IAM API

Manage users, roles, and groups for access control.

Users

List Users

GET /api/v1/iam/users

[
  {
    "id": "usr_a1b2c3d4",
    "username": "alice",
    "email": "alice@example.com",
    "roles": ["developer"],
    "groups": ["engineering"],
    "created_at": "2024-01-15T10:30:00Z"
  }
]

Create a User

POST /api/v1/iam/users
username
string
required
Unique username
email
string
required
Email address
role_ids
string[]
Roles to assign
group_ids
string[]
Groups to add to

Delete a User

DELETE /api/v1/iam/users/{id}

Roles

List Roles

GET /api/v1/iam/roles

[
  {
    "id": "role_admin",
    "name": "Admin",
    "permissions": ["*"],
    "created_at": "2024-01-15T10:30:00Z"
  },
  {
    "id": "role_developer",
    "name": "Developer",
    "permissions": ["apps:*", "databases:read", "storage:read"],
    "created_at": "2024-01-15T10:30:00Z"
  }
]

Create a Role

POST /api/v1/iam/roles
name
string
required
Role name
permissions
string[]
required
List of permission strings
{
  "name": "read-only",
  "permissions": [
    "compute:read",
    "apps:read",
    "databases:read",
    "storage:read"
  ]
}

Delete a Role

DELETE /api/v1/iam/roles/{id}

Groups

List Groups

GET /api/v1/iam/groups

Create a Group

POST /api/v1/iam/groups
name
string
required
Group name
role_ids
string[]
Roles inherited by all members

Delete a Group

DELETE /api/v1/iam/groups/{id}

Permission Format

Permissions follow the pattern resource:action:
PermissionDescription
compute:readView Droplets
compute:writeCreate/modify/delete Droplets
compute:*Full Droplet access
apps:readView Apps
apps:writeDeploy/modify/delete Apps
databases:*Full database access
storage:*Full storage access
admin:*Administrative access
*Full access (superadmin)