openapi: 3.1.0 info: title: Approvals API description: REST API for approvals in the platform contact: name: ILM url: https://www.otilm.com email: info@otilm.com license: name: MIT License url: https://github.com/CZERTAINLY/CZERTAINLY/blob/develop/LICENSE.md version: 2.17.0 x-logo: url: images/ilm-logo.svg externalDocs: description: ILM Documentation url: https://docs.otilm.com servers: - url: https://demo.czertainly.online/api description: CZERTAINLY Demo server tags: - name: Approval profile Inventory description: Approval profile Inventory API - name: Approval Inventory description: Approval Inventory API paths: /v1/approvalProfiles/{uuid}: get: tags: - Approval profile Inventory summary: Get Approval Profile Details operationId: getApprovalProfile parameters: - name: uuid in: path description: Approval profile UUID required: true schema: type: string - name: version in: query required: false schema: type: integer format: int32 responses: "200": description: Approval profile retrieved content: application/json: schema: $ref: "#/components/schemas/ApprovalProfileDetailDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] put: tags: - Approval profile Inventory summary: Edit an Approval profile operationId: editApprovalProfile parameters: - name: uuid in: path description: Approval profile UUID required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/ApprovalProfileUpdateRequestDto" required: true responses: "200": description: Approval profile updated content: application/json: schema: $ref: "#/components/schemas/UuidDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "422": description: Unprocessable Entity content: application/json: schema: type: array items: type: string example: - Error Message 1 - Error Message 2 "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] delete: tags: - Approval profile Inventory summary: Delete an approval profile operationId: deleteApprovalProfile parameters: - name: uuid in: path description: Approval profile UUID required: true schema: type: string responses: "204": description: Approval profile deleted "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "422": description: Unprocessable Entity content: application/json: schema: type: array items: type: string example: - Error Message 1 - Error Message 2 "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvalProfiles: get: tags: - Approval profile Inventory summary: List Approval Profiles operationId: listApprovalProfiles parameters: - name: itemsPerPage in: query description: Number of entries per page required: false schema: type: integer format: int32 default: 10 description: Number of entries per page maximum: 1000 - name: pageNumber in: query description: Page number for the request required: false schema: type: integer format: int32 default: 1 description: Page number for the request responses: "200": description: List of all the approval profiles content: application/json: schema: $ref: "#/components/schemas/ApprovalProfileResponseDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] post: tags: - Approval profile Inventory summary: Create a Approval profile operationId: createApprovalProfile requestBody: content: application/json: schema: $ref: "#/components/schemas/ApprovalProfileRequestDto" required: true responses: "200": description: New Approval profile created content: application/json: schema: $ref: "#/components/schemas/UuidDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "422": description: Unprocessable Entity content: application/json: schema: type: array items: type: string example: - Error Message 1 - Error Message 2 "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvals/{uuid}/reject: patch: tags: - Approval Inventory summary: Rejecting of the Approval operationId: rejectApproval parameters: - name: uuid in: path description: Approval UUID required: true schema: type: string responses: "204": description: Approval rejected "404": description: Approval not found content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "400": description: Bad Request content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: '*/*': schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvals/{uuid}/rejectRecipient: patch: tags: - Approval Inventory summary: Rejecting of Recipient of the Approval operationId: rejectApprovalRecipient parameters: - name: uuid in: path description: Approval UUID required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/UserApprovalDto" required: true responses: "204": description: Approval Recipient rejected "404": description: Approval not found content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "400": description: Bad Request content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: '*/*': schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvals/{uuid}/approve: patch: tags: - Approval Inventory summary: Approving of the Approval operationId: approveApproval parameters: - name: uuid in: path description: Approval UUID required: true schema: type: string responses: "204": description: Approval approved "404": description: Approval not found content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "400": description: Bad Request content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: '*/*': schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvals/{uuid}/approveRecipient: patch: tags: - Approval Inventory summary: Approving of Recipient of the Approval operationId: approveApprovalRecipient parameters: - name: uuid in: path description: Approval UUID required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/UserApprovalDto" required: true responses: "204": description: Approval Recipient approved "404": description: Approval not found content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "400": description: Bad Request content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: '*/*': schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvalProfiles/{uuid}/associations/{resource}/{associationObjectUuid}: delete: tags: - Approval profile Inventory summary: Disassociate Approval Profile from specified resource object operationId: disassociateApprovalProfile parameters: - name: uuid in: path description: Approval Profile UUID required: true schema: type: string format: uuid - name: resource in: path description: Resource required: true schema: $ref: "#/components/schemas/Resource" example: raProfiles - name: associationObjectUuid in: path description: Association object UUID required: true schema: type: string format: uuid responses: "204": description: Resource object disassociation successful "400": description: Bad Request content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: '*/*': schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error "404": description: Not Found content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] patch: tags: - Approval profile Inventory summary: Associate Approval Profile to specified resource object operationId: associateApprovalProfile parameters: - name: uuid in: path description: Approval Profile UUID required: true schema: type: string format: uuid - name: resource in: path description: Resource required: true schema: $ref: "#/components/schemas/Resource" example: raProfiles - name: associationObjectUuid in: path description: Association object UUID required: true schema: type: string format: uuid responses: "204": description: Resource object association successful "422": description: Unprocessable Entity content: '*/*': schema: type: array items: type: string example: - Error Message 1 - Error Message 2 "400": description: Bad Request content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: '*/*': schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error "404": description: Not Found content: '*/*': schema: $ref: "#/components/schemas/ErrorMessageDto" security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvals: get: tags: - Approval Inventory summary: List of Approvals operationId: listApprovals parameters: - name: itemsPerPage in: query description: Number of entries per page required: false schema: type: integer format: int32 default: 10 description: Number of entries per page maximum: 1000 - name: pageNumber in: query description: Page number for the request required: false schema: type: integer format: int32 default: 1 description: Page number for the request responses: "200": description: List of all approvals content: application/json: schema: $ref: "#/components/schemas/ApprovalResponseDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvals/{uuid}: get: tags: - Approval Inventory summary: Get Approval Detail operationId: getApproval parameters: - name: uuid in: path description: Approval UUID required: true schema: type: string responses: "200": description: Approval detail retrieved content: application/json: schema: $ref: "#/components/schemas/ApprovalDetailDto" "404": description: Approval not found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvals/user: get: tags: - Approval Inventory summary: List of User's Approvals operationId: listUserApprovals parameters: - name: itemsPerPage in: query description: Number of entries per page required: false schema: type: integer format: int32 default: 10 description: Number of entries per page maximum: 1000 - name: pageNumber in: query description: Page number for the request required: false schema: type: integer format: int32 default: 1 description: Page number for the request - name: history in: query required: false schema: type: boolean responses: "200": description: List of all approvals content: application/json: schema: $ref: "#/components/schemas/ApprovalResponseDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvalProfiles/{uuid}/associations: get: tags: - Approval profile Inventory summary: Get associations of Approval Profile operationId: getAssociations parameters: - name: uuid in: path description: Approval Profile UUID required: true schema: type: string format: uuid responses: "200": description: Associated resource objects retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/ResourceObjectDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] /v1/approvalProfiles/associations/{resource}/{associationObjectUuid}: get: tags: - Approval profile Inventory summary: Get associated Approval Profiles for resource object operationId: getAssociatedApprovalProfiles parameters: - name: resource in: path description: Resource required: true schema: $ref: "#/components/schemas/Resource" example: raProfiles - name: associationObjectUuid in: path description: Association object UUID required: true schema: type: string format: uuid responses: "200": description: Associated Approval Profiles retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/ApprovalProfileDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "500": description: Internal Server Error "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" security: - BearerJWTAuth: [] - CertificateAuth: [] - SessionAuth: [] components: schemas: ApprovalProfileUpdateRequestDto: type: object properties: description: type: string description: Description of the Approval profile examples: - Detail description of the approval profile expiry: type: integer format: int32 description: Expiration of the Approval profile in hours example: 24 approvalSteps: type: array description: List of Approval steps for the Approval profile items: $ref: "#/components/schemas/ApprovalStepRequestDto" required: - approvalSteps ApprovalStepRequestDto: type: object properties: userUuid: type: string format: uuid description: UUID of the responsible user to approve action in approval step roleUuid: type: string format: uuid description: UUID of the responsible role of the users to approve action in approval step groupUuid: type: string format: uuid description: UUID of the responsible group of the users to approve action in approval step description: type: string description: Description of the approval step order: type: integer format: int32 description: Order of the position in the approval steps flow requiredApprovals: type: integer format: int32 description: "Count of the required approvals for the approval step, by\ \ default there is 1 approval needed." required: - order UuidDto: type: object properties: uuid: type: string description: Object identifier required: - uuid ErrorMessageDto: type: object properties: message: type: string description: Error message detail examples: - Error message required: - message AuthenticationServiceExceptionDto: type: object properties: statusCode: type: integer format: int32 description: Status code of the HTTP Request code: type: string description: Code of the result message: type: string description: Exception message required: - code - message - statusCode ApprovalProfileRequestDto: type: object properties: name: type: string description: Name of the Approval profile examples: - ApprovalProfile1 description: type: string description: Description of the Approval profile examples: - Detail description of the approval profile enabled: type: boolean description: Enable of the Approval profile example: true expiry: type: integer format: int32 description: Expiration of the Approval profile in hours example: 24 approvalSteps: type: array description: List of Approval steps for the Approval profile items: $ref: "#/components/schemas/ApprovalStepRequestDto" required: - approvalSteps - enabled - name UserApprovalDto: type: object properties: comment: type: string Resource: type: string enum: - NONE - ANY - dashboard - settings - auditLogs - credentials - connectors - attributes - jobs - users - roles - acmeAccounts - acmeProfiles - cboms - scepProfiles - cmpProfiles - authorities - raProfiles - certificates - certificateRequests - groups - complianceProfiles - discoveries - oids - entities - locations - tokenProfiles - tokens - keys - approvalProfiles - approvals - notificationProfiles - notificationInstances - rules - actions - triggers - resources - resourceEvents - searchFilters - keyItems - platformEnums - notifications - conditions - executions - complianceRules - complianceGroups - customAttributes - globalMetadata - acmeOrders - acmeAuthorizations - acmeChallenges - cmpTransactions - endEntityProfiles - authenticationProviders - vaults - vaultProfiles - secrets ApprovalDto: type: object properties: approvalUuid: type: string description: UUID of the Approval creatorUuid: type: string description: UUID of the user that requested approval creatorUsername: type: string description: Username of the user that requested approval version: type: integer format: int32 description: Version of the Approval profile createdAt: type: string format: date-time description: Creation date of the Approval expiryAt: type: string format: date-time description: Expiry date of the Approval closedAt: type: string format: date-time description: Date of resolution of the Approval status: type: string description: Status of the Approval enum: - PENDING - APPROVED - REJECTED - EXPIRED resource: $ref: "#/components/schemas/Resource" description: Resource of the Approval resourceAction: type: string description: Resource action of the Approval objectUuid: type: string description: UUID of the target object of the Approval approvalProfileName: type: string description: Name of the Approval profile approvalProfileUuid: type: string description: UUID of the Approval profile required: - approvalProfileName - approvalProfileUuid - approvalUuid - createdAt - creatorUuid - expiryAt - objectUuid - resource - resourceAction - status - version ApprovalResponseDto: type: object properties: itemsPerPage: type: integer format: int32 description: Number of entries per page pageNumber: type: integer format: int32 description: Page number for the request totalPages: type: integer format: int32 description: Number of pages available totalItems: type: integer format: int64 description: Number of items available approvals: type: array description: List of the Approvals items: $ref: "#/components/schemas/ApprovalDto" required: - approvals - itemsPerPage - pageNumber - totalItems - totalPages ApprovalDetailDto: type: object properties: approvalUuid: type: string description: UUID of the Approval creatorUuid: type: string description: UUID of the user that requested approval creatorUsername: type: string description: Username of the user that requested approval version: type: integer format: int32 description: Version of the Approval profile createdAt: type: string format: date-time description: Creation date of the Approval expiryAt: type: string format: date-time description: Expiry date of the Approval closedAt: type: string format: date-time description: Date of resolution of the Approval status: type: string description: Status of the Approval enum: - PENDING - APPROVED - REJECTED - EXPIRED resource: $ref: "#/components/schemas/Resource" description: Resource of the Approval resourceAction: type: string description: Resource action of the Approval objectUuid: type: string description: UUID of the target object of the Approval approvalProfileName: type: string description: Name of the Approval profile approvalProfileUuid: type: string description: UUID of the Approval profile expiry: type: integer format: int32 description: Expiration in hours description: type: string description: Description of the Approval approvalSteps: type: array description: List of Approval steps related to this Approval items: $ref: "#/components/schemas/ApprovalDetailStepDto" required: - approvalProfileName - approvalProfileUuid - approvalSteps - approvalUuid - createdAt - creatorUuid - expiry - expiryAt - objectUuid - resource - resourceAction - status - version ApprovalDetailStepDto: type: object properties: userUuid: type: string format: uuid description: UUID of the responsible user to approve action in approval step roleUuid: type: string format: uuid description: UUID of the responsible role of the users to approve action in approval step groupUuid: type: string format: uuid description: UUID of the responsible group of the users to approve action in approval step description: type: string description: Description of the approval step order: type: integer format: int32 description: Order of the position in the approval steps flow requiredApprovals: type: integer format: int32 description: "Count of the required approvals for the approval step, by\ \ default there is 1 approval needed." uuid: type: string format: uuid description: UUID of the Approval step username: type: string description: Username of the responsible user to approve action in approval step roleName: type: string description: Name of the responsible role of the users to approve action in approval step groupName: type: string description: Name of the responsible group of the users to approve action in approval step approvalStepRecipients: type: array description: List of the approval recipient related for this step items: $ref: "#/components/schemas/ApprovalStepRecipientDto" required: - approvalStepRecipients - order - uuid ApprovalStepRecipientDto: type: object properties: approvalRecipientUuid: type: string description: UUID of the approval recipient userUuid: type: string description: UUID of the recipient user username: type: string description: Username of the recipient createdAt: type: string format: date-time description: Creating date of the approval recipient closedAt: type: string format: date-time description: Resolution date of the approval recipient status: type: string description: Status of the approval recipient enum: - PENDING - APPROVED - REJECTED - EXPIRED comment: type: string description: Comment of the approval recipient required: - approvalRecipientUuid - createdAt - status ApprovalProfileDto: type: object properties: uuid: type: string description: UUID of the Approval profile name: type: string description: Name of the Approval profile examples: - ApprovalProfile1 version: type: integer format: int32 description: Version of the Approval profile example: 1 description: type: string description: Description of the Approval profile examples: - Detail description of the approval profile expiry: type: integer format: int32 description: Expiration of the Approval profile in hours example: 24 numberOfSteps: type: integer format: int32 description: Number of the Approval profile steps example: 2 associations: type: integer format: int32 description: Number of associated objects required: - associations - name - numberOfSteps - uuid - version ApprovalProfileResponseDto: type: object properties: itemsPerPage: type: integer format: int32 description: Number of entries per page pageNumber: type: integer format: int32 description: Page number for the request totalPages: type: integer format: int32 description: Number of pages available totalItems: type: integer format: int64 description: Number of items available approvalProfiles: type: array items: $ref: "#/components/schemas/ApprovalProfileDto" required: - itemsPerPage - pageNumber - totalItems - totalPages ApprovalProfileDetailDto: type: object properties: uuid: type: string description: UUID of the Approval profile name: type: string description: Name of the Approval profile examples: - ApprovalProfile1 version: type: integer format: int32 description: Version of the Approval profile example: 1 description: type: string description: Description of the Approval profile examples: - Detail description of the approval profile expiry: type: integer format: int32 description: Expiration of the Approval profile in hours example: 24 numberOfSteps: type: integer format: int32 description: Number of the Approval profile steps example: 2 associations: type: integer format: int32 description: Number of associated objects approvalSteps: type: array description: List of Approval steps for the Approval profile items: $ref: "#/components/schemas/ApprovalStepDto" required: - approvalSteps - associations - name - numberOfSteps - uuid - version ApprovalStepDto: type: object properties: userUuid: type: string format: uuid description: UUID of the responsible user to approve action in approval step roleUuid: type: string format: uuid description: UUID of the responsible role of the users to approve action in approval step groupUuid: type: string format: uuid description: UUID of the responsible group of the users to approve action in approval step description: type: string description: Description of the approval step order: type: integer format: int32 description: Order of the position in the approval steps flow requiredApprovals: type: integer format: int32 description: "Count of the required approvals for the approval step, by\ \ default there is 1 approval needed." uuid: type: string format: uuid description: UUID of the Approval step username: type: string description: Username of the responsible user to approve action in approval step roleName: type: string description: Name of the responsible role of the users to approve action in approval step groupName: type: string description: Name of the responsible group of the users to approve action in approval step required: - order - uuid ResourceObjectDto: type: object properties: resource: $ref: "#/components/schemas/Resource" description: Resource of object examples: - certificates objectUuid: type: string format: uuid description: Object UUID examples: - 2dcc528b-9e16-46c6-877e-74eae258173f name: type: string description: Object Name examples: - Name required: - name - objectUuid - resource securitySchemes: SessionAuth: type: apiKey description: Session-based authentication with session ID stored in 'czertainly-session' cookie name: czertainly-session in: cookie CertificateAuth: type: apiKey description: Base64 encoded X.509 certificate passed in header name: ssl-client-cert in: header BearerJWTAuth: type: http scheme: Bearer bearerFormat: JWT