Bulk Reviews Download API (Early Access)
POST
https://app.balkan.id/api/rest/v0/reviews/download-url
Reviews
BalkanID Access Reviews Download CSV Format
Sample CSV
| ID* | Permission Name* | Permission Value* | Resource | Resource Type | Identity ID | Identity Type* | Identity Email | Identity Username | Identity Name | Employee ID | Employee Email | Job Title | Department | Manager | Employment Type | Campaign Name* | Application Name* | Application Description | Connection | Connection Type | Reviewer* | Reviewer ID* | Access Review Creation Date* | Access Review Completion Date | Review Status* | Activity Log | Review Type | Labels Array | Recommendation | Purpose ID | Employee ID For Purpose |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 01H90W5FM2RY663D6AFNG9HEJ9 | owner | TRUE | Frontend Repo | Repository | 76yi-IQGt_K6apHfRslIOCs_bIn91x31Jaccv89pkc4 | employee | john.doe@example.com | john.doe@example.com | John Doe | email/ujnknkjsndkjnkjbnark | john.doe@example.com | Engineer | Engineering | Full time | Campaign 1 | Github | GitHub is a code hosting platform for version control and collaboration | read | repository-role | Jane Doe | jane.doe@example.com | 2023-08-29 | overdue | [{"Actor ID":"john.doe@example.com","Actor Name":"John Doe","Activity Comment":","Previous Status":","Status":"created","Timestamp":"2023-08-29T14:46:36+00:00"},{"Actor ID":"jane.doe@example.com","Actor Name":"Jane Doe"Activity Comment":","Previous Status":"created","Status":"started","Timestamp":"2023-08-29T14:46:36+00:00"}] | {"value": "approve", "explanation": "testing"} | 01H90W5FM2RY663D6AFNG9HEJ9 | email/ujnknkjsndkjnkjbnark | ||||
| 01H90W5FM2RY663D6AFP7DBEAB | owner | TRUE | Backend Repo | Repository | 76yi-IQGt_K6apHfRslIOCs_bIn91x31Jaccv89pkc4 | employee | john.doe@example.com | john.doe@example.com | John Doe | email/ujnknkjsndkjnkjbnark | john.doe@example.com | Engineer | Engineering | Full time | Campaign 1 | Github | GitHub is a code hosting platform for version control and collaboration | write | repository-role | Jane Doe | jane.doe@example.com | 2023-08-29 | overdue | [{"Actor ID":"john.doe@example.com","Actor Name":"John Doe","Activity Comment":","Previous Status":","Status":"created","Timestamp":"2023-08-29T14:46:36+00:00"},{"Actor ID":"jane.doe@example.com","Actor Name":"Jane Doe","Activity Comment":","Previous Status":"created","Status":"started","Timestamp":"2023-08-29T14:46:36+00:00"}] | {"value": "deny", "explanation": "testing"} | 01H90W5FM2RY663D6AFNG9HEJ9 | email/ujnknkjsndkjnkjbnark |
Column Definitions
| Column Name | Column Description |
|---|---|
| ID | Required - This is a unique review ID for each entitlement generated by the BalkanID processing and serves as an identifier for each review as a part of a campaign. |
| Permission Name | Required - The name of action/permission/entitlement. These are typically actions that can be on a resource. In the sample CSV, these are “pull”, “push”, and “which are actions associated with a repository. |
| Permission Value | Required - In many cases, these will be “true”. In some cases, it is useful to model an explicit deny by including entitlements where Privilege Value is “false”. In the sample CSV, we see both “true” and “false” privilege values. |
| Resource | Optional, Required if Resource Type is Present - The resource this entitlement references. In the sample CSV, the resource is the “ops” repository. |
| Resource Type | Optional, Required if Resource is Present - A useful resource type that groups resources in your application. This can be a Github repository/organization/application, AWS service, a Slack channel, etc. In the sample CSV, the resource type is “repository”. |
| Project | Optional - The project to which the resource belongs, for which the access review needs to be done. |
| Identity ID | Unique ID for each identity, generated by BalkanID. |
| Identity Type | Required - The type of the identity. Can be any of employee, service account, or undefined. |
| Identity Email | One of Email, User ID, or Username - The email associated with the identity to which this entitlement belongs to |
| Identity Username | One of Email, User ID, or Username - The username associated with the identity to which this entitlement belongs to |
| Identity Name | Optional - The name of the identity to which this entitlement belongs to, if available. This can be the name of a person, a service account, or other names. |
| Employee ID | Unique ID for the employee to which this entitlement belongs, generated by BalkanID. |
| Employee Email | One of Email, User ID, or Username - The email associated with the employee to which this entitlement belongs |
| Job Title | The job title of the identity, for which the access review needs to be done. |
| Department | The department to which the identity belongs, for which the access review needs to be done. |
| Manager | The name of the manager of the identity, for which the access review needs to be done. |
| Manager Email | The email of the manager of the identity, for which the access review needs to be done. |
| Employment Type | Employment type of the identity, such as Full-Time, Salaried, Contractor, Intern, etc. |
| Campaign Name | Required - Name of the Campaign to which the reviews belong to. |
| Campaign ID | Required - ID of the Campaign to which the reviews belong to. |
| Application Integration ID | Required - The unique ID of the application integration. |
| Application Name | Required - The name of the application for which the entitlements need to be reviewed. |
| Application Description | Optional - The description of the application for which the entitlements need to be reviewed. |
| Connection | Optional, Required if Connection Type is Present - Connection describes how the identity (identified by the Username) gains the privilege (identified by Privilege Name and Privilege Value) to the resource (identified by Resource and Resource Type). In the sample CSV, the connection is the repository role granted to the identity: “read” and “admin”. |
| Connection Type | Optional, Required if Connection is Present - Connection Type describes the type of the Connection. Typical connection types are “role”, “policy”, “group”, but can include others depending on your application authorization structure. In the sample CSV, this is “repository-role”. |
| Reviewer | Required - The name of the identity to which this review is assigned. This can be the name of a person or other names. |
| Reviewer ID | Required - Email ID of the reviewer, the identity to which the review is assigned. |
| Created At | Required - The date on which the access review was created in YYYY-MM-DD format. |
| Access Review Completion Date | Optional, Required if access review is completed is Present - The date on which the access review was completed in YYYY-MM-DD format. |
| Review Status | Required - This can be one of the following: created, started, stopped, approved, rejected, request_info, delegated |
| Activity Log | Optional - List of actions performed on the entitlement. |
| Review Type | Optional - The type of the review. |
| Labels Array | Optional - List of labels associated with the entitlement. |
| Recommendation | Optional, Recommendation for the review. Format: {"value": One of {"approve", "deny" or "} , "explanation": "testing"} |
| Purpose ID | Optional - The ID of the purpose associated with the purpose request. |
| Employee ID For Purpose | Optional - The Unique ID of the employee, generated by BalkanID, associated with the purpose request. |
Download the CSV file via the pre-signed URL
To use the polling URL, first send an HTTP request with the method
HEAD to the pollingUrl.If the response status code is
404, the file is not ready, and you should retry this polling request after a delay.If the response status code is
200, the file is ready, and you may proceed to download the CSV from the received url.Request
Header Params
X-Api-Key-ID
string
optional
X-Api-Key-Secret
string
optional
Content-Type
string
optional
Default:
application/json
Body Params application/json