Skip to content
API reference
/
Role-based access control
/
/
Get role

Access Management API (v3)

Download OpenAPI description
RbacApi.json
RbacApi.yaml
Languages
Servers
Sandbox URL
https://api-ext-sboxmeta.partners.spotnana.com
Spotnana mock server
https://developer.spotnana.com/_mock/openapi/rbacapi

User Groups

APIs to manage use groups.

Operations

Roles

APIs to manage roles.

Operations

List all permissions on the platform

Request

This endpoint returns all available permissions on the platform for display purposes.

Security
Bearer
curl -i -X GET \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/permissions \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

OK

Bodyapplication/json
permissionsArray of objects(Permission)required

List of available permissions.

permissions[].​namestring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
permissions[].​descriptionstringrequired

Description of the permission.

Example: "Manage company settings and configurations."
permissions[].​parentNamestring(PermissionName)

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Response
application/json
{
  "permissions": [
    {}
  ]
}

List permissions for a company

Request

This endpoint returns all available permissions for a company.

Security
Bearer
Path
companyIdstring(uuid)required

Identifier of the company.

Example: 1234a66b-7493-4f41-908c-58ba81093947
curl -i -X GET \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/companies/1234a66b-7493-4f41-908c-58ba81093947/permissions \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

OK

Bodyapplication/json
permissionsArray of objects(Permission)required

List of available permissions.

permissions[].​namestring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
permissions[].​descriptionstringrequired

Description of the permission.

Example: "Manage company settings and configurations."
permissions[].​parentNamestring(PermissionName)

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Response
application/json
{
  "permissions": [
    {}
  ]
}

List user roles for company

Request

This endpoint provides list of available user roles for a company.

Security
Bearer
Path
companyIdstring(uuid)required

Identifier of the company.

Example: 1234a66b-7493-4f41-908c-58ba81093947
Bodyapplication/jsonrequired
searchTextstring

Query text to search roles. The match would be case-insensitive.

Example: "Admin"
paginationobject(OffsetBasedPaginationRequestParams)required

Pagination information for request.

pagination.​offsetinteger(int32)>= 0

The starting index in the list from which results are returned. The value must be greater than or equal to 0.

Default 0
pagination.​limitinteger(int32)>= 1

Maximum number of results to be fetched.

Default 100
sortParamsobject(RoleSortParams)

Sorting related parameters.

filtersArray of objects(ListRoleFilter)

List of filters. Roles matching with any filter would be returned.

curl -i -X POST \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/companies/1234a66b-7493-4f41-908c-58ba81093947/roles \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "searchText": "Admin",
    "pagination": {
      "offset": 0,
      "limit": 100
    },
    "sortParams": {
      "sortBy": "NAME",
      "sortOrder": "DESC"
    },
    "filters": [
      {
        "roleIds": [
          "497f6eca-6276-4993-bfeb-53cbbbba6f08"
        ],
        "roleProvidedBy": [
          "PLATFORM"
        ]
      }
    ]
  }'

Responses

OK

Bodyapplication/json
rolesArray of objects(RoleV3)required

Roles matching with the request.

roles[].​idstring(uuid)required

Role identifier.

roles[].​namestringrequired

Name of the role.

Example: "User Admin"
roles[].​descriptionstringrequired

A short description of the role mentioning what can it do.

Example: "Manage users for the company."
roles[].​isPlatformRolebooleanrequired

Whether role is platform provided.

Default false
Example: false
roles[].​companyIdstring(uuid)

Company ID which owns the role.

Example: "1aeef911-44cf-49bb-83c7-e06b0d4e7ac2"
roles[].​permissionsArray of objects(PermissionWithActions)required

Permissions granted to the role.

roles[].​permissions[].​permissionstring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Example: "USER_MANAGEMENT"
roles[].​permissions[].​actionsArray of strings(PermissionAction)required

Actions allowed on the permission like read/write/delete.

Items Enum"ALL""CREATE""READ""WRITE""DELETE""PURGE"
Example: ["READ","WRITE"]
roles[].​createdAtobject(DateTimeOffset)required

Date and time when the role was created.

roles[].​createdAt.​iso8601string^\d{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01...required
Example: "2017-07-21T17:32Z"
roles[].​updatedAtobject(DateTimeOffset)required

Date and time when the role was last updated.

roles[].​updatedAt.​iso8601string^\d{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01...required
Example: "2017-07-21T17:32Z"
roles[].​createdByobject(Reference)required

User who created the role.

roles[].​createdBy.​idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
roles[].​createdBy.​namestring
Example: "Name"
roles[].​updatedByobject(Reference)required

User who last updated the role.

roles[].​updatedBy.​idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
roles[].​updatedBy.​namestring
Example: "Name"
paginationobject(OffsetBasedPaginationResponseParams)required

Pagination information for response.

pagination.​totalNumResultsinteger(int32)required

Total number of results.

Response
application/json
{
  "roles": [
    {}
  ],
  "pagination": {
    "totalNumResults": 0
  }
}

Create role

Request

This endpoint is used to create user roles.

Security
Bearer
Bodyapplication/jsonrequired
namestringrequired

Name of the role.

Example: "User Admin"
descriptionstringrequired

A short description of the role mentioning what can it do.

Example: "Manage users for the company."
isPlatformRolebooleanrequired

Whether role is platform provided.

Default false
Example: false
companyIdstring(uuid)

Company ID which owns the role.

Example: "1aeef911-44cf-49bb-83c7-e06b0d4e7ac2"
permissionsArray of objects(PermissionWithActions)required

Permissions granted to the role.

permissions[].​permissionstring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Example: "USER_MANAGEMENT"
permissions[].​actionsArray of strings(PermissionAction)required

Actions allowed on the permission like read/write/delete.

Items Enum"ALL""CREATE""READ""WRITE""DELETE""PURGE"
Example: ["READ","WRITE"]
curl -i -X POST \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/roles \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "User Admin",
    "description": "Manage users for the company.",
    "isPlatformRole": false,
    "companyId": "1aeef911-44cf-49bb-83c7-e06b0d4e7ac2",
    "permissions": [
      {
        "permission": "COMPANY_MANAGEMENT",
        "actions": [
          "READ",
          "WRITE"
        ]
      }
    ]
  }'

Responses

OK

Bodyapplication/json
idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
Response
application/json
{
  "id": "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
}

Get role

Request

This endpoint returns role details for given role ID.

Security
Bearer
Path
roleIdstring(uuid)required

Identifier for role.

Example: 4974a66b-7493-4f41-908c-58ba81093947
curl -i -X GET \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/roles/4974a66b-7493-4f41-908c-58ba81093947 \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

OK

Bodyapplication/json
idstring(uuid)required

Role identifier.

namestringrequired

Name of the role.

Example: "User Admin"
descriptionstringrequired

A short description of the role mentioning what can it do.

Example: "Manage users for the company."
isPlatformRolebooleanrequired

Whether role is platform provided.

Default false
Example: false
companyIdstring(uuid)

Company ID which owns the role.

Example: "1aeef911-44cf-49bb-83c7-e06b0d4e7ac2"
permissionsArray of objects(PermissionWithActions)required

Permissions granted to the role.

permissions[].​permissionstring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Example: "USER_MANAGEMENT"
permissions[].​actionsArray of strings(PermissionAction)required

Actions allowed on the permission like read/write/delete.

Items Enum"ALL""CREATE""READ""WRITE""DELETE""PURGE"
Example: ["READ","WRITE"]
createdAtobject(DateTimeOffset)required

Date and time when the role was created.

createdAt.​iso8601string^\d{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01...required
Example: "2017-07-21T17:32Z"
updatedAtobject(DateTimeOffset)required

Date and time when the role was last updated.

updatedAt.​iso8601string^\d{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01...required
Example: "2017-07-21T17:32Z"
createdByobject(Reference)required

User who created the role.

createdBy.​idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
createdBy.​namestring
Example: "Name"
updatedByobject(Reference)required

User who last updated the role.

updatedBy.​idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
updatedBy.​namestring
Example: "Name"
Response
application/json
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "name": "User Admin",
  "description": "Manage users for the company.",
  "isPlatformRole": false,
  "companyId": "1aeef911-44cf-49bb-83c7-e06b0d4e7ac2",
  "permissions": [
    {}
  ],
  "createdAt": {
    "iso8601": "2017-07-21T17:32Z"
  },
  "updatedAt": {
    "iso8601": "2017-07-21T17:32Z"
  },
  "createdBy": {
    "id": "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3",
    "name": "Name"
  },
  "updatedBy": {
    "id": "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3",
    "name": "Name"
  }
}

Delete role

Request

This endpoint deletes a role by role ID.

Security
Bearer
Path
roleIdstring(uuid)required

Identifier for role.

Example: 4974a66b-7493-4f41-908c-58ba81093947
curl -i -X DELETE \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/roles/4974a66b-7493-4f41-908c-58ba81093947 \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

OK

Response
No content

Update role

Request

Security
Bearer
Path
roleIdstring(uuid)required

Identifier for role.

Example: 4974a66b-7493-4f41-908c-58ba81093947
Bodyapplication/jsonrequired
namestringrequired

Name of the role.

Example: "User Admin"
descriptionstringrequired

A short description of the role mentioning what can it do.

Example: "Manage users for the company."
permissionsArray of objects(PermissionWithActions)required

Permissions granted to the role.

permissions[].​permissionstring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Example: "USER_MANAGEMENT"
permissions[].​actionsArray of strings(PermissionAction)required

Actions allowed on the permission like read/write/delete.

Items Enum"ALL""CREATE""READ""WRITE""DELETE""PURGE"
Example: ["READ","WRITE"]
curl -i -X PUT \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/roles/4974a66b-7493-4f41-908c-58ba81093947 \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "User Admin",
    "description": "Manage users for the company.",
    "permissions": [
      {
        "permission": "COMPANY_MANAGEMENT",
        "actions": [
          "READ",
          "WRITE"
        ]
      }
    ]
  }'

Responses

OK

Response
No content

Get applicable scopes for selected roles.

Request

Returns the applicable scope predicate types and their permitted values for the selected roles within a company.

Security
Bearer
Path
companyIdstring(uuid)required

Identifier of the company.

Example: 1234a66b-7493-4f41-908c-58ba81093947
Bodyapplication/jsonrequired
roleIdsArray of strings(uuid)

List of selected role identifiers.

Example: ["1aeef911-44cf-49bb-83c7-e06b0d4e7ac2"]
selectedAudienceobject(ScopeAudience)

The audience that the scope audience applies to.

curl -i -X POST \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/companies/1234a66b-7493-4f41-908c-58ba81093947/roles/applicable-scopes \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "roleIds": [
      "1aeef911-44cf-49bb-83c7-e06b0d4e7ac2"
    ],
    "selectedAudience": {
      "predicates": [
        {
          "type": "PLATFORM",
          "value": false
        }
      ]
    }
  }'

Responses

Applicable scopes for the selected roles.

Bodyapplication/json
applicableScopesArray of objects(ApplicableScope)required

List of applicable scopes with their predicate types and permitted values.

applicableScopes[].​predicateTypestring(ScopePredicateType)required

Type of scope predicate.

Enum"PLATFORM""BOOKING_TMC""CONTRACTING_TMC""COMPANY""TRIP_TEMPLATE""STEALTH_TYPE"
applicableScopes[].​allowedValuesArray of objects(ScopePredicateValue)

Allowed values for this predicate type. Present for predicate types that have enumerable values (e.g. STEALTH_TYPE).

Response
application/json
{
  "applicableScopes": [
    {}
  ]
}

List user group roles

Request

This endpoint provides list of roles assigned to the usergroup.

Security
Bearer
Path
companyIdstring(uuid)required

Company ID of the user group.

Example: 1234a66b-7493-4f41-908c-58ba81093653
groupIdstring(uuid)required

Identifier for the user group.

Example: 4974a66b-7493-4f41-908c-58ba81093947
Bodyapplication/jsonrequired
searchTextstring

Query text to search roles. The match would be case-insensitive.

Example: "Admin"
paginationobject(OffsetBasedPaginationRequestParams)required

Pagination information for request.

pagination.​offsetinteger(int32)>= 0

The starting index in the list from which results are returned. The value must be greater than or equal to 0.

Default 0
pagination.​limitinteger(int32)>= 1

Maximum number of results to be fetched.

Default 100
sortParamsobject(RoleSortParams)

Sorting related parameters.

filtersArray of objects(ListRoleFilter)

List of filters. Roles matching with any filter would be returned.

curl -i -X POST \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/companies/1234a66b-7493-4f41-908c-58ba81093653/user-groups/4974a66b-7493-4f41-908c-58ba81093947/roles \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "searchText": "Admin",
    "pagination": {
      "offset": 0,
      "limit": 100
    },
    "sortParams": {
      "sortBy": "NAME",
      "sortOrder": "DESC"
    },
    "filters": [
      {
        "roleIds": [
          "497f6eca-6276-4993-bfeb-53cbbbba6f08"
        ],
        "roleProvidedBy": [
          "PLATFORM"
        ]
      }
    ]
  }'

Responses

OK

Bodyapplication/json
rolesArray of objects(RoleScope)required

Roles assigned to the group matching with the request.

roles[].​roleobject(RoleV3)required

Role information.

roles[].​role.​idstring(uuid)required

Role identifier.

roles[].​role.​namestringrequired

Name of the role.

Example: "User Admin"
roles[].​role.​descriptionstringrequired

A short description of the role mentioning what can it do.

Example: "Manage users for the company."
roles[].​role.​isPlatformRolebooleanrequired

Whether role is platform provided.

Default false
Example: false
roles[].​role.​companyIdstring(uuid)

Company ID which owns the role.

Example: "1aeef911-44cf-49bb-83c7-e06b0d4e7ac2"
roles[].​role.​permissionsArray of objects(PermissionWithActions)required

Permissions granted to the role.

roles[].​role.​permissions[].​permissionstring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Example: "USER_MANAGEMENT"
roles[].​role.​permissions[].​actionsArray of strings(PermissionAction)required

Actions allowed on the permission like read/write/delete.

Items Enum"ALL""CREATE""READ""WRITE""DELETE""PURGE"
Example: ["READ","WRITE"]
roles[].​role.​createdAtobject(DateTimeOffset)required

Date and time when the role was created.

roles[].​role.​createdAt.​iso8601string^\d{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01...required
Example: "2017-07-21T17:32Z"
roles[].​role.​updatedAtobject(DateTimeOffset)required

Date and time when the role was last updated.

roles[].​role.​updatedAt.​iso8601string^\d{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01...required
Example: "2017-07-21T17:32Z"
roles[].​role.​createdByobject(Reference)required

User who created the role.

roles[].​role.​createdBy.​idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
roles[].​role.​createdBy.​namestring
Example: "Name"
roles[].​role.​updatedByobject(Reference)required

User who last updated the role.

roles[].​role.​updatedBy.​idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
roles[].​role.​updatedBy.​namestring
Example: "Name"
roles[].​scopeobject(Scope)required

The set of resources or the resource group that the role applies to.

roles[].​scope.​audiencesArray of objects(ScopeAudience)non-emptyrequired
roles[].​scope.​audiences[].​predicatesArray of objects(AudiencePredicate)non-emptyrequired
roles[].​scope.​audiences[].​predicates[].​typestringrequired
Default "PLATFORM"
Discriminator
roles[].​scope.​audiences[].​predicates[].​valuebooleanrequired
Default false
Example: false
paginationobject(OffsetBasedPaginationResponseParams)required

Pagination information for response.

pagination.​totalNumResultsinteger(int32)required

Total number of results.

Response
application/json
{
  "roles": [
    {}
  ],
  "pagination": {
    "totalNumResults": 0
  }
}

Update user group roles

Request

This endpoint updates roles assigned to a usergroup.

Security
Bearer
Path
companyIdstring(uuid)required

Company ID of the user group.

Example: 1234a66b-7493-4f41-908c-58ba81093653
groupIdstring(uuid)required

Identifier for the user group.

Example: 4974a66b-7493-4f41-908c-58ba81093947
Bodyapplication/jsonrequired
rolesToAddArray of objects(RoleRefWithScope)

List of roles to be assigned to a principal.

Default []
rolesToDeleteArray of strings(uuid)

List of roles to be removed for a principal.

Default []
curl -i -X PATCH \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/companies/1234a66b-7493-4f41-908c-58ba81093653/user-groups/4974a66b-7493-4f41-908c-58ba81093947/roles \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "rolesToAdd": [],
    "rolesToDelete": []
  }'

Responses

OK

Response
No content

List user roles

Request

This endpoint provides list of roles assigned to the user.

Security
Bearer
Path
userIdstring(uuid)required

Identifier of the user.

Example: 1234a66b-7493-4f41-908c-58ba81093947
Bodyapplication/jsonrequired
searchTextstring

Query text to search roles. The match would be case-insensitive.

Example: "Admin"
paginationobject(OffsetBasedPaginationRequestParams)required

Pagination information for request.

pagination.​offsetinteger(int32)>= 0

The starting index in the list from which results are returned. The value must be greater than or equal to 0.

Default 0
pagination.​limitinteger(int32)>= 1

Maximum number of results to be fetched.

Default 100
sortParamsobject(RoleSortParams)

Sorting related parameters.

filtersArray of objects(ListRoleFilter)

List of filters. Roles matching with any filter would be returned.

curl -i -X POST \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/users/1234a66b-7493-4f41-908c-58ba81093947/roles \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "searchText": "Admin",
    "pagination": {
      "offset": 0,
      "limit": 100
    },
    "sortParams": {
      "sortBy": "NAME",
      "sortOrder": "DESC"
    },
    "filters": [
      {
        "roleIds": [
          "497f6eca-6276-4993-bfeb-53cbbbba6f08"
        ],
        "roleProvidedBy": [
          "PLATFORM"
        ]
      }
    ]
  }'

Responses

OK

Bodyapplication/json
rolesArray of objects(RoleScope)required

Roles assigned to the user matching with the request.

roles[].​roleobject(RoleV3)required

Role information.

roles[].​role.​idstring(uuid)required

Role identifier.

roles[].​role.​namestringrequired

Name of the role.

Example: "User Admin"
roles[].​role.​descriptionstringrequired

A short description of the role mentioning what can it do.

Example: "Manage users for the company."
roles[].​role.​isPlatformRolebooleanrequired

Whether role is platform provided.

Default false
Example: false
roles[].​role.​companyIdstring(uuid)

Company ID which owns the role.

Example: "1aeef911-44cf-49bb-83c7-e06b0d4e7ac2"
roles[].​role.​permissionsArray of objects(PermissionWithActions)required

Permissions granted to the role.

roles[].​role.​permissions[].​permissionstring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Example: "USER_MANAGEMENT"
roles[].​role.​permissions[].​actionsArray of strings(PermissionAction)required

Actions allowed on the permission like read/write/delete.

Items Enum"ALL""CREATE""READ""WRITE""DELETE""PURGE"
Example: ["READ","WRITE"]
roles[].​role.​createdAtobject(DateTimeOffset)required

Date and time when the role was created.

roles[].​role.​createdAt.​iso8601string^\d{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01...required
Example: "2017-07-21T17:32Z"
roles[].​role.​updatedAtobject(DateTimeOffset)required

Date and time when the role was last updated.

roles[].​role.​updatedAt.​iso8601string^\d{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01...required
Example: "2017-07-21T17:32Z"
roles[].​role.​createdByobject(Reference)required

User who created the role.

roles[].​role.​createdBy.​idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
roles[].​role.​createdBy.​namestring
Example: "Name"
roles[].​role.​updatedByobject(Reference)required

User who last updated the role.

roles[].​role.​updatedBy.​idstring(uuid)required
Example: "b93dc51f-12dd-46c7-b7d6-1cb12cd3f5b3"
roles[].​role.​updatedBy.​namestring
Example: "Name"
roles[].​scopeobject(Scope)required

The set of resources or the resource group that the role applies to.

roles[].​scope.​audiencesArray of objects(ScopeAudience)non-emptyrequired
roles[].​scope.​audiences[].​predicatesArray of objects(AudiencePredicate)non-emptyrequired
roles[].​scope.​audiences[].​predicates[].​typestringrequired
Default "PLATFORM"
Discriminator
roles[].​scope.​audiences[].​predicates[].​valuebooleanrequired
Default false
Example: false
paginationobject(OffsetBasedPaginationResponseParams)required

Pagination information for response.

pagination.​totalNumResultsinteger(int32)required

Total number of results.

Response
application/json
{
  "roles": [
    {}
  ],
  "pagination": {
    "totalNumResults": 0
  }
}

Update user roles

Request

This endpoint updates roles assigned to a user.

Security
Bearer
Path
userIdstring(uuid)required

Identifier of the user.

Example: 1234a66b-7493-4f41-908c-58ba81093947
Bodyapplication/jsonrequired
rolesToAddArray of objects(RoleRefWithScope)

List of roles to be assigned to a principal.

Default []
rolesToDeleteArray of strings(uuid)

List of roles to be removed for a principal.

Default []
curl -i -X PATCH \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/users/1234a66b-7493-4f41-908c-58ba81093947/roles \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "rolesToAdd": [],
    "rolesToDelete": []
  }'

Responses

OK

Response
No content

Get user permissions on specific entity.

Request

Returns user's permissions with actions on a specified entity.

Security
Bearer
Path
userIdstring(uuid)required

User ID

Example: f49d00fe-1eda-4304-ba79-a980f565281d
Bodyapplication/jsonrequired
entityIdstringrequired

Unique identifier of the entity.

Example: "4974a66b-7493-4f41-908c-58ba81093947"
entityTypestring(ScopeEntityType)required

Entity type enum.

Enum"PROFILE""LEGAL_ENTITY""COMPANY""PNR""TRIP""EVENT""TRIP_TEMPLATE""PLATFORM"
curl -i -X POST \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/users/f49d00fe-1eda-4304-ba79-a980f565281d/entity-permissions \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "entityId": "4974a66b-7493-4f41-908c-58ba81093947",
    "entityType": "LEGAL_ENTITY"
  }'

Responses

List of permissions user has on the entity.

Bodyapplication/json
permissionsArray of objects(PermissionWithActions)required

List of permissions user has on the entity.

permissions[].​permissionstring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Example: "USER_MANAGEMENT"
permissions[].​actionsArray of strings(PermissionAction)required

Actions allowed on the permission like read/write/delete.

Items Enum"ALL""CREATE""READ""WRITE""DELETE""PURGE"
Example: ["READ","WRITE"]
Response
application/json
{
  "permissions": [
    {}
  ]
}

Get RBAC info for a user

Request

Returns RBAC information for a user indicating what permissions the user has.

Security
Bearer
Path
userIdstring(uuid)required

Identifier of the user.

Example: 1234a66b-7493-4f41-908c-58ba81093947
curl -i -X GET \
  https://api-ext-sboxmeta.partners.spotnana.com/v3/users/1234a66b-7493-4f41-908c-58ba81093947/rbac-info \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

RBAC info for the user.

Bodyapplication/json
hasOthersTripAccessbooleanrequired

Flag indicating whether user has access to trips of other travelers.

Example: true
permissionsArray of objects(PermissionWithActions)required

List of permissions with their associated actions for the user.

permissions[].​permissionstring(PermissionName)required

Permission

Enum"PLATFORM_MANAGEMENT""TMC_MANAGEMENT""COMPANY_MANAGEMENT""USER_MANAGEMENT""USER_PROFILE""EVENT_MANAGEMENT""REPORT_MANAGEMENT""ACCESS_MANAGEMENT""TRIP_MANAGEMENT""AGENT"
Example: "USER_MANAGEMENT"
permissions[].​actionsArray of strings(PermissionAction)required

Actions allowed on the permission like read/write/delete.

Items Enum"ALL""CREATE""READ""WRITE""DELETE""PURGE"
Example: ["READ","WRITE"]
Response
application/json
{
  "hasOthersTripAccess": true,
  "permissions": [
    {}
  ]
}
Copyright © 2026 Spotnana Technology, Inc.