Bulk Requests Upload API (Early Access)
POST
https://app.balkan.id/api/rest/v0/requests/upload-url
Requests
BalkanID Access Requests Upload CSV Format
Sample CSV 1
| Requester | Work Email | App ID | Identity ID | Metadata | Duration | Type |
|---|---|---|---|---|---|---|
| alex@example.com | alex@example.com | aws/024x | g1 | {"reference_employee":"james@example.com"} | 15m | employee_request |
Sample CSV 2
| Requester | Work Email | App ID | Identity ID | Metadata | Type |
|---|---|---|---|---|---|
| alex@example.com | alex@example.com | aws/024x | {"description":null,"entity_type":"identity","identity_type":"employee","integration":"aws/024x","name":"AWSServiceRoleForApplicationAutoScaling_KafkaCluster","provisioning_option":"app","reason":"Need to perform current job duties","scim_endpoint":","scim_payload":{"grants":[{"source_name":","type":"policy"},{"source_name":","type":"group"}],"revokes":[{"source_name":","type":"policy"},{"source_name":","type":"group"}]},"source_type":"user"} | update_entity |
Sample CSV 3
| Requester | Request Type | Employee | Work Email | Department | Title | Manager | Manager Work Email | App Name | App ID | Connection | Connection Type | Project | Duration | Source | Source ID | Identity ID | Identity Email | Username | Reason | Type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| james@example.com | grant | James Q | james@example.com | Engineering | Software Engineer | Jason P | jason@balkan.id | aws | aws/01HETV | web-team | group | example | permanent | jira | EN-123456 | Need to perform X task | employee_request | |||
| mary@example.com | revoke | Mary K | mary@example.com | Engineering | Software Engineer | Jason P | jason@balkan.id | aws | aws/01HETV | core | group | example | permanent | jira | EN-123457 | employee_request |
Sample CSV 4
| Requester | Work Email | Request Type | App ID | Project | Reference Employee | Metadata | Connection | Connection Type | Duration | Source | Source ID | Type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| elaine@example.com | github/01HEV | balkanid | patrick@example.com | 24h | bulk-api | c2314sd513 | employee_request | |||||
| jacob@example.com | jacob@example.com | github/01HEV | project | jason@example.com | 720h | bulk-api | c23454fd521 | employee_request | ||||
| jacob@example.com | jacob@example.com | github/01HEV | project | {"reference_title":"Backend Engineer", "reference_department": "Engineering"} | bulk-api | c23454fd781 | employee_request | |||||
| jacob@example.com | jacob@example.com | revoke | github/01HEV | project | web-team | group | 720h | bulk-api | c23454fd621 | employee_request |
Sample CSV 5
| Request ID | Requester | Work Email | App ID | Identity ID | Metadata | Duration | Type | Status |
|---|---|---|---|---|---|---|---|---|
| 0234xsd3 | alex@example.com | alex@example.com | aws/024x | g1 | {"reference_employee":"james@example.com"} | 15m | employee_request | deleted |
Column Definitions
| Field | Example | Comment |
|---|---|---|
| request ID | 012242x | optional, ID of the Request |
| requester | mike@example.test | required, Email of the request originator. Must be a user of the system |
| request type | grant / revoke | Supports provisioning & de-provisioning |
| employee | John Doe | Name of the employee the access is requested for, if other than requester |
| work email | john@example.test | required, Email of the employee the access is requested for, if other than requester |
| department | Engineering | Department where the employee the access is requested for works |
| title | Software Engineer II | Job title of the employee the access is requested for |
| manager | Mike Bloom | Name of the manager |
| manager_email | mike@example.test | Email of the manager |
| app | github | App the access is requested for |
| app id | github/01HEV | required, App ID the access is requested for |
| connection | admins | Name of the connection the access is requested for |
| connection_type | group | Type of connection the access is requested for |
| project | balkanid | Project / environment the access is requested for |
| resource | deployment | Name of the resource the access is requested for |
| resource_type | repository | Type of the resource the access is requested for |
| privilege_name | pull, s3:GetObject, access | Alphanumeric name of the privilege / also referred to as fine-grained permissions |
| privilege_value | true/false, true | Alphanumeric with the extracted permission. Recommended: true / false. |
| username | mbloom123 | Preferred username |
| reference employee | Software Engineer II OR chris@example.test | Reference entitlements: - needs to be employee email |
| duration | 60m, permanent | How long is the access needed (in seconds, minutes, hours, etc). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". If one needs for 1 hour, then it will 1h or 60m. |
| source | Jira | Source system |
| source_id | D-12345 | Source system ID |
| Identity ID | Unique ID of the identity in the application | |
| Username | Username of Identity | |
| Identity Email | Email of the identity | |
| Reason | Reason for the request | |
| Type | required, type of the request, currently only supports "employee_request", "purpose_request", "create_entity", "update_entity", "delete_entity" | |
| Metadata | Metadata for the request, required for all types of requests except for persona access request | |
| Status | Optional - Status of the request. Currently only accepts 'delete', to delete the respective request |
Request
Header Params
X-Api-Key-ID
string
optional
X-Api-Key-Secret
string
optional
Content-Type
string
optional
Default:
application/json