Delegated Grants

List delegated grants

client.Zones.DelegatedGrants.List(ctx, zoneID, query) (*ZoneDelegatedGrantListResponse, error)

GET/zones/{zoneId}/delegated-grants

Get delegated grant

client.Zones.DelegatedGrants.Get(ctx, id, query) (*Grant, error)

GET/zones/{zoneId}/delegated-grants/{id}

Update delegated grant

client.Zones.DelegatedGrants.Update(ctx, id, params) (*Grant, error)

PATCH/zones/{zoneId}/delegated-grants/{id}

Delete delegated grant

client.Zones.DelegatedGrants.Delete(ctx, id, body) error

DELETE/zones/{zoneId}/delegated-grants/{id}

ModelsExpand Collapse

type Grant struct{…}

User authorization for a resource to be accessed on their behalf. The grant links the user, resource, and the provider that issued the grant.

ID string

Unique identifier of the delegated grant

CreatedAt Time

Entity creation timestamp

formatdate-time

ExpiresAt Time

Date when grant expires

formatdate-time

OrganizationID string

Organization that owns this grant

ProviderID string

ID of the provider that issued this grant

RefreshTokenSet bool

Indicates whether a refresh token is stored for this grant. Grants with refresh tokens can be refreshed even after access token expiration.

ResourceID string

ID of resource receiving grant

Scopes []string

Granted OAuth scopes

Status GrantStatus

Accepts one of the following:

const GrantStatusActive GrantStatus = "active"

const GrantStatusExpired GrantStatus = "expired"

const GrantStatusRevoked GrantStatus = "revoked"

UpdatedAt Time

Entity update timestamp

formatdate-time

UserID string

Reference to the user granting permission

ZoneID string

Zone this grant belongs to

DeprecatedActive booloptional

Whether the grant is currently active (deprecated - use status instead)

DeprecatedProvider Provideroptional

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

ID string

Unique identifier of the provider

CreatedAt Time

Entity creation timestamp

formatdate-time

Identifier string

User specified identifier, unique within the zone

minLength1

maxLength2048

Name string

Human-readable name

minLength1

maxLength255

OrganizationID string

Organization that owns this provider

OwnerType ProviderOwnerType

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:

const ProviderOwnerTypePlatform ProviderOwnerType = "platform"

const ProviderOwnerTypeCustomer ProviderOwnerType = "customer"

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this provider belongs to

ClientID stringoptional

OAuth 2.0 client identifier

ClientSecretSet booloptional

Indicates whether a client secret is configured

Description stringoptional

Human-readable description

maxLength2048

Metadata anyoptional

Provider metadata

Protocols ProviderProtocolsoptional

Protocol-specific configuration

Oauth2 ProviderProtocolsOauth2optional

OAuth 2.0 protocol configuration

Issuer string

OIDC issuer URL used for discovery and token validation.

formaturi

AuthorizationEndpoint stringoptional

formaturi

AuthorizationParameters map[string, string]optional

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

AuthorizationResourceEnabled booloptional

Whether to include the resource parameter in authorization requests.

AuthorizationResourceParameter stringoptional

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

CodeChallengeMethodsSupported []stringoptional

JwksUri stringoptional

formaturi

RegistrationEndpoint stringoptional

formaturi

ScopeParameter stringoptional

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

ScopeSeparator stringoptional

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

ScopesSupported []stringoptional

TokenEndpoint stringoptional

formaturi

TokenResponseAccessTokenPointer stringoptional

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

Openid ProviderProtocolsOpenidoptional

OpenID Connect protocol configuration

UserinfoEndpoint stringoptional

formaturi

Type ProviderTypeoptional

Accepts one of the following:

const ProviderTypeExternal ProviderType = "external"

const ProviderTypeKeycardVault ProviderType = "keycard-vault"

const ProviderTypeKeycardSts ProviderType = "keycard-sts"

RefreshedAt Timeoptional

Timestamp when this grant's tokens were last refreshed. Omitted if grant was never refreshed.

formatdate-time

DeprecatedResource Resourceoptional

A Resource is a system that exposes protected information or functionality. It requires authentication of the requesting actor, which may be a user or application, before allowing access.

ID string

Unique identifier of the resource

ApplicationType ResourceApplicationType

The expected type of client for this credential. Native clients must use localhost URLs for redirect_uris or URIs with custom schemes. Web clients must use https URLs and must not use localhost as the hostname.

Accepts one of the following:

const ResourceApplicationTypeNative ResourceApplicationType = "native"

const ResourceApplicationTypeWeb ResourceApplicationType = "web"

CreatedAt Time

Entity creation timestamp

formatdate-time

Identifier string

User specified identifier, unique within the zone

minLength1

maxLength2048

Name string

Human-readable name

minLength1

maxLength255

OrganizationID string

Organization that owns this resource

OwnerType ResourceOwnerType

Who owns this resource. Platform-owned resources cannot be modified via API.

Accepts one of the following:

const ResourceOwnerTypePlatform ResourceOwnerType = "platform"

const ResourceOwnerTypeCustomer ResourceOwnerType = "customer"

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this resource belongs to

DeprecatedApplication Applicationoptional

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

ID string

Unique identifier of the application

CreatedAt Time

Entity creation timestamp

formatdate-time

DependenciesCount int64

Number of resource dependencies

Identifier string

User specified identifier, unique within the zone

minLength1

maxLength2048

Name string

Human-readable name

minLength1

maxLength255

OrganizationID string

Organization that owns this application

OwnerType ApplicationOwnerType

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:

const ApplicationOwnerTypePlatform ApplicationOwnerType = "platform"

const ApplicationOwnerTypeCustomer ApplicationOwnerType = "customer"

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this application belongs to

Description stringoptional

Human-readable description

maxLength2048

Metadata Metadataoptional

Entity metadata

DocsURL stringoptional

Documentation URL

formaturi

maxLength2048

Protocols ApplicationProtocolsoptional

Protocol-specific configuration

Oauth2 ApplicationProtocolsOauth2optional

OAuth 2.0 protocol configuration

PostLogoutRedirectUris []stringoptional

OAuth 2.0 post-logout redirect URIs for this application

RedirectUris []stringoptional

OAuth 2.0 redirect URIs for this application

ApplicationID stringoptional

ID of the application that provides this resource

DeprecatedCredentialProvider Provideroptional

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

ID string

Unique identifier of the provider

CreatedAt Time

Entity creation timestamp

formatdate-time

Identifier string

User specified identifier, unique within the zone

minLength1

maxLength2048

Name string

Human-readable name

minLength1

maxLength255

OrganizationID string

Organization that owns this provider

OwnerType ProviderOwnerType

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:

const ProviderOwnerTypePlatform ProviderOwnerType = "platform"

const ProviderOwnerTypeCustomer ProviderOwnerType = "customer"

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this provider belongs to

ClientID stringoptional

OAuth 2.0 client identifier

ClientSecretSet booloptional

Indicates whether a client secret is configured

Description stringoptional

Human-readable description

maxLength2048

Metadata anyoptional

Provider metadata

Protocols ProviderProtocolsoptional

Protocol-specific configuration

Oauth2 ProviderProtocolsOauth2optional

OAuth 2.0 protocol configuration

Issuer string

OIDC issuer URL used for discovery and token validation.

formaturi

AuthorizationEndpoint stringoptional

formaturi

AuthorizationParameters map[string, string]optional

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

AuthorizationResourceEnabled booloptional

Whether to include the resource parameter in authorization requests.

AuthorizationResourceParameter stringoptional

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

CodeChallengeMethodsSupported []stringoptional

JwksUri stringoptional

formaturi

RegistrationEndpoint stringoptional

formaturi

ScopeParameter stringoptional

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

ScopeSeparator stringoptional

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

ScopesSupported []stringoptional

TokenEndpoint stringoptional

formaturi

TokenResponseAccessTokenPointer stringoptional

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

Openid ProviderProtocolsOpenidoptional

OpenID Connect protocol configuration

UserinfoEndpoint stringoptional

formaturi

Type ProviderTypeoptional

Accepts one of the following:

const ProviderTypeExternal ProviderType = "external"

const ProviderTypeKeycardVault ProviderType = "keycard-vault"

const ProviderTypeKeycardSts ProviderType = "keycard-sts"

CredentialProviderID stringoptional

ID of the credential provider for this resource

Description stringoptional

Human-readable description

maxLength2048

Metadata Metadataoptional

Entity metadata

DocsURL stringoptional

Documentation URL

formaturi

maxLength2048

Scopes []stringoptional

Scopes supported by the resource

WhenAccessing []stringoptional

List of resource IDs that, when accessed, make this dependency available. Only present when this resource is returned as a dependency.

DeprecatedUser Useroptional

An authenticated user entity

ID string

Unique identifier of the user

CreatedAt Time

Entity creation timestamp

formatdate-time

Email string

Email address of the user

formatemail

EmailVerified bool

Whether the email address has been verified

OrganizationID string

Organization that owns this user

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this user belongs to

AuthenticatedAt stringoptional

Date when the user was last authenticated

Issuer stringoptional

Issuer identifier of the identity provider

ProviderID stringoptional

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

Subject stringoptional

Subject identifier from the identity provider