POST
/
v1
/
public
/
accounts
/
{account_id}
/
auth
/
authorizations
Grant Account Authorization
curl --request POST \
  --url https://api.hybridbox.io/v1/public/accounts/{account_id}/auth/authorizations \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "subject_id": "<string>",
  "capability_key": "<string>",
  "resource_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}
'
{
  "grant_kind": "<string>",
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "subject_id": "<string>",
  "subject_type": "<string>",
  "capability_key": "<string>",
  "created_at": "2023-11-07T05:31:56Z",
  "resource_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "resource_type": "<string>",
  "revoked_at": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Public API bearer credential sent as Authorization: Bearer <token>. Use either an OAuth access token or a Hybridbox Service account token.

Path Parameters

account_id
string<uuid>
required

Body

application/json

Schema for granting a new capability-based authorization.

grant_kind
enum<string>
required

Grant kind

Available options:
capability,
account_owner,
super_admin
subject_id
string
required

User or group identifier

Minimum string length: 1
subject_type
enum<string>
required

Subject type: user or group

Available options:
user,
group,
service_account
capability_key
string | null

Capability key for capability grants

resource_id
string<uuid> | null

Scoped resource identifier

resource_type
enum<string> | null

Scoped resource type

Available options:
client,
account,
workspace,
domain,
dns_record,
mailbox,
redirect,
forwarding,
credential,
tenant,
route,
proxy

Response

grant_kind
string
required
id
string<uuid>
required
subject_id
string
required
subject_type
string
required
capability_key
string | null
created_at
string<date-time> | null
resource_id
string<uuid> | null
resource_type
string | null
revoked_at
string<date-time> | null