The domain must include a model and a name, or the UUID of the domain. The first version is set to The first version is the default, until changed via a PATCH to the domain endpoint. Optionally, instead of attempting to save the domain version, validation can be performed by adding validate-only=true to the request, ie POST /domains/<domain-uuid>/versions?validate-only=true The response will include the validated domain version entry, but it will not be saved, or if the domain version is not valid, errors will be returned. |
/domains/{domainUuid}/versions |
Data Domain Version |
PUT |
Updates the specified domain version entity Updates specified by the UUID and/or the description, if found, by overwriting what is in the database with the content of the body. The changeVersion needs to be the same as what is in the database for this to succeed and is a required property of the body. Optionally, instead of attempting to save the domain version, validation can be performed by adding validate-only=true to the request, ie PUT /domains/<domain-uuid>/versions/<domain-version-uuid>?validate-only=true The response will include the validated domain version entry, but it will not be saved, or if the domain version is not valid, errors will be returned. |
/domains/{domainUuid}/versions/{domainVersionUuid} |
Data Domain Version |
PUT |
Updates the specified domain version entity Updates specified by the UUID and/or the description, if found, by overwriting what is in the database with the content of the body. The changeVersion needs to be the same as what is in the database for this to succeed and is a required property of the body. Optionally, instead of attempting to save the domain version, validation can be performed by adding validate-only=true to the request, ie PUT /domains/versions/<domain-version-uuid>?validate-only=true The response will include the validated domain version entry, but it will not be saved, or if the domain version is not valid, errors will be returned. |
/domains/versions/{domainVersionUuid} |
Data Domain Version |
PATCH |
Add a property to a domain version model
Add a property (type URI, int, long or string) to a domain version’s model schema and optionally load the corresponding
data values (in the This feature is provided to accommodate situations where domains depend on each other and the data values for one domain version cannot be completed until the data values for another domain version have been loaded (the "chicken or egg" problem). For example: 1. A "state" domain version requires a reference to a "country" and the "country" domain version needs a references back to "state" 2. The "state" domain version can be created and the data POSTed without the reference to "country" 3. The "country" domain version can be created with a reference to "state" 4. The data for "country" can be loaded with the appropriate "state" references 5. With PATCH the "state" domain’s model schema can be updated with a reference to "country" and the "state" data can be updated with the required references to "country" |
/domains/{domainUuid}/versions/{domainVersionUuid} |
Data Domain Version |
PATCH |
Add a property to a domain version model
Add a property (type URI, int, long or string) to a domain version’s model schema and optionally load the corresponding
data values (in the For example: 1. A "state" domain version requires a reference to a "country" and the "country" domain version needs a references back to "state" 2. The "state" domain version can be created and the data POSTed without the reference to "country" 3. The "country" domain version can be created with a reference to "state" 4. The data for "country" can be loaded with the appropriate "state" references 5. With PATCH the "state" domain’s model schema can be updated with a reference to "country" and the "state" data can be updated with the required references to "country" |
/domains/versions/{domainVersionUuid} |
Data Domain Versions |
GET |
Gets all active domain versions With no queryParams, this will return all active domain versions. filtersable properties: version - return the specific version. if 0 is specified, the default version is returned. name - the name of the domain fieldsable properties: specifies the subset of fields to be returned as the response for each domain. Examples: GET /domains/versions - get all versions of all domains GET /domains/versions?filters=name:customer - get all versions of the domain "customer" GET /domains/versions?filters=name:customer,version:2 - get version 2 of the domain "customer" GET /domains/versions?filters=name:customer,version:0 - get the default version of the domain "customer" |
/domains/versions |
Data Domains |
GET |
Gets all data domains visible to the caller. |
/domains |
Data Domains |
POST |
Create a new data domain. The domainType can be either FEDERATED or YOUNITE_DATA_STORE (default). |
/domains |
Data Events associated with a Data Record |
GET |
Get data events for a Data Record by searching Elasticsearch records |
/drs/{drUuid}/data-events |
Data Issue in a Zone |
GET |
Get a Data Issue |
/zones/{zoneUuid}/issues/{issueUuid} |
Data Issue in a Zone |
PUT |
Update a Data Issue |
/zones/{zoneUuid}/issues/{issueUuid} |
Data Issue in a Zone |
PATCH |
Update a Data Issue |
/zones/{zoneUuid}/issues/{issueUuid} |
Data Issue in a Zone |
DELETE |
Delete a Data Issue |
/zones/{zoneUuid}/issues/{issueUuid} |
Data Issue in an Adaptor |
GET |
Get a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/issues/{issueUuid} |
Data Issue in an Adaptor |
PUT |
Update a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/issues/{issueUuid} |
Data Issue in an Adaptor |
PATCH |
Update a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/issues/{issueUuid} |
Data Issue in an Adaptor |
DELETE |
Delete a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/issues/{issueUuid} |
Data Issue in an Adaptor’s Domain Version |
GET |
Get a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/domains/{domainUuid}/versions/{domainVersionUuid}/issues/{issueUuid} |
Data Issue in an Adaptor’s Domain Version |
PUT |
Update a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/domains/{domainUuid}/versions/{domainVersionUuid}/issues/{issueUuid} |
Data Issue in an Adaptor’s Domain Version |
PATCH |
Update a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/domains/{domainUuid}/versions/{domainVersionUuid}/issues/{issueUuid} |
Data Issue in an Adaptor’s Domain Version |
DELETE |
Delete a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/domains/{domainUuid}/versions/{domainVersionUuid}/issues/{issueUuid} |
Data Issues in a Zone |
GET |
Get a page of issues for the given Zone. filtersable options: type = Only type GENERAL is supported match-status = Applicable to data event exceptions only. RESOLVED, AMBIGUOUS, PRESUMED_NEW or PRESUMED_MATCH. Multiple values can be separated by a colon. If not specified all entries are included. exceptions = Applicable to data event exceptions only. PARSING, MATCHING, ADAPTOR or OTHER. Multiple values can be separated by a colon. If not specified all entries are included. status = OPEN or CLOSED. If not specified, all statuses are included. dr-uuid = Data Record UUID domain-version = Domain Version UUID adaptor = Adaptor UUID NOTE: There are many types of data issues and not all filter options apply to all data event types. Examples: GET …/issues?filters=status:OPEN GET …/issues?filters=type:DATA_EVENT_EXCEPTION,match-status:AMBIGUOUS:PRESUMED_NEW:PRESUMED_MATCH,domain-version:5a5bc628-ee6f-4df3-8aca-5510bfb8d70f,adaptor=c38b5025-52d6-47c3-9a95-9ad228dd4e6b,exceptions:PARSING:MATCHING,status:OPEN Sorting options: Any top-level property in the result can be sorted on, such as uuid, dateCreated, lastUpdated, status, etc as well as any attribute in adaptor, ie adaptor.uuid, adaptor.name, etc Examples: GET …/issues?sort=issuePriority,title GET …/issues?sort=type:DATA_EVENT_EXCEPTION,adaptor.name,domainVersion.domain.name,domainVersion.versionNumber,-lastUpdated |
/zones/{zoneUuid}/issues |
Data Issues in an Adaptor |
GET |
Get a page of issues for the given Adaptor. filtersable options: match-status = Applicable to data event exceptions only. RESOLVED, AMBIGUOUS, PRESUMED_NEW or PRESUMED_MATCH. Multiple values can be separated by a colon. If not specified all entries are included. exceptions = Applicable to data event exceptions only. PARSING, MATCHING, ADAPTOR or OTHER. Multiple values can be separated by a colon. If not specified all entries are included. status = OPEN or CLOSED. If not specified all entries are included. dr-uuid = DR UUID domain-version = Domain Version UUID Ex: GET …/issues?filters=match-status:AMBIGUOUS:PRESUMED_NEW:PRESUMED_MATCH,domain-version:5a5bc628-ee6f-4df3-8aca-5510bfb8d70f,exceptions:MATCHING:PARSING,status:OPEN Sorting options: Any top-level property in the result can be sorted on, such as uuid, dateCreated, lastUpdated, status, etc as well as any attribute in adaptor, ie adaptor.uuid, adaptor.name, etc Ex: GET …/issues?sort=-lastUpdated |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/issues |
Data Issues in an Adaptor’s Domain Version |
GET |
Get a page of issues for the given Domain Version of an Adaptor. filtersable options: match-status = Applicable to data event exceptions only. RESOLVED, AMBIGUOUS, PRESUMED_NEW or PRESUMED_MATCH. Multiple values can be separated by a colon. If not specified all entries are included. exceptions = Applicable to data event exceptions only. PARSING, MATCHING, ADAPTOR or OTHER. Multiple values can be separated by a colon. If not specified all entries are included. status = OPEN or CLOSED. If not specified all entries are included. dr-uuid = DR UUID Ex: GET …/issues?filters=match-status:AMBIGUOUS:PRESUMED_NEW:PRESUMED_MATCH,exceptions:PARSING:MATCHING,status:OPEN Sorting options: Any top-level property in the result can be sorted on, such as uuid, dateCreated, lastUpdated, status, etc as well as any attribute in adaptor, ie adaptor.uuid, adaptor.name, etc Ex: GET …/issues?sort=matchStatus,-lastUpdated |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/domains/{domainUuid}/versions/{domainVersionUuid}/issues |
Data Record |
GET |
Gets a specified Data Record entity Gets a specified Data Record entity specified by {drUuid}. The following filters are available: adaptor = Filter on a specific adaptor (applicable to FEDERATED records only) Example: GET /drs/<dr-uuid>?filters=adaptor:<adaptor-uuid> The following options are available: refs = Include the href of each data record (applicable to YOUNITE_DATA_STORE records only) expandRefs = Expend references to other DRs (applicable to YOUNITE_DATA_STORE records only) includeJson = Include JSON of data record (applicable to YOUNITE_DATA_STORE records only) Example: GET /drs/<dr-uuid>?options=refs:true,expandRefs:true,includeJson:true |
/drs/{drUuid} |
Data Record |
PATCH |
Updates a Data Record entity (DR) The DR is identified by {uuid} with the provided changes to field values. This can be applied only to domain versions of type YOUNITE_DATA_STORE. |
/drs/{drUuid} |
Data Record |
DELETE |
Deletes a Data Record (DR) entity
Delete a Data Record (DR) entityidentified by {uuid}.
YOUNITE_DATA_STORE
If the user has permission to the endpoint, the request will remove a DR if the DR is of data domain type YOUNITE_DATA_STORE.
FEDERATED
If the DR is a FEDERATED data domain type, it will attempt to delete source entries at source adaptors and
their corresponding adaptor-to-domain-entry links internal to the YOUnite api server.
A request can be made to delete DR source entries at specific adaptors and their coresponding adaptor-to-domain-entry
links by using the If the API consumer doesn’t have access (inbound or outbound ACLs), then the request will fail with an UNAUTHORIZED. If the SSO id associated with the API consumer belongs to multiple zones, then the zone UUID for which the request is being made under must be supplied. The difference between specifying and not specifying adaptor UUIDs is:
- |
/drs/{drUuid} |
Data Record Assigned to an Inbound ACL |
DELETE |
Removes the specified data record from an inbound ACL |
/zones/{zoneUuid}/inbound-acls/{inboundAclUuid}/drs/{drUuid} |
Data Record Assigned to an Outbound ACL |
DELETE |
Removes a specified data record from an outbound ACL |
/zones/{zoneUuid}/outbound-acls/{outboundAclUuid}/drs/{drUuid} |
Data Records |
GET |
Gets paginated Data Record entities (DRs). |
See [Accessing Data Records](https://younite.us/resources/Accessing-Data-Records.html). |
/drs |
Data Records |
POST |
Adds a data record entity (DR) to a given data domain version. Add a data record to the domain identified by the NAME property in the JSON body. If a VERSION property is also provided, the data record (DR) will post to that specific version of the domain. If no VERSION property is provided, the DEFAULT version of the domain will be used for posting DR data to. |
/drs |
Data Records Assigned to an Inbound ACL |
GET |
Gets all data records restricted by the specified inbound ACL entry If the user has access to the GET /drs, full DR information will be returned, otherwise only UUIDs will be returned. For domains that use a matching algorithm the adaptor-uuid filter will need to be provided to show DR Key information at that adaptor for each DR. Filters: adaptor-uuid: UUID of the adaptor Examples: GET /zones/{uuid}/inbound-acls/{inboundAclUuid}/drs GET /zones/{uuid}/inbound-acls/{inboundAclUuid}/drs?filters=adaptor-uuid:db1568d3-20d1-43a4-a5f6-582162cce8ee DRs may also be filtered using lucene style query syntax, similar to how data records are retrieved. See [Accessing Data Records](https://younite.us/resources/Accessing-Data-Records.html) for more information on lucene query syntax. Example: GET /zones/{uuid}/inbound-acls/{inboundAclUuid}/drs?query=firstName:Steve |
/zones/{zoneUuid}/inbound-acls/{inboundAclUuid}/drs |
Data Records Assigned to an Inbound ACL |
POST |
Adds existing data records to an inbound ACL |
/zones/{zoneUuid}/inbound-acls/{inboundAclUuid}/drs |
Data Records Assigned to an Outbound ACL |
GET |
Gets all data records restricted by the specified outbound ACL entry If the user has access to the GET /drs, full DR information will be returned, otherwise only UUIDs will be returned. For domains that use a matching algorithm the adaptor-uuid filter will need to be provided to show DR Key information at that adaptor for each DR. Filters: adaptor-uuid: UUID of the adaptor Examples: GET /zones/{uuid}/outbound-acls/{outboundAclUuid}/drs GET /zones/{uuid}/outbound-acls/{outboundAclUuid}/drs?filters=adaptor-uuid:db1568d3-20d1-43a4-a5f6-582162cce8ee DRs may also be filtered using lucene style query syntax, similar to how data records are retrieved. See [Accessing Data Records](https://younite.us/resources/Accessing-Data-Records.html) for more information on lucene query syntax. Example: GET /zones/{uuid}/outbound-acls/{outboundAclUuid}/drs?query=firstName:Steve |
/zones/{zoneUuid}/outbound-acls/{outboundAclUuid}/drs |
Data Records Assigned to an Outbound ACL |
POST |
Add existing data records to an inbound ACL |
/zones/{zoneUuid}/outbound-acls/{outboundAclUuid}/drs |
Domain Version Property |
GET |
A domain version model schema property |
/domains/{domainUuid}/versions/{domainVersionUuid}/properties/{propertyUuid} |
Domain Version Property |
GET |
A domain version model schema property |
/domains/versions/{domainVersionUuid}/properties/{propertyUuid} |
Domain Version Property |
PATCH |
Updates the description of a domain version model schema property The schema property’s UUID can be retrieved using GET /domains/<uuid>/versions/<uuid>/properties. |
/domains/{domainUuid}/versions/{domainVersionUuid}/properties/{propertyUuid} |
Domain Version Property |
PATCH |
Updates the description of a domain version model schema property The schema property’s UUID can be retrieved using GET /domains/<uuid>/versions/<uuid>/properties. |
/domains/versions/{domainVersionUuid}/properties/{propertyUuid} |
Domain Version Property Catalog |
GET |
Gets the cataloged properties of the specified domain version |
/domains/{domainUuid}/versions/{domainVersionUuid}/properties |
Domain Version Property Catalog |
GET |
Gets the cataloged properties of the specified domain version |
/domains/versions/{domainVersionUuid}/properties |
Endpoint Metadata |
GET |
Get the metadata for API endpoints |
/endpoints |
Evaluate a Data Record at an Adaptor |
GET |
Checks if there is an adaptor-to-domain-entry link for a given DR Checks if there is an adaptor-to-domain-entry link for a given DR at an adaptor. If the link exists a 200 OK is returned and a 404 NOT FOUND if not. A NOT FOUND is not a definative result since the YOUnite api server makes no assumptions if a POST DR request sent to an adaptor was honored and does not create the adaptor-to-domain-entry link until the adaptor sends a data event to YOUnite api server for a given DR. For example: - Adaptor responding to a GET request. - PUT or POST data event request (sent from the adaptor to the YOUnite api server). |
/drs/{drUuid}/adaptor/{adaptorUuid}/check |
GraphQL Schema |
GET |
This will return the GraphQL schema |
/graphql-schema |
Group |
GET |
Gets the specified Group entity |
/zones/{zoneUuid}/groups/{groupUuid} |
Group |
PUT |
Updates a name and description of an existing Group |
/zones/{zoneUuid}/groups/{groupUuid} |
Group |
PATCH |
Updates a name and/or description of an existing Group |
/zones/{zoneUuid}/groups/{groupUuid} |
Group |
DELETE |
Deletes a specified Group |
/zones/{zoneUuid}/groups/{groupUuid} |
Group’s User |
DELETE |
Removes the specified Zone User from a Group |
/zones/{zoneUuid}/groups/{groupUuid}/users/{zoneUserUuid} |
Group’s Users |
GET |
Gets all Zone Users in the specified Group |
/zones/{zoneUuid}/groups/{groupUuid}/users |
Group’s Users |
POST |
Creates or replaces the list of Zone Users in the specified Group Zone users are identified by the array of uuids in the request body. |
/zones/{zoneUuid}/groups/{groupUuid}/users |
Groups |
GET |
Gets all Groups in the zone |
/zones/{zoneUuid}/groups |
Groups |
POST |
Creates a new Group |
/zones/{zoneUuid}/groups |
Inbound ACL |
GET |
Get an inbound ACL |
/zones/{zoneUuid}/inbound-acls/{inboundAclUuid} |
Inbound ACL |
PUT |
Update an inbound ACL in a zone. All values in the ACL are replaced with the exception of Passing null or For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/zones/{zoneUuid}/inbound-acls/{inboundAclUuid} |
Inbound ACL |
PATCH |
Update an inbound ACL in a zone. Only those non-null values in the payload will be used to update the ACL. If Passing For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/zones/{zoneUuid}/inbound-acls/{inboundAclUuid} |
Inbound ACL |
DELETE |
Delete an inbound ACL |
/zones/{zoneUuid}/inbound-acls/{inboundAclUuid} |
Inbound ACLs |
GET |
Get inbound ACLs in a zone |
/zones/{zoneUuid}/inbound-acls |
Inbound ACLs |
POST |
Creates one or more ACL entities in the inbound ACL chain for the zone. The return value(s) are the created ACL(s) in the same order as they were passed in. If Passing null or For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/zones/{zoneUuid}/inbound-acls |
Notification Registration |
DELETE |
Requests that the specified notification registration is deleted. Notifications are handled by a separate service and updates (put and delete) are performed asynchronously and will always return a 204 regardless of whether the operation was successful or not. However, the change can be verified by calling GET /notifications to see if the update was performed. |
/notifications/{notificationId} |
Notification Registrations |
GET |
Gets a list of Registrations for Notification for the current user. Notification registrations are maintained by the Auth or SSO user and are not linked to a particular zone. Registration information is retrieved from the notification server, by default waiting up to 30 seconds to retrieve a response. To override the timeout to wait, pass a value for the option timeout, i.e. GET /notifications?options=timeout:60. Notifications may be filtered on their type (WEB_HOOK or WEB_SOCKET). i.e. GET /notifications?filters=type:WEB_HOOK |
/notifications |
Notification Registrations |
PUT |
Create or modify a Notification Registration. Creating a Notification Registration adds it to the list of Notification Registrations for the current user. Notification Registrations are handled by a separate service and updates (put and delete) are performed asynchronously and will always return a 204 regardless of whether the operation was successful or not. However, the change can be verified by calling GET /notifications to see if the update was performed. |
/notifications |
Open ID Code |
GET |
Gets OpenID code back from Open ID login |
/openid/code |
Open ID Login Connection |
GET |
Redirects to Open ID Connect login page |
/openid/login |
Open ID Logout |
GET |
Redirects to Open ID Connect logout page |
/openid/logout |
Operational ACL |
GET |
Get an operational ACL |
/operational-acls/entries/{operationalAclUuid} |
Operational ACL |
PUT |
Update an operational ACL. All values in the ACL are replaced with the exception of Passing null or For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/operational-acls/entries/{operationalAclUuid} |
Operational ACL |
PATCH |
Update an operational ACL. Only those non-null values in the payload will be used to update the ACL. If Passing For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/operational-acls/entries/{operationalAclUuid} |
Operational ACL |
DELETE |
Delete an operational ACL |
/operational-acls/entries/{operationalAclUuid} |
Operational ACL Endpoint |
GET |
Get operational ACLs |
/operational-acls/entries |
Operational ACL Endpoint |
POST |
Creates one or more ACL entities in the operational ACL chain. The return value(s) are the created ACL(s) in the same order as they were passed in. If Passing null or For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/operational-acls/entries |
Operational ACL Evaluator |
POST |
Checks an existing ACL rule in the operational ACL chain This request merely checks if an existing ACL rule in the operational ACL chain will mask the ACL sent in the request body. By default ACLs are added to the front of the chain therefore, the <i>append</i> query parameter should be provided since checking if an ACL at the front of the chain will be masked is pointless. |
/operational-acls/check |
Operational ACL Metrics |
GET |
Return metrics for operational ACLs. |
/operational-acls/metrics |
Outbound ACL |
GET |
Get an outbound ACL |
/zones/{zoneUuid}/outbound-acls/{outboundAclUuid} |
Outbound ACL |
PUT |
Update an outbound ACL in a zone. All values in the ACL are replaced with the exception of Passing null or For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/zones/{zoneUuid}/outbound-acls/{outboundAclUuid} |
Outbound ACL |
PATCH |
Update an outbound ACL in a zone. Only those non-null values in the payload will be used to update the ACL. If Passing For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/zones/{zoneUuid}/outbound-acls/{outboundAclUuid} |
Outbound ACL |
DELETE |
Delete an outbound ACL |
/zones/{zoneUuid}/outbound-acls/{outboundAclUuid} |
Outbound ACLs |
GET |
Get outbound ACLs in a zone |
/zones/{zoneUuid}/outbound-acls |
Outbound ACLs |
POST |
Creates one or more ACL entities in the outbound ACL chain of the zone. The return value(s) are the created ACL(s) in the same order as they were passed in. If Passing null or For a more complete description on ACLs including default policies see [Governance](https://younite.us/resources/Governance.html). |
/zones/{zoneUuid}/outbound-acls |
Permissions for User |
GET |
Gets the caller’s API endpoint permission entities |
/permissions |
Permissions for User |
GET |
Gets the permissions for a given user by User UUID or SSO ID |
/permissions/{user} |
Permissions for User |
GET |
Gets permissions for a Zone User |
/zones/{zoneUuid}/users/{zoneUserUuid}/permissions |
Permissions for User |
GET |
Gets permissions for a Zone User with resource information |
/zones/{zoneUuid}/users/{zoneUserUuid}/resource-permissions |
Potential Matches for a Data Issue in a Zone |
GET |
Get potential matches of a data issue that indicates an ambiguous match. Filter options: dr-uuid: Data record UUID adaptor-uuid: Adaptor UUID min-score: Minimum score max-score: Maximum score Example: GET …/issues/{uuid}/matches?filters=min-score:10,max-score:20 |
/zones/{zoneUuid}/issues/{issueUuid}/matches |
Potential Matches for a Data Issue in an Adaptor |
GET |
Get potential matches of a data issue that indicates an ambiguous match. Filter options: dr-uuid: Data record UUID adaptor-uuid: Adaptor UUID min-score: Minimum score max-score: Maximum score Example: GET …/issues/{uuid}/matches?filters=min-score:10,max-score:20 |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/issues/{issueUuid}/matches |
Potential Matches for a Data Issue in an Adaptor’s Domain Version |
GET |
Get potential matches of a data issue that indicates an ambiguous match. Filter options: dr-uuid: Data record UUID adaptor-uuid: Adaptor UUID min-score: Minimum score max-score: Maximum score Example: GET …/issues/{uuid}/matches?filters=min-score:10,max-score:20' |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/domains/{domainUuid}/versions/{domainVersionUuid}/issues/{issueUuid}/matches |
Preferred Adaptors |
GET |
Gets a specified domain version adaptor preference settings |
/zones/{zoneUuid}/settings/domain-version-adaptor-preferences/{adaptorPreferenceUuid} |
Preferred Adaptors |
PUT |
Updates a specified domain preference setting |
/zones/{zoneUuid}/settings/domain-version-adaptor-preferences/{adaptorPreferenceUuid} |
Preferred Adaptors |
DELETE |
Deletes a domainVersion adaptor preference setting |
/zones/{zoneUuid}/settings/domain-version-adaptor-preferences/{adaptorPreferenceUuid} |
Preferred Adaptors for a Domain Version |
GET |
Gets all the domain version adaptor preference settings for the given zone Allows optional filtering by domainVersionUuid and preferenceType. |
/zones/{zoneUuid}/settings/domain-version-adaptor-preferences |
Preferred Adaptors for a Domain Version |
POST |
Creates a new domain version adaptor preference (e.g. GOLD or SILVER) This is how, for a specific domainVersion, an adaptor is designated as a GOLD or SILVER adaptor, allowing the datahub to prefer data from certain adaptors over others when assembling records for users in this zone. |
/zones/{zoneUuid}/settings/domain-version-adaptor-preferences |
Re-run a Data Event in a Zone |
POST |
Re-run a Data Event Exception |
/zones/{zoneUuid}/issues/{issueUuid}/rerun |
Re-run a Data Event in an Adaptor |
POST |
Re-run a Data Event Exception |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/issues/{issueUuid}/rerun |
Re-run a Data Event in an Adaptor’s Domain Version |
POST |
Re-run a Data Event Exception |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/domains/{domainUuid}/versions/{domainVersionUuid}/issues/{issueUuid}/rerun |
Resolve a Data Issue in a Zone |
POST |
Resolve a Data Event Exception |
/zones/{zoneUuid}/issues/{issueUuid}/resolve |
Resolve a Data Issue in an Adaptor |
POST |
Resolve a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/issues/{issueUuid}/resolve |
Resolve a Data Issue in an Adaptor’s Domain Version |
POST |
Resolve a Data Issue |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/domains/{domainUuid}/versions/{domainVersionUuid}/issues/{issueUuid}/resolve |
Role |
GET |
Gets a specified role |
/zones/{zoneUuid}/roles/{roleUuid} |
Role |
PUT |
Updates the specified role |
/zones/{zoneUuid}/roles/{roleUuid} |
Role |
PATCH |
Updates the specified role |
/zones/{zoneUuid}/roles/{roleUuid} |
Role |
DELETE |
Removes the specified Role from a Group |
/zones/{zoneUuid}/groups/{groupUuid}/roles/{roleUuid} |
Role |
DELETE |
Deletes the specified role |
/zones/{zoneUuid}/roles/{roleUuid} |
Role’s Data Access Rule |
GET |
Get a data access rule |
/zones/{zoneUuid}/roles/{roleUuid}/data-access-rules/{dataAccessRuleUuid} |
Role’s Data Access Rule |
PUT |
Update a data access rule |
/zones/{zoneUuid}/roles/{roleUuid}/data-access-rules/{dataAccessRuleUuid} |
Role’s Data Access Rule |
DELETE |
Delete a data access rule |
/zones/{zoneUuid}/roles/{roleUuid}/data-access-rules/{dataAccessRuleUuid} |
Role’s Data Access Rules |
GET |
Get a role’s data access rules |
/zones/{zoneUuid}/roles/{roleUuid}/data-access-rules |
Role’s Data Access Rules |
POST |
Add a data access rule to a role |
/zones/{zoneUuid}/roles/{roleUuid}/data-access-rules |
Role’s Permission |
GET |
Gets permission belonging to the specified role Get permission with given permissionUuid belonging to role with given uuid. |
/zones/{zoneUuid}/roles/{roleUuid}/permissions/{permissionUuid} |
Role’s Permissions |
GET |
Gets all permissions in the specified role |
/zones/{zoneUuid}/roles/{roleUuid}/permissions |
Role’s Permissions |
POST |
Adds new permissions to the specified role |
/zones/{zoneUuid}/roles/{roleUuid}/permissions |
Role’s Permissions |
PUT |
Updates existing permissions |
/zones/{zoneUuid}/roles/{roleUuid}/permissions |
Role’s Permissions |
DELETE |
Deletes permissions from the specified role Deletes the permissions identified by the uuids provided in the body from role identified by {uuid}. |
/zones/{zoneUuid}/roles/{roleUuid}/permissions |
Role’s Resource Permissions |
GET |
Gets all permissions in a specified role, grouped by resource Get all permissions in role with given {uuid}, grouped by resource. This is a view-only endpoint. |
/zones/{zoneUuid}/roles/{roleUuid}/resource-permissions |
Roles |
GET |
Gets all Roles in the specified Group |
/zones/{zoneUuid}/groups/{groupUuid}/roles |
Roles |
GET |
Gets all Role entities for a Zone entity filtersable by name, ie GET /zones/{zoneUuid}/roles?filters=name:My+Zone |
/zones/{zoneUuid}/roles |
Roles |
POST |
Creates or replaces the list of Roles in the specified Group Roles are identified by the array of uuids in the request body. |
/zones/{zoneUuid}/groups/{groupUuid}/roles |
Roles |
POST |
Creates a new Role entity |
/zones/{zoneUuid}/roles |
Server Settings |
GET |
Server settings including enabled and disabled features |
/settings |
Shutdown Adaptor |
PUT |
Instructs an adaptor to shut down. The code retrieved via shutdown-code must be passed as a query parameter. Example: /zones/{zone-uuid}/adaptors/{adaptor-uuid}/shutdown?code={shutdown-code} |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/shutdown |
Test a matching algorithm |
POST |
Test matching rules |
/zones/{zoneUuid}/adaptors/{adaptorUuid}/match-testing |
UI Adaptors |
GET |
Gets a list of adaptors that the user has access to query. To see adaptors in a zone, the user
must have access to Results can be filtered by:
- Example: This endpoint uses pagination and sorting: |
/ui/adaptors |
UI Compare Adaptors |
GET |
Gets a list of adaptors that the user has access to query that are candidates for the "compare" function in the YOUnite user interface. The returned adaptors will: 1. Be accessible to the user (the user must have access to Example: `GET /ui/compare-adaptors?zone-uuid=<zone-uuid>&domain-version-uuid=<domain-version-uuid> |
/ui/compare-adaptors |
User |
GET |
Gets the specified Zone User entity |
/zones/{zoneUuid}/users/{zoneUserUuid} |
User |
PUT |
Update the specified Zone User entity Currently only used to change the active status of a zone user |
/zones/{zoneUuid}/users/{zoneUserUuid} |
User |
DELETE |
Deletes the specified Zone User. If the Zone User has any roles or groups assigned, this call will fail unless force=true is specified, ie DELETE /zones/<zone-uuid>/users/<zone-user-uuid>?force=true |
/zones/{zoneUuid}/users/{zoneUserUuid} |
User’s Auth Identities (SSO) |
GET |
Gets all Auth Identity records Filtering may be performed on sso id, ie GET /auth-identity?filters=sso-id:test@younite.us |
/auth-identity |
User’s Auth Identity |
GET |
Gets the identity information of a User Get the identity information of a User. Identity information includes sso id and contact information that can be used to identify a user. A Zone User is associated with a single Zone, but since a logical user/person can be associated with multiple zones, their authIdentity will be shared among those Zone Users. |
/auth-identity/{authUuid} |
User’s Auth Identity |
GET |
Gets the identity information of a Zone User. Get the identity information of a Zone User. Identity information includes sso id and contact information that can be used to identify a user. A user is associated with a single Zone, but since a logical user/person can be associated with multiple zones, their authIdentity will be shared among those Zone Users. |
/zones/{zoneUuid}/users/auth-identity/{authUuid} |
User’s Auth Identity |
PATCH |
Make changes to a user’s auth identity or contact information |
/auth-identity/{authUuid} |
User’s Auth Identity |
PATCH |
Make changes to a user’s auth identity or contact information |
/zones/{zoneUuid}/users/auth-identity/{authUuid} |
User’s Auth Identity Preferences |
GET |
This will return the auth identity’s preference. Note that if the preferences have not been PUT for this resource, it will return a 404. |
/auth-identity/{authUuid}/preferences |
User’s Auth Identity Preferences |
GET |
This will return the auth identity’s preference. Note that if the preferences have not but PUT for this resource, it will return a 404. |
/zones/{zoneUuid}/users/auth-identity/{authUuid}/preferences |
User’s Auth Identity Preferences |
PUT |
Make changes to an auth identity’s preferences. |
/auth-identity/{authUuid}/preferences |
User’s Auth Identity Preferences |
PUT |
Make changes to an auth identity’s preferences. |
/zones/{zoneUuid}/users/auth-identity/{authUuid}/preferences |
User’s Groups |
GET |
Gets all Group entities that a Zone User entity belongs to |
/zones/{zoneUuid}/users/{zoneUserUuid}/groups |
User’s Roles |
GET |
Gets all Roles for a Zone User |
/zones/{zoneUuid}/users/{zoneUserUuid}/roles |
User’s Roles |
POST |
Creates or replaces the list of Roles directly associated with a Zone User Roles are identified by the array of uuids in the request body. |
/zones/{zoneUuid}/users/{zoneUserUuid}/roles |
User’s Roles |
DELETE |
Removes the Role from a Zone User |
/zones/{zoneUuid}/users/{zoneUserUuid}/roles/{roleUuid} |
Users |
GET |
Gets all Zone Users filtersable by SSO ID, ie GET /zones/<zone-uuid>/users?filters=sso-id:user@younite.us Inactive users can be retrieved with the inactive-users filter ie GET /zones/<zone-uuid>/users?filters=inactive-users:true |
/zones/{zoneUuid}/users |
Users |
POST |
Creates a new Zone User Create a new Zone User by specifying a authIdentity (sso id and contact info) and the Zone uuid. This creates a new AuthIdentity if the sso id has not used before. If the sso id has been used before, it will associate the Zone User to the existing AuthIdentity. |
/zones/{zoneUuid}/users |
Zone |
GET |
Gets the specified zone entity with the given UUID. |
/zones/{zoneUuid} |
Zone |
PUT |
Updates the specified zone entity with the given UUID. WARNING: This operation will OVERWRITE all updatable fields in the zone. Omitting a property will result in it being set to null. |
/zones/{zoneUuid} |
Zone |
PATCH |
Updates the specified zone entity with the given UUID. |
/zones/{zoneUuid} |
Zone |
DELETE |
Removes the specified zone entity with the given UUID. |
/zones/{zoneUuid} |
Zones |
GET |
Gets a list of zone entities. Filtering options include GET /zones?filters=name:MyZone GET /zones?filters=parent:42be5cc7-a1d6-45b2-ada4-3cd90cf5fbbf By default, inactive zones are not included. They can be viewed with the
GET /zones?filters=active:false |
/zones |
Zones |
POST |
Create a new Zone entity This endpoint performs the same function as as POST /zones/<zone-uuid>/child-zones and requires the same permissions. <zone-uuid> (the parent zone) is determined by the value of parentZoneUuid in the payload, or if absent, defaults to the root zone. |