API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

IAM

IAMPermission Groups

List Account Permission Groups

iam.permission_groups.list(PermissionGroupListParams**kwargs) -> SyncV4PagePaginationArray[PermissionGroupListResponse]

GET/accounts/{account_id}/iam/permission_groups

Permission Group Details

iam.permission_groups.get(strpermission_group_id, PermissionGroupGetParams**kwargs) -> PermissionGroupGetResponse

GET/accounts/{account_id}/iam/permission_groups/{permission_group_id}

ModelsExpand Collapse

class PermissionGroupListResponse: …

A named group of permissions that map to a group of operations against resources.

id: str

Identifier of the permission group.

meta: Optional[Meta]

Attributes associated to the permission group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the permission group.

class PermissionGroupGetResponse: …

A named group of permissions that map to a group of operations against resources.

id: str

Identifier of the permission group.

meta: Optional[Meta]

Attributes associated to the permission group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the permission group.

IAMResource Groups

List Resource Groups

iam.resource_groups.list(ResourceGroupListParams**kwargs) -> SyncSinglePage[ResourceGroupListResponse]

GET/accounts/{account_id}/iam/resource_groups

Resource Group Details

iam.resource_groups.get(strresource_group_id, ResourceGroupGetParams**kwargs) -> ResourceGroupGetResponse

GET/accounts/{account_id}/iam/resource_groups/{resource_group_id}

Create Resource Group

iam.resource_groups.create(ResourceGroupCreateParams**kwargs) -> ResourceGroupCreateResponse

POST/accounts/{account_id}/iam/resource_groups

Update Resource Group

iam.resource_groups.update(strresource_group_id, ResourceGroupUpdateParams**kwargs) -> ResourceGroupUpdateResponse

PUT/accounts/{account_id}/iam/resource_groups/{resource_group_id}

Remove Resource Group

iam.resource_groups.delete(strresource_group_id, ResourceGroupDeleteParams**kwargs) -> ResourceGroupDeleteResponse

DELETE/accounts/{account_id}/iam/resource_groups/{resource_group_id}

ModelsExpand Collapse

class ResourceGroupListResponse: …

A group of scoped resources.

id: str

Identifier of the resource group.

scope: List[Scope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[ScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[Meta]

Attributes associated to the resource group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the resource group.

class ResourceGroupGetResponse: …

A group of scoped resources.

id: str

Identifier of the resource group.

scope: List[Scope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[ScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[Meta]

Attributes associated to the resource group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the resource group.

class ResourceGroupCreateResponse: …

A group of scoped resources.

id: str

Identifier of the resource group.

scope: List[Scope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[ScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[Meta]

Attributes associated to the resource group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the resource group.

class ResourceGroupUpdateResponse: …

A group of scoped resources.

id: str

Identifier of the resource group.

scope: List[Scope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[ScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[Meta]

Attributes associated to the resource group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the resource group.

class ResourceGroupDeleteResponse: …

id: str

Identifier

maxLength32

minLength32

IAMUser Groups

List User Groups

iam.user_groups.list(UserGroupListParams**kwargs) -> SyncV4PagePaginationArray[UserGroupListResponse]

GET/accounts/{account_id}/iam/user_groups

User Group Details

iam.user_groups.get(struser_group_id, UserGroupGetParams**kwargs) -> UserGroupGetResponse

GET/accounts/{account_id}/iam/user_groups/{user_group_id}

Create User Group

iam.user_groups.create(UserGroupCreateParams**kwargs) -> UserGroupCreateResponse

POST/accounts/{account_id}/iam/user_groups

Update User Group

iam.user_groups.update(struser_group_id, UserGroupUpdateParams**kwargs) -> UserGroupUpdateResponse

PUT/accounts/{account_id}/iam/user_groups/{user_group_id}

Remove User Group

iam.user_groups.delete(struser_group_id, UserGroupDeleteParams**kwargs) -> UserGroupDeleteResponse

DELETE/accounts/{account_id}/iam/user_groups/{user_group_id}

ModelsExpand Collapse

class UserGroupListResponse: …

A group of policies resources.

id: str

User Group identifier tag.

maxLength32

minLength32

created_on: datetime

Timestamp for the creation of the user group

formatdate-time

modified_on: datetime

Last time the user group was modified.

formatdate-time

name: str

Name of the user group.

policies: Optional[List[Policy]]

Policies attached to the User group

id: Optional[str]

Policy identifier.

access: Optional[Literal["allow", "deny"]]

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: Optional[List[PolicyPermissionGroup]]

A set of permission groups that are specified to the policy.

id: str

Identifier of the permission group.

meta: Optional[PolicyPermissionGroupMeta]

Attributes associated to the permission group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the permission group.

resource_groups: Optional[List[PolicyResourceGroup]]

A list of resource groups that the policy applies to.

id: str

Identifier of the resource group.

scope: List[PolicyResourceGroupScope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[PolicyResourceGroupScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[PolicyResourceGroupMeta]

Attributes associated to the resource group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the resource group.

class UserGroupGetResponse: …

A group of policies resources.

id: str

User Group identifier tag.

maxLength32

minLength32

created_on: datetime

Timestamp for the creation of the user group

formatdate-time

modified_on: datetime

Last time the user group was modified.

formatdate-time

name: str

Name of the user group.

policies: Optional[List[Policy]]

Policies attached to the User group

id: Optional[str]

Policy identifier.

access: Optional[Literal["allow", "deny"]]

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: Optional[List[PolicyPermissionGroup]]

A set of permission groups that are specified to the policy.

id: str

Identifier of the permission group.

meta: Optional[PolicyPermissionGroupMeta]

Attributes associated to the permission group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the permission group.

resource_groups: Optional[List[PolicyResourceGroup]]

A list of resource groups that the policy applies to.

id: str

Identifier of the resource group.

scope: List[PolicyResourceGroupScope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[PolicyResourceGroupScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[PolicyResourceGroupMeta]

Attributes associated to the resource group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the resource group.

class UserGroupCreateResponse: …

A group of policies resources.

id: str

User Group identifier tag.

maxLength32

minLength32

created_on: datetime

Timestamp for the creation of the user group

formatdate-time

modified_on: datetime

Last time the user group was modified.

formatdate-time

name: str

Name of the user group.

policies: Optional[List[Policy]]

Policies attached to the User group

id: Optional[str]

Policy identifier.

access: Optional[Literal["allow", "deny"]]

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: Optional[List[PolicyPermissionGroup]]

A set of permission groups that are specified to the policy.

id: str

Identifier of the permission group.

meta: Optional[PolicyPermissionGroupMeta]

Attributes associated to the permission group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the permission group.

resource_groups: Optional[List[PolicyResourceGroup]]

A list of resource groups that the policy applies to.

id: str

Identifier of the resource group.

scope: List[PolicyResourceGroupScope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[PolicyResourceGroupScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[PolicyResourceGroupMeta]

Attributes associated to the resource group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the resource group.

class UserGroupUpdateResponse: …

A group of policies resources.

id: str

User Group identifier tag.

maxLength32

minLength32

created_on: datetime

Timestamp for the creation of the user group

formatdate-time

modified_on: datetime

Last time the user group was modified.

formatdate-time

name: str

Name of the user group.

policies: Optional[List[Policy]]

Policies attached to the User group

id: Optional[str]

Policy identifier.

access: Optional[Literal["allow", "deny"]]

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: Optional[List[PolicyPermissionGroup]]

A set of permission groups that are specified to the policy.

id: str

Identifier of the permission group.

meta: Optional[PolicyPermissionGroupMeta]

Attributes associated to the permission group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the permission group.

resource_groups: Optional[List[PolicyResourceGroup]]

A list of resource groups that the policy applies to.

id: str

Identifier of the resource group.

scope: List[PolicyResourceGroupScope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[PolicyResourceGroupScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[PolicyResourceGroupMeta]

Attributes associated to the resource group.

key: Optional[str]

value: Optional[str]

name: Optional[str]

Name of the resource group.

class UserGroupDeleteResponse: …

id: str

Identifier

maxLength32

minLength32

IAMUser GroupsMembers

List User Group Members

iam.user_groups.members.list(struser_group_id, MemberListParams**kwargs) -> SyncV4PagePaginationArray[MemberListResponse]

GET/accounts/{account_id}/iam/user_groups/{user_group_id}/members

Get User Group Member

iam.user_groups.members.get(strmember_id, MemberGetParams**kwargs) -> MemberGetResponse

GET/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}

Add User Group Members

iam.user_groups.members.create(struser_group_id, MemberCreateParams**kwargs) -> SyncSinglePage[MemberCreateResponse]

POST/accounts/{account_id}/iam/user_groups/{user_group_id}/members

Update User Group Members

iam.user_groups.members.update(struser_group_id, MemberUpdateParams**kwargs) -> SyncSinglePage[MemberUpdateResponse]

PUT/accounts/{account_id}/iam/user_groups/{user_group_id}/members

Remove User Group Member

iam.user_groups.members.delete(strmember_id, MemberDeleteParams**kwargs) -> MemberDeleteResponse

DELETE/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}

ModelsExpand Collapse

class MemberListResponse: …

Member attached to a User Group.

id: str

Account member identifier.

email: Optional[str]

The contact email address of the user.

maxLength90

status: Optional[Literal["accepted", "pending"]]

The member’s status in the account.

One of the following:

"accepted"

"pending"

class MemberGetResponse: …

Detailed member information for a User Group member.

id: str

Account member identifier.

created_at: Optional[datetime]

When the member was added to the user group.

formatdate-time

email: Optional[str]

The contact email address of the user.

maxLength90

status: Optional[Literal["accepted", "pending"]]

The member’s status in the account.

One of the following:

"accepted"

"pending"

user: Optional[User]

Details of the user associated with this membership.

id: Optional[str]

User identifier tag.

email: Optional[str]

The contact email address of the user.

maxLength90

first_name: Optional[str]

User’s first name.

last_name: Optional[str]

User’s last name.

class MemberCreateResponse: …

Member attached to a User Group.

id: str

Account member identifier.

email: Optional[str]

The contact email address of the user.

maxLength90

status: Optional[Literal["accepted", "pending"]]

The member’s status in the account.

One of the following:

"accepted"

"pending"

class MemberUpdateResponse: …

Member attached to a User Group.

id: str

Account member identifier.

email: Optional[str]

The contact email address of the user.

maxLength90

status: Optional[Literal["accepted", "pending"]]

The member’s status in the account.

One of the following:

"accepted"

"pending"

class MemberDeleteResponse: …

Member attached to a User Group.

id: str

Account member identifier.

email: Optional[str]

The contact email address of the user.

maxLength90

status: Optional[Literal["accepted", "pending"]]

The member’s status in the account.

One of the following:

"accepted"

"pending"

IAMSSO

Get all SSO connectors

iam.sso.list(SSOListParams**kwargs) -> SyncSinglePage[SSOListResponse]

GET/accounts/{account_id}/sso_connectors

Get single SSO connector

iam.sso.get(strsso_connector_id, SSOGetParams**kwargs) -> SSOGetResponse

GET/accounts/{account_id}/sso_connectors/{sso_connector_id}

Initialize new SSO connector

iam.sso.create(SSOCreateParams**kwargs) -> SSOCreateResponse

POST/accounts/{account_id}/sso_connectors

Update SSO connector state

iam.sso.update(strsso_connector_id, SSOUpdateParams**kwargs) -> SSOUpdateResponse

PATCH/accounts/{account_id}/sso_connectors/{sso_connector_id}

Delete SSO connector

iam.sso.delete(strsso_connector_id, SSODeleteParams**kwargs) -> SSODeleteResponse

DELETE/accounts/{account_id}/sso_connectors/{sso_connector_id}

Begin SSO connector verification

iam.sso.begin_verification(strsso_connector_id, SSOBeginVerificationParams**kwargs) -> SSOBeginVerificationResponse

POST/accounts/{account_id}/sso_connectors/{sso_connector_id}/begin_verification

ModelsExpand Collapse

class SSOListResponse: …

id: Optional[str]

SSO Connector identifier tag.

maxLength32

minLength32

created_on: Optional[datetime]

Timestamp for the creation of the SSO connector

formatdate-time

email_domain: Optional[str]

enabled: Optional[bool]

updated_on: Optional[datetime]

Timestamp for the last update of the SSO connector

formatdate-time

use_fedramp_language: Optional[bool]

Controls the display of FedRAMP language to the user during SSO login

verification: Optional[Verification]

code: Optional[str]

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: Optional[Literal["awaiting", "pending", "failed", "verified"]]

The status of the verification code from the verification process.

One of the following:

"awaiting"

"pending"

"failed"

"verified"

class SSOGetResponse: …

id: Optional[str]

SSO Connector identifier tag.

maxLength32

minLength32

created_on: Optional[datetime]

Timestamp for the creation of the SSO connector

formatdate-time

email_domain: Optional[str]

enabled: Optional[bool]

updated_on: Optional[datetime]

Timestamp for the last update of the SSO connector

formatdate-time

use_fedramp_language: Optional[bool]

Controls the display of FedRAMP language to the user during SSO login

verification: Optional[Verification]

code: Optional[str]

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: Optional[Literal["awaiting", "pending", "failed", "verified"]]

The status of the verification code from the verification process.

One of the following:

"awaiting"

"pending"

"failed"

"verified"

class SSOCreateResponse: …

id: Optional[str]

SSO Connector identifier tag.

maxLength32

minLength32

created_on: Optional[datetime]

Timestamp for the creation of the SSO connector

formatdate-time

email_domain: Optional[str]

enabled: Optional[bool]

updated_on: Optional[datetime]

Timestamp for the last update of the SSO connector

formatdate-time

use_fedramp_language: Optional[bool]

Controls the display of FedRAMP language to the user during SSO login

verification: Optional[Verification]

code: Optional[str]

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: Optional[Literal["awaiting", "pending", "failed", "verified"]]

The status of the verification code from the verification process.

One of the following:

"awaiting"

"pending"

"failed"

"verified"

class SSOUpdateResponse: …

id: Optional[str]

SSO Connector identifier tag.

maxLength32

minLength32

created_on: Optional[datetime]

Timestamp for the creation of the SSO connector

formatdate-time

email_domain: Optional[str]

enabled: Optional[bool]

updated_on: Optional[datetime]

Timestamp for the last update of the SSO connector

formatdate-time

use_fedramp_language: Optional[bool]

Controls the display of FedRAMP language to the user during SSO login

verification: Optional[Verification]

code: Optional[str]

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: Optional[Literal["awaiting", "pending", "failed", "verified"]]

The status of the verification code from the verification process.

One of the following:

"awaiting"

"pending"

"failed"

"verified"

class SSODeleteResponse: …

id: str

Identifier

maxLength32

minLength32

class SSOBeginVerificationResponse: …

errors: List[Error]

code: int

minimum1000

message: str

documentation_url: Optional[str]

source: Optional[ErrorSource]

pointer: Optional[str]

messages: List[Message]

code: int

minimum1000

message: str

documentation_url: Optional[str]

source: Optional[MessageSource]

pointer: Optional[str]

success: Literal[true]

Whether the API call was successful.

IAMOAuth Clients

List OAuth Clients

iam.oauth_clients.list(OAuthClientListParams**kwargs) -> SyncSinglePage[OAuthClientListResponse]

GET/accounts/{account_id}/oauth_clients

OAuth Client Details

iam.oauth_clients.get(stroauth_client_id, OAuthClientGetParams**kwargs) -> OAuthClientGetResponse

GET/accounts/{account_id}/oauth_clients/{oauth_client_id}

Create OAuth Client

iam.oauth_clients.create(OAuthClientCreateParams**kwargs) -> OAuthClientCreateResponse

POST/accounts/{account_id}/oauth_clients

Update OAuth Client

iam.oauth_clients.update(stroauth_client_id, OAuthClientUpdateParams**kwargs) -> OAuthClientUpdateResponse

PATCH/accounts/{account_id}/oauth_clients/{oauth_client_id}

Delete OAuth Client

iam.oauth_clients.delete(stroauth_client_id, OAuthClientDeleteParams**kwargs) -> OAuthClientDeleteResponse

DELETE/accounts/{account_id}/oauth_clients/{oauth_client_id}

Rotate OAuth Client Secret

iam.oauth_clients.rotate_secret(stroauth_client_id, OAuthClientRotateSecretParams**kwargs) -> OAuthClientRotateSecretResponse

POST/accounts/{account_id}/oauth_clients/{oauth_client_id}/rotate_secret

Delete Rotated OAuth Client Secret

iam.oauth_clients.delete_rotated_secret(stroauth_client_id, OAuthClientDeleteRotatedSecretParams**kwargs) -> OAuthClientDeleteRotatedSecretResponse

DELETE/accounts/{account_id}/oauth_clients/{oauth_client_id}/rotate_secret

ModelsExpand Collapse

class OAuthClientListResponse: …

Fields shared by OAuth client responses and create/update requests.

client_id: str

The unique identifier for an OAuth client.

visibility: Literal["public", "private"]

Visibility of the OAuth client.

One of the following:

"public"

"private"

allowed_cors_origins: Optional[List[str]]

Array of allowed CORS origins.

client_name: Optional[str]

Human-readable name of the OAuth client.

client_uri: Optional[str]

URL of the home page of the client.

client_uri_verification: Optional[ClientURIVerification]

Client URI domain control verification state.

status: Optional[Literal["pending", "in_progress", "verified", "failed"]]

Current verification status for the client URI host.

One of the following:

"pending"

"in_progress"

"verified"

"failed"

text: Optional[str]

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: Optional[datetime]

Timestamp when the OAuth client was created.

formatdate-time

grant_types: Optional[List[Literal["authorization_code", "refresh_token"]]]

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:

"authorization_code"

"refresh_token"

has_rotated_secret: Optional[bool]

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: Optional[str]

URL of the client’s logo.

policy_uri: Optional[str]

URL that points to a privacy policy document.

post_logout_redirect_uris: Optional[List[str]]

Array of allowed post-logout redirect URIs.

promoted_at: Optional[datetime]

Timestamp when the OAuth client was promoted to public visibility.

formatdate-time

redirect_uris: Optional[List[str]]

Array of allowed redirect URIs for the client.

response_types: Optional[List[Literal["token", "id_token", "code"]]]

Array of OAuth response types the client is allowed to use.

One of the following:

"token"

"id_token"

"code"

scopes: Optional[List[str]]

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: Optional[Literal["none", "client_secret_basic", "client_secret_post"]]

The authentication method the client uses at the token endpoint.

One of the following:

"none"

"client_secret_basic"

"client_secret_post"

tos_uri: Optional[str]

URL that points to a terms of service document.

updated_at: Optional[datetime]

Timestamp when the OAuth client was last updated.

formatdate-time

class OAuthClientGetResponse: …

Fields shared by OAuth client responses and create/update requests.

client_id: str

The unique identifier for an OAuth client.

visibility: Literal["public", "private"]

Visibility of the OAuth client.

One of the following:

"public"

"private"

allowed_cors_origins: Optional[List[str]]

Array of allowed CORS origins.

client_name: Optional[str]

Human-readable name of the OAuth client.

client_uri: Optional[str]

URL of the home page of the client.

client_uri_verification: Optional[ClientURIVerification]

Client URI domain control verification state.

status: Optional[Literal["pending", "in_progress", "verified", "failed"]]

Current verification status for the client URI host.

One of the following:

"pending"

"in_progress"

"verified"

"failed"

text: Optional[str]

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: Optional[datetime]

Timestamp when the OAuth client was created.

formatdate-time

grant_types: Optional[List[Literal["authorization_code", "refresh_token"]]]

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:

"authorization_code"

"refresh_token"

has_rotated_secret: Optional[bool]

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: Optional[str]

URL of the client’s logo.

policy_uri: Optional[str]

URL that points to a privacy policy document.

post_logout_redirect_uris: Optional[List[str]]

Array of allowed post-logout redirect URIs.

promoted_at: Optional[datetime]

Timestamp when the OAuth client was promoted to public visibility.

formatdate-time

redirect_uris: Optional[List[str]]

Array of allowed redirect URIs for the client.

response_types: Optional[List[Literal["token", "id_token", "code"]]]

Array of OAuth response types the client is allowed to use.

One of the following:

"token"

"id_token"

"code"

scopes: Optional[List[str]]

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: Optional[Literal["none", "client_secret_basic", "client_secret_post"]]

The authentication method the client uses at the token endpoint.

One of the following:

"none"

"client_secret_basic"

"client_secret_post"

tos_uri: Optional[str]

URL that points to a terms of service document.

updated_at: Optional[datetime]

Timestamp when the OAuth client was last updated.

formatdate-time

class OAuthClientCreateResponse: …

Fields shared by OAuth client responses and create/update requests.

client_id: str

The unique identifier for an OAuth client.

visibility: Literal["public", "private"]

Visibility of the OAuth client.

One of the following:

"public"

"private"

allowed_cors_origins: Optional[List[str]]

Array of allowed CORS origins.

client_name: Optional[str]

Human-readable name of the OAuth client.

client_secret: Optional[str]

The client secret. This is the only time the secret is returned in a response.

client_uri: Optional[str]

URL of the home page of the client.

client_uri_verification: Optional[ClientURIVerification]

Client URI domain control verification state.

status: Optional[Literal["pending", "in_progress", "verified", "failed"]]

Current verification status for the client URI host.

One of the following:

"pending"

"in_progress"

"verified"

"failed"

text: Optional[str]

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: Optional[datetime]

Timestamp when the OAuth client was created.

formatdate-time

grant_types: Optional[List[Literal["authorization_code", "refresh_token"]]]

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:

"authorization_code"

"refresh_token"

has_rotated_secret: Optional[bool]

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: Optional[str]

URL of the client’s logo.

policy_uri: Optional[str]

URL that points to a privacy policy document.

post_logout_redirect_uris: Optional[List[str]]

Array of allowed post-logout redirect URIs.

promoted_at: Optional[datetime]

Timestamp when the OAuth client was promoted to public visibility.

formatdate-time

redirect_uris: Optional[List[str]]

Array of allowed redirect URIs for the client.

response_types: Optional[List[Literal["token", "id_token", "code"]]]

Array of OAuth response types the client is allowed to use.

One of the following:

"token"

"id_token"

"code"

scopes: Optional[List[str]]

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: Optional[Literal["none", "client_secret_basic", "client_secret_post"]]

The authentication method the client uses at the token endpoint.

One of the following:

"none"

"client_secret_basic"

"client_secret_post"

tos_uri: Optional[str]

URL that points to a terms of service document.

updated_at: Optional[datetime]

Timestamp when the OAuth client was last updated.

formatdate-time

class OAuthClientUpdateResponse: …

Fields shared by OAuth client responses and create/update requests.

client_id: str

The unique identifier for an OAuth client.

visibility: Literal["public", "private"]

Visibility of the OAuth client.

One of the following:

"public"

"private"

allowed_cors_origins: Optional[List[str]]

Array of allowed CORS origins.

client_name: Optional[str]

Human-readable name of the OAuth client.

client_uri: Optional[str]

URL of the home page of the client.

client_uri_verification: Optional[ClientURIVerification]

Client URI domain control verification state.

status: Optional[Literal["pending", "in_progress", "verified", "failed"]]

Current verification status for the client URI host.

One of the following:

"pending"

"in_progress"

"verified"

"failed"

text: Optional[str]

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: Optional[datetime]

Timestamp when the OAuth client was created.

formatdate-time

grant_types: Optional[List[Literal["authorization_code", "refresh_token"]]]

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:

"authorization_code"

"refresh_token"

has_rotated_secret: Optional[bool]

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: Optional[str]

URL of the client’s logo.

policy_uri: Optional[str]

URL that points to a privacy policy document.

post_logout_redirect_uris: Optional[List[str]]

Array of allowed post-logout redirect URIs.

promoted_at: Optional[datetime]

Timestamp when the OAuth client was promoted to public visibility.

formatdate-time

redirect_uris: Optional[List[str]]

Array of allowed redirect URIs for the client.

response_types: Optional[List[Literal["token", "id_token", "code"]]]

Array of OAuth response types the client is allowed to use.

One of the following:

"token"

"id_token"

"code"

scopes: Optional[List[str]]

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: Optional[Literal["none", "client_secret_basic", "client_secret_post"]]

The authentication method the client uses at the token endpoint.

One of the following:

"none"

"client_secret_basic"

"client_secret_post"

tos_uri: Optional[str]

URL that points to a terms of service document.

updated_at: Optional[datetime]

Timestamp when the OAuth client was last updated.

formatdate-time

class OAuthClientDeleteResponse: …

id: str

Identifier

maxLength32

minLength32

class OAuthClientRotateSecretResponse: …

client_secret: Optional[str]

The new client secret.

class OAuthClientDeleteRotatedSecretResponse: …

id: str

Identifier

maxLength32

minLength32

IAMOAuth Scopes

List OAuth Scopes

iam.oauth_scopes.list() -> SyncSinglePage[OAuthScopeListResponse]

GET/oauth/scopes

ModelsExpand Collapse

class OAuthScopeListResponse: …

An available OAuth scope that can be assigned to an OAuth client.

id: str

The scope label to use in the scopes array when creating or updating an OAuth client.

name: str

Human-readable name of the OAuth scope.

category: Optional[str]

Category for grouping scopes in the UI.

scopes: Optional[List[str]]

The underlying resource scopes (Bach scopes) that define which resources this OAuth scope can act upon.