Skip to content
Docs

Zones

API Reference

Zones

List zones
client.zones.list(ZoneListParams { after, before, cursor, 4 more } query?, RequestOptionsoptions?): ZoneListResponse { items, page_info, pagination }
GET/zones
Create zone
client.zones.create(ZoneCreateParams { name, default_mcp_gateway_application, description, 4 more } body, RequestOptionsoptions?): Zone { id, created_at, name, 12 more }
POST/zones
Get zone
client.zones.retrieve(stringzoneID, ZoneRetrieveParams { expand } query?, RequestOptionsoptions?): Zone { id, created_at, name, 12 more }
GET/zones/{zoneId}
Update zone
client.zones.update(stringzoneID, ZoneUpdateParams { default_mcp_gateway_application_id, default_resource_id, description, 5 more } body?, RequestOptionsoptions?): Zone { id, created_at, name, 12 more }
PATCH/zones/{zoneId}
Delete zone
client.zones.delete(stringzoneID, RequestOptionsoptions?): void
DELETE/zones/{zoneId}
ModelsExpand Collapse
EncryptionKeyAwsKmsConfig { arn, type }

AWS KMS configuration for zone encryption. When not specified, the default Keycard Cloud encryption key will be used.

arn: string

AWS KMS Key ARN for encrypting the zone's data

minLength1
type: "aws"
PageInfoPagination { has_next_page, has_previous_page, end_cursor, start_cursor }

Pagination information

has_next_page: boolean

Whether there are more items after the current page

has_previous_page: boolean

Whether there are items before the current page

end_cursor?: string | null

Cursor pointing to the last item in the current page

start_cursor?: string | null

Cursor pointing to the first item in the current page

Zone { id, created_at, name, 12 more }

A zone for organizing resources within an organization

id: string

Unique identifier of the zone

created_at: string

Entity creation timestamp

formatdate-time
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this zone

owner_type: "platform" | "customer"

Who owns this zone. Platform-owned zones cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
protocols: Protocols { oauth2, openid }

Protocol configuration for a zone

oauth2: Oauth2 { authorization_endpoint, authorization_server_metadata, cimd, 7 more }

OAuth 2.0 protocol configuration for a zone

authorization_endpoint: string

OAuth 2.0 authorization endpoint

formaturi
authorization_server_metadata: string

OAuth 2.0 Authorization Server Metadata endpoint (.well-known/oauth-authorization-server)

formaturi
cimd: Cimd { allowed_client_ids, enabled }

Client ID Metadata Document auto-provisioning configuration

allowed_client_ids: Array<string>

Allowlist for CIMD client_id URLs. Each entry is an exact URL, a wildcard origin with a single * replacing one subdomain label (e.g. https://*.example.com matches https://app.example.com but not https://a.b.example.com), or the literal * to allow any client. Only one * is permitted per entry.

enabled: boolean

Whether CIMD auto-provisioning is enabled for unregistered URL-based clients

dcr_enabled: boolean

Whether Dynamic Client Registration is enabled

issuer: string

OAuth 2.0 issuer identifier

formaturi
jwks_uri: string

JSON Web Key Set endpoint

formaturi
pkce_required: boolean

Whether PKCE is required for authorization code flows

redirect_uri: string

OAuth 2.0 redirect URI for this zone

formaturi
registration_endpoint: string

OAuth 2.0 Dynamic Client Registration endpoint

formaturi
token_endpoint: string

OAuth 2.0 token endpoint

formaturi
openid: Openid { provider_configuration, userinfo_endpoint }

OpenID Connect protocol configuration for a zone

provider_configuration: string

OpenID Connect Provider Configuration endpoint (.well-known/openid-configuration)

formaturi
userinfo_endpoint: string

OpenID Connect UserInfo endpoint

formaturi
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
default_mcp_gateway_application_id?: string

Application ID configured as the default MCP Gateway for the zone

default_resource_id?: string

Resource ID configured as the default resource for the zone

description?: string | null

Human-readable description

maxLength2048
encryption_key?: EncryptionKeyAwsKmsConfig { arn, type }

AWS KMS configuration for zone encryption. When not specified, the default Keycard Cloud encryption key will be used.

arn: string

AWS KMS Key ARN for encrypting the zone's data

minLength1
type: "aws"
permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal. Only populated when expand[]=permissions query parameter is provided. Keys are resource types, values are objects mapping action names to boolean values.

requires_invitation?: boolean

Whether the zone requires an invitation for email/password registration, only applies when user_identity_provider_id is not set

user_identity_provider_id?: string

Provider ID configured for user login

ZonesApplications

List applications
client.zones.applications.list(stringzoneID, ApplicationListParams { after, before, expand, 12 more } query?, RequestOptionsoptions?): ApplicationListResponse { items, page_info, pagination }
GET/zones/{zoneId}/applications
Create application
client.zones.applications.create(stringzoneID, ApplicationCreateParams { identifier, name, consent, 4 more } body, RequestOptionsoptions?): Application { id, consent, created_at, 11 more }
POST/zones/{zoneId}/applications
Get application
client.zones.applications.retrieve(stringid, ApplicationRetrieveParams { zoneId } params, RequestOptionsoptions?): Application { id, consent, created_at, 11 more }
GET/zones/{zoneId}/applications/{id}
Update application
client.zones.applications.update(stringid, ApplicationUpdateParams { zoneId, consent, description, 4 more } params, RequestOptionsoptions?): Application { id, consent, created_at, 11 more }
PATCH/zones/{zoneId}/applications/{id}
Delete application
client.zones.applications.delete(stringid, ApplicationDeleteParams { zoneId } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/applications/{id}
List application credentials
client.zones.applications.listCredentials(stringid, ApplicationListCredentialsParams { zoneId, after, before, 3 more } params, RequestOptionsoptions?): ApplicationListCredentialsResponse { items, page_info, pagination }
GET/zones/{zoneId}/applications/{id}/application-credentials
List application resources
client.zones.applications.listResources(stringid, ApplicationListResourcesParams { zoneId, after, before, 3 more } params, RequestOptionsoptions?): ApplicationListResourcesResponse { items, page_info, pagination }
GET/zones/{zoneId}/applications/{id}/resources
ModelsExpand Collapse
Application { id, consent, created_at, 11 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

Accepts one of the following:
created_at: string

Entity creation timestamp

formatdate-time
dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this application

owner_type: "platform" | "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this application belongs to

description?: string | null

Human-readable description

maxLength2048
metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

post_logout_redirect_uris?: Array<string> | null

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris?: Array<string> | null

OAuth 2.0 redirect URIs for this application

ApplicationTrait = "gateway" | "mcp-provider"

Traits ascribe behaviors and characteristics to an application, which may activate trait-specific user experiences, workflows, or other system behaviors

Accepts one of the following:
"gateway"
"mcp-provider"
Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
MetadataUpdate { docs_url }

Entity metadata (set to null or {} to remove metadata)

docs_url?: string | null

Documentation URL (set to null to unset)

formaturi
maxLength2048

ZonesApplicationsDependencies

List application dependencies
client.zones.applications.dependencies.list(stringid, DependencyListParams { zoneId, after, before, 4 more } params, RequestOptionsoptions?): DependencyListResponse { items, page_info, pagination }
GET/zones/{zoneId}/applications/{id}/dependencies
Add application dependency
client.zones.applications.dependencies.add(stringdependencyID, DependencyAddParams { zoneId, id, when_accessing } params, RequestOptionsoptions?): void
PUT/zones/{zoneId}/applications/{id}/dependencies/{dependencyId}
Remove application dependency
client.zones.applications.dependencies.remove(stringdependencyID, DependencyRemoveParams { zoneId, id } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/applications/{id}/dependencies/{dependencyId}
Get application dependency
client.zones.applications.dependencies.retrieve(stringdependencyID, DependencyRetrieveParams { zoneId, id } params, RequestOptionsoptions?): Resource { id, application_type, created_at, 17 more }
GET/zones/{zoneId}/applications/{id}/dependencies/{dependencyId}
ModelsExpand Collapse
Resource { id, application_type, created_at, 17 more }

A Resource is a system that exposes protected information or functionality. It requires authentication of the requesting actor, which may be a user or application, before allowing access.

id: string

Unique identifier of the resource

application_type: "native" | "web"

The expected type of client for this credential. Native clients must use localhost URLs for redirect_uris or URIs with custom schemes. Web clients must use https URLs and must not use localhost as the hostname.

Accepts one of the following:
"native"
"web"
created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this resource

owner_type: "platform" | "customer"

Who owns this resource. Platform-owned resources cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
prefix: boolean

When true, the resource identifier is treated as a URI prefix, protecting all URLs that share the identifier as a prefix at path/query/fragment boundaries. Protocol and hostname must match exactly. When multiple prefix resources satisfy an identifier query, the resource with the longest prefix is matched.

slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this resource belongs to

Deprecatedapplication?: Application { id, consent, created_at, 11 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

Accepts one of the following:
created_at: string

Entity creation timestamp

formatdate-time
dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this application

owner_type: "platform" | "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this application belongs to

description?: string | null

Human-readable description

maxLength2048
metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

post_logout_redirect_uris?: Array<string> | null

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris?: Array<string> | null

OAuth 2.0 redirect URIs for this application

application_id?: string

ID of the application that provides this resource

credential_lifetime_seconds?: number | null

Credential lifetime override in seconds. When set, overrides the default credential lifetime for this resource. When absent, the default from the provider or zone is used.

minimum60
maximum86400
Deprecatedcredential_provider?: Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" | "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048
metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

scopes?: Array<string> | null

Additional OIDC scopes to request from this provider during authentication (e.g. "groups"). Merged with the default scopes (openid, profile, email).

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint?: string | null
formaturi
type?: "external" | "keycard-vault" | "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"
credential_provider_id?: string

ID of the credential provider for this resource

description?: string | null

Human-readable description

maxLength2048
metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
scopes?: Array<string> | null

Scopes supported by the resource

when_accessing?: Array<string>

List of resource IDs that, when accessed, make this dependency available. Only present when this resource is returned as a dependency.

ZonesApplication Credentials

List application credentials
client.zones.applicationCredentials.list(stringzoneID, ApplicationCredentialListParams { after, applicationId, before, 4 more } query?, RequestOptionsoptions?): ApplicationCredentialListResponse { items, page_info, pagination }
GET/zones/{zoneId}/application-credentials
Create application credential
client.zones.applicationCredentials.create(stringzoneID, ApplicationCredentialCreateParamsbody, RequestOptionsoptions?): ApplicationCredentialCreateResponse
POST/zones/{zoneId}/application-credentials
Get application credential
client.zones.applicationCredentials.retrieve(stringid, ApplicationCredentialRetrieveParams { zoneId } params, RequestOptionsoptions?): Credential
GET/zones/{zoneId}/application-credentials/{id}
Update application credential
client.zones.applicationCredentials.update(stringid, ApplicationCredentialUpdateParamsparams, RequestOptionsoptions?): Credential
PATCH/zones/{zoneId}/application-credentials/{id}
Delete application credential
client.zones.applicationCredentials.delete(stringid, ApplicationCredentialDeleteParams { zoneId } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/application-credentials/{id}
ModelsExpand Collapse
BaseFields { id, application_id, created_at, 5 more }

Common fields shared by all application credential types

id: string

Unique identifier of the credential

application_id: string

ID of the application this credential belongs to

created_at: string

Entity creation timestamp

formatdate-time
organization_id: string

Organization that owns this credential

slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this credential belongs to

Deprecatedapplication?: Application { id, consent, created_at, 11 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

Accepts one of the following:
created_at: string

Entity creation timestamp

formatdate-time
dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this application

owner_type: "platform" | "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this application belongs to

description?: string | null

Human-readable description

maxLength2048
metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

post_logout_redirect_uris?: Array<string> | null

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris?: Array<string> | null

OAuth 2.0 redirect URIs for this application

Credential = Token { identifier, provider_id, type, 2 more } | Password { identifier, type, password } | PublicKey { identifier, jwks_uri, type } | 2 more

Credentials for accessing external services from applications

Accepts one of the following:
Token extends BaseFields { id, application_id, created_at, 5 more } { identifier, provider_id, type, 2 more }

Token-based application credential

identifier: string

Identifier for this credential. For token type, this equals the subject value, or '*' when subject is not specified.

provider_id: string

ID of the provider issuing tokens verified by this credential

type: "token"
Deprecatedprovider?: Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" | "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048
metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

scopes?: Array<string> | null

Additional OIDC scopes to request from this provider during authentication (e.g. "groups"). Merged with the default scopes (openid, profile, email).

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint?: string | null
formaturi
type?: "external" | "keycard-vault" | "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"
subject?: string | null

Subject identifier for the token. When null or omitted, any token from the provider is accepted without checking application-specific claims.

Password extends BaseFields { id, application_id, created_at, 5 more } { identifier, type, password }

Password-based application credential

identifier: string

Username for password credential, also used as OAuth 2.0 client ID

type: "password"
password?: string

Password for credential (only returned on creation, store securely), also used as OAuth 2.0 client secret

PublicKey extends BaseFields { id, application_id, created_at, 5 more } { identifier, jwks_uri, type }

Public key-based application credential

identifier: string

Client ID for public key credential, also used as OAuth 2.0 client ID

jwks_uri: string

JWKS URI to retrieve public keys from

formaturi
type: "public-key"
URL extends BaseFields { id, application_id, created_at, 5 more } { identifier, type }

URL-based application credential

identifier: string

URL of the credential (must be a valid URL)

formaturi
type: "url"
Public extends BaseFields { id, application_id, created_at, 5 more } { identifier, type }

Public credential (no secret storage)

identifier: string

Identifier for public credential, also used as OAuth 2.0 client ID

type: "public"
Password extends BaseFields { id, application_id, created_at, 5 more } { identifier, type, password }

Password-based application credential

identifier: string

Username for password credential, also used as OAuth 2.0 client ID

type: "password"
password?: string

Password for credential (only returned on creation, store securely), also used as OAuth 2.0 client secret

Public extends BaseFields { id, application_id, created_at, 5 more } { identifier, type }

Public credential (no secret storage)

identifier: string

Identifier for public credential, also used as OAuth 2.0 client ID

type: "public"
PublicKey extends BaseFields { id, application_id, created_at, 5 more } { identifier, jwks_uri, type }

Public key-based application credential

identifier: string

Client ID for public key credential, also used as OAuth 2.0 client ID

jwks_uri: string

JWKS URI to retrieve public keys from

formaturi
type: "public-key"
Token extends BaseFields { id, application_id, created_at, 5 more } { identifier, provider_id, type, 2 more }

Token-based application credential

identifier: string

Identifier for this credential. For token type, this equals the subject value, or '*' when subject is not specified.

provider_id: string

ID of the provider issuing tokens verified by this credential

type: "token"
Deprecatedprovider?: Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" | "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048
metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

scopes?: Array<string> | null

Additional OIDC scopes to request from this provider during authentication (e.g. "groups"). Merged with the default scopes (openid, profile, email).

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint?: string | null
formaturi
type?: "external" | "keycard-vault" | "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"
subject?: string | null

Subject identifier for the token. When null or omitted, any token from the provider is accepted without checking application-specific claims.

URL extends BaseFields { id, application_id, created_at, 5 more } { identifier, type }

URL-based application credential

identifier: string

URL of the credential (must be a valid URL)

formaturi
type: "url"

ZonesDelegated Grants

List delegated grants
client.zones.delegatedGrants.list(stringzoneID, DelegatedGrantListParams { active, after, before, 6 more } query?, RequestOptionsoptions?): DelegatedGrantListResponse { items, pagination }
GET/zones/{zoneId}/delegated-grants
Get delegated grant
client.zones.delegatedGrants.retrieve(stringid, DelegatedGrantRetrieveParams { zoneId } params, RequestOptionsoptions?): Grant { id, created_at, expires_at, 14 more }
GET/zones/{zoneId}/delegated-grants/{id}
Update delegated grant
client.zones.delegatedGrants.update(stringid, DelegatedGrantUpdateParams { zoneId, status } params, RequestOptionsoptions?): Grant { id, created_at, expires_at, 14 more }
PATCH/zones/{zoneId}/delegated-grants/{id}
Delete delegated grant
client.zones.delegatedGrants.delete(stringid, DelegatedGrantDeleteParams { zoneId } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/delegated-grants/{id}
ModelsExpand Collapse
Grant { id, created_at, expires_at, 14 more }

User authorization for a resource to be accessed on their behalf. The grant links the user, resource, and the provider that issued the grant.

id: string

Unique identifier of the delegated grant

created_at: string

Entity creation timestamp

formatdate-time
expires_at: string

Date when grant expires

formatdate-time
organization_id: string

Organization that owns this grant

provider_id: string

ID of the provider that issued this grant

refresh_token_set: boolean

Indicates whether a refresh token is stored for this grant. Grants with refresh tokens can be refreshed even after access token expiration.

resource_id: string

ID of resource receiving grant

scopes: Array<string>

Granted OAuth scopes

status: "active" | "expired" | "revoked"
Accepts one of the following:
"active"
"expired"
"revoked"
updated_at: string

Entity update timestamp

formatdate-time
user_id: string

Reference to the user granting permission

zone_id: string

Zone this grant belongs to

Deprecatedactive?: boolean

Whether the grant is currently active (deprecated - use status instead)

Deprecatedprovider?: Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" | "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048
metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

scopes?: Array<string> | null

Additional OIDC scopes to request from this provider during authentication (e.g. "groups"). Merged with the default scopes (openid, profile, email).

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint?: string | null
formaturi
type?: "external" | "keycard-vault" | "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"
refreshed_at?: string

Timestamp when this grant's tokens were last refreshed. Omitted if grant was never refreshed.

formatdate-time
Deprecatedresource?: Resource { id, application_type, created_at, 17 more }

A Resource is a system that exposes protected information or functionality. It requires authentication of the requesting actor, which may be a user or application, before allowing access.

id: string

Unique identifier of the resource

application_type: "native" | "web"

The expected type of client for this credential. Native clients must use localhost URLs for redirect_uris or URIs with custom schemes. Web clients must use https URLs and must not use localhost as the hostname.

Accepts one of the following:
"native"
"web"
created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this resource

owner_type: "platform" | "customer"

Who owns this resource. Platform-owned resources cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
prefix: boolean

When true, the resource identifier is treated as a URI prefix, protecting all URLs that share the identifier as a prefix at path/query/fragment boundaries. Protocol and hostname must match exactly. When multiple prefix resources satisfy an identifier query, the resource with the longest prefix is matched.

slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this resource belongs to

Deprecatedapplication?: Application { id, consent, created_at, 11 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

Accepts one of the following:
created_at: string

Entity creation timestamp

formatdate-time
dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this application

owner_type: "platform" | "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this application belongs to

description?: string | null

Human-readable description

maxLength2048
metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

post_logout_redirect_uris?: Array<string> | null

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris?: Array<string> | null

OAuth 2.0 redirect URIs for this application

application_id?: string

ID of the application that provides this resource

credential_lifetime_seconds?: number | null

Credential lifetime override in seconds. When set, overrides the default credential lifetime for this resource. When absent, the default from the provider or zone is used.

minimum60
maximum86400
Deprecatedcredential_provider?: Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" | "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048
metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

scopes?: Array<string> | null

Additional OIDC scopes to request from this provider during authentication (e.g. "groups"). Merged with the default scopes (openid, profile, email).

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint?: string | null
formaturi
type?: "external" | "keycard-vault" | "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"
credential_provider_id?: string

ID of the credential provider for this resource

description?: string | null

Human-readable description

maxLength2048
metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
scopes?: Array<string> | null

Scopes supported by the resource

when_accessing?: Array<string>

List of resource IDs that, when accessed, make this dependency available. Only present when this resource is returned as a dependency.

Deprecateduser?: User { id, created_at, email, 13 more }

An authenticated user entity

id: string

Unique identifier of the user

created_at: string

Entity creation timestamp

formatdate-time
email: string

Email address of the user

formatemail
email_verified: boolean

Whether the email address has been verified

identifier: string

Zone-scoped user identifier. Defaults to the user's Keycard ID. When the provider has user_identifier_claim configured, the value is set from that claim at user creation time.

organization_id: string

Organization that owns this user

status: "active" | "disabled"

Status of the user. Disabled users cannot authenticate.

Accepts one of the following:
"active"
"disabled"
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user belongs to

authenticated_at?: string

Date when the user was last authenticated

grant_count?: number

Delegated-grant count for this user. Populated only when expand[]=grant_count is set on the listing endpoint.

minimum0
issuer?: string

Issuer identifier of the identity provider

provider_id?: string

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

role_assignments?: Array<RoleAssignment>

Role grants for this user within the zone. Populated only when expand[]=role-assignments is set on the listing endpoint.

role_id: string

ID of the assigned role

role_identifier: string

Opaque role identifier. Treated as an opaque identifier by the API and unique within a zone.

minLength1
maxLength255
scope: Scope | null

The resource this grant is scoped to, or null when the grant is unscoped (applies to the owning zone itself).

id: string

The ID of the scoped resource.

type: string

The kind of resource this grant is scoped to (e.g. zone).

session_count?: number

Session count for this user. Populated only when expand[]=session_count is set on the listing endpoint.

minimum0
subject?: string

Subject identifier from the identity provider

ZonesProviders

List providers
client.zones.providers.list(stringzoneID, ProviderListParams { after, before, cursor, 5 more } query?, RequestOptionsoptions?): ProviderListResponse { items, page_info, pagination }
GET/zones/{zoneId}/providers
Create provider
client.zones.providers.create(stringzoneID, ProviderCreateParams { identifier, name, client_id, 4 more } body, RequestOptionsoptions?): Provider { id, created_at, identifier, 12 more }
POST/zones/{zoneId}/providers
Get provider
client.zones.providers.retrieve(stringid, ProviderRetrieveParams { zoneId } params, RequestOptionsoptions?): Provider { id, created_at, identifier, 12 more }
GET/zones/{zoneId}/providers/{id}
Update provider
client.zones.providers.update(stringid, ProviderUpdateParams { zoneId, client_id, client_secret, 5 more } params, RequestOptionsoptions?): Provider { id, created_at, identifier, 12 more }
PATCH/zones/{zoneId}/providers/{id}
Delete provider
client.zones.providers.delete(stringid, ProviderDeleteParams { zoneId } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/providers/{id}
ModelsExpand Collapse
Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" | "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048
metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

scopes?: Array<string> | null

Additional OIDC scopes to request from this provider during authentication (e.g. "groups"). Merged with the default scopes (openid, profile, email).

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint?: string | null
formaturi
type?: "external" | "keycard-vault" | "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"

ZonesResources

List resources
client.zones.resources.list(stringzoneID, ResourceListParams { after, before, credentialProviderId, 4 more } query?, RequestOptionsoptions?): ResourceListResponse { items, pagination }
GET/zones/{zoneId}/resources
Create resource
client.zones.resources.create(stringzoneID, ResourceCreateParams { identifier, name, application_id, 7 more } body, RequestOptionsoptions?): Resource { id, application_type, created_at, 17 more }
POST/zones/{zoneId}/resources
Get resource
client.zones.resources.retrieve(stringid, ResourceRetrieveParams { zoneId } params, RequestOptionsoptions?): Resource { id, application_type, created_at, 17 more }
GET/zones/{zoneId}/resources/{id}
Update resource
client.zones.resources.update(stringid, ResourceUpdateParams { zoneId, application_id, application_type, 8 more } params, RequestOptionsoptions?): Resource { id, application_type, created_at, 17 more }
PATCH/zones/{zoneId}/resources/{id}
Delete resource
client.zones.resources.delete(stringid, ResourceDeleteParams { zoneId } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/resources/{id}

ZonesSessions

List sessions
client.zones.sessions.list(stringzoneID, SessionListParams { active, after, before, 6 more } query?, RequestOptionsoptions?): SessionListResponse { items, pagination }
GET/zones/{zoneId}/sessions
Get session
client.zones.sessions.retrieve(stringid, SessionRetrieveParams { zoneId } params, RequestOptionsoptions?): Session
GET/zones/{zoneId}/sessions/{id}
Update session
client.zones.sessions.update(stringid, SessionUpdateParams { zoneId, status } params, RequestOptionsoptions?): Session
PATCH/zones/{zoneId}/sessions/{id}
Delete session
client.zones.sessions.delete(stringid, SessionDeleteParams { zoneId } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/sessions/{id}
ModelsExpand Collapse
Session = IamUserSessionType { session_type, user_id, id, 19 more } | IamApplicationSessionType { application_id, issuer, provider_id, 14 more }

An authenticated identity session. Sessions can be user sessions (representing end-user authentication) or application sessions (representing service-to-service authentication). User sessions support hierarchical relationships via parent_id, while application sessions are always standalone.

Accepts one of the following:
IamUserSessionType { session_type, user_id, id, 19 more }

User session type-specific fields

session_type: "user"
user_id: string

User ID

id?: string

Session ID

Deprecatedactive?: boolean

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication?: Application { id, consent, created_at, 11 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

Accepts one of the following:
created_at: string

Entity creation timestamp

formatdate-time
dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this application

owner_type: "platform" | "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this application belongs to

description?: string | null

Human-readable description

maxLength2048
metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

post_logout_redirect_uris?: Array<string> | null

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris?: Array<string> | null

OAuth 2.0 redirect URIs for this application

application_id?: string

Application ID that initiated this session

authenticated_at?: string

Date when the session was authenticated

formatdate-time
created_at?: string

Entity creation timestamp

formatdate-time
expires_at?: string

Date when session expires

formatdate-time
issuer?: string

Issuer URL from IdP

formaturi
metadata?: Metadata { name }

Session metadata

name: string

Name of the initiating application or user agent

organization_id?: string

Organization that owns this session

parent_id?: string

Parent session ID for hierarchical sessions (user sessions only). When null, this is a web session - a top-level session initiated directly by a user. When set, this is a child session derived from the parent, used for token refresh or delegation. Application sessions cannot have parents.

provider_id?: string

Provider ID

session_data?: Record<string, unknown>

Session claims data (ID token claims for users, application claims for applications)

status?: "active" | "expired" | "revoked"
Accepts one of the following:
"active"
"expired"
"revoked"
subject?: string

Subject claim from IdP

updated_at?: string

Entity update timestamp

formatdate-time
Deprecateduser?: User { id, created_at, email, 13 more }

An authenticated user entity

id: string

Unique identifier of the user

created_at: string

Entity creation timestamp

formatdate-time
email: string

Email address of the user

formatemail
email_verified: boolean

Whether the email address has been verified

identifier: string

Zone-scoped user identifier. Defaults to the user's Keycard ID. When the provider has user_identifier_claim configured, the value is set from that claim at user creation time.

organization_id: string

Organization that owns this user

status: "active" | "disabled"

Status of the user. Disabled users cannot authenticate.

Accepts one of the following:
"active"
"disabled"
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user belongs to

authenticated_at?: string

Date when the user was last authenticated

grant_count?: number

Delegated-grant count for this user. Populated only when expand[]=grant_count is set on the listing endpoint.

minimum0
issuer?: string

Issuer identifier of the identity provider

provider_id?: string

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

role_assignments?: Array<RoleAssignment>

Role grants for this user within the zone. Populated only when expand[]=role-assignments is set on the listing endpoint.

role_id: string

ID of the assigned role

role_identifier: string

Opaque role identifier. Treated as an opaque identifier by the API and unique within a zone.

minLength1
maxLength255
scope: Scope | null

The resource this grant is scoped to, or null when the grant is unscoped (applies to the owning zone itself).

id: string

The ID of the scoped resource.

type: string

The kind of resource this grant is scoped to (e.g. zone).

session_count?: number

Session count for this user. Populated only when expand[]=session_count is set on the listing endpoint.

minimum0
subject?: string

Subject identifier from the identity provider

Deprecateduser_agent?: UserAgent { id, created_at, identifier, 5 more }

A User Agent represents a user agent (browser, desktop app, CLI tool) that can initiate user sessions via OAuth 2.0 Dynamic Client Registration.

id: string

Unique identifier of the user agent

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User agent identifier (serves as OAuth client_id). Format: ua:{sha256_hash}

name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this user agent

slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user agent belongs to

user_agent_id?: string

User agent ID (browser/client) that initiated this session

zone_id?: string

Zone this session belongs to

IamApplicationSessionType { application_id, issuer, provider_id, 14 more }

Application session type-specific fields

application_id: string

Application ID that initiated this session

issuer: string

Issuer URL from IdP

formaturi
provider_id: string

Provider ID

session_type: "application"
subject: string

Subject claim from IdP

id?: string

Session ID

Deprecatedactive?: boolean

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication?: Application { id, consent, created_at, 11 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

Accepts one of the following:
created_at: string

Entity creation timestamp

formatdate-time
dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this application

owner_type: "platform" | "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this application belongs to

description?: string | null

Human-readable description

maxLength2048
metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi
maxLength2048
protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

post_logout_redirect_uris?: Array<string> | null

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris?: Array<string> | null

OAuth 2.0 redirect URIs for this application

authenticated_at?: string

Date when the session was authenticated

formatdate-time
created_at?: string

Entity creation timestamp

formatdate-time
expires_at?: string

Date when session expires

formatdate-time
metadata?: Metadata { name }

Session metadata

name: string

Name of the initiating application or user agent

organization_id?: string

Organization that owns this session

session_data?: Record<string, unknown>

Session claims data (ID token claims for users, application claims for applications)

status?: "active" | "expired" | "revoked"
Accepts one of the following:
"active"
"expired"
"revoked"
updated_at?: string

Entity update timestamp

formatdate-time
zone_id?: string

Zone this session belongs to

ZonesUser Agents

List user agents
client.zones.userAgents.list(stringzoneID, UserAgentListParams { after, before, expand, limit } query?, RequestOptionsoptions?): UserAgentListResponse { items, pagination }
GET/zones/{zoneId}/user-agents
Get user agent
client.zones.userAgents.retrieve(stringid, UserAgentRetrieveParams { zoneId } params, RequestOptionsoptions?): UserAgent { id, created_at, identifier, 5 more }
GET/zones/{zoneId}/user-agents/{id}
ModelsExpand Collapse
UserAgent { id, created_at, identifier, 5 more }

A User Agent represents a user agent (browser, desktop app, CLI tool) that can initiate user sessions via OAuth 2.0 Dynamic Client Registration.

id: string

Unique identifier of the user agent

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User agent identifier (serves as OAuth client_id). Format: ua:{sha256_hash}

name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this user agent

slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user agent belongs to

ZonesUsers

List users
client.zones.users.list(stringzoneID, UserListParams { after, before, expand, 7 more } query?, RequestOptionsoptions?): UserListResponse { items, pagination }
GET/zones/{zoneId}/users
Get user
client.zones.users.retrieve(stringid, UserRetrieveParams { zoneId } params, RequestOptionsoptions?): User { id, created_at, email, 13 more }
GET/zones/{zoneId}/users/{id}
ModelsExpand Collapse
User { id, created_at, email, 13 more }

An authenticated user entity

id: string

Unique identifier of the user

created_at: string

Entity creation timestamp

formatdate-time
email: string

Email address of the user

formatemail
email_verified: boolean

Whether the email address has been verified

identifier: string

Zone-scoped user identifier. Defaults to the user's Keycard ID. When the provider has user_identifier_claim configured, the value is set from that claim at user creation time.

organization_id: string

Organization that owns this user

status: "active" | "disabled"

Status of the user. Disabled users cannot authenticate.

Accepts one of the following:
"active"
"disabled"
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user belongs to

authenticated_at?: string

Date when the user was last authenticated

grant_count?: number

Delegated-grant count for this user. Populated only when expand[]=grant_count is set on the listing endpoint.

minimum0
issuer?: string

Issuer identifier of the identity provider

provider_id?: string

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

role_assignments?: Array<RoleAssignment>

Role grants for this user within the zone. Populated only when expand[]=role-assignments is set on the listing endpoint.

role_id: string

ID of the assigned role

role_identifier: string

Opaque role identifier. Treated as an opaque identifier by the API and unique within a zone.

minLength1
maxLength255
scope: Scope | null

The resource this grant is scoped to, or null when the grant is unscoped (applies to the owning zone itself).

id: string

The ID of the scoped resource.

type: string

The kind of resource this grant is scoped to (e.g. zone).

session_count?: number

Session count for this user. Populated only when expand[]=session_count is set on the listing endpoint.

minimum0
subject?: string

Subject identifier from the identity provider

ZonesMembers

Add organization user to zone
client.zones.members.add(stringzoneID, MemberAddParams { organization_user_id, role } body, RequestOptionsoptions?): ZoneMember { id, _links, created_at, 5 more }
POST/zones/{zoneId}/members
List organization users in a zone
client.zones.members.list(stringzoneID, MemberListParams { after, before, expand, 2 more } query?, RequestOptionsoptions?): MemberListResponse { items, page_info, pagination }
GET/zones/{zoneId}/members
Get organization user in a zone
client.zones.members.retrieve(stringorganizationUserID, MemberRetrieveParams { zoneId } params, RequestOptionsoptions?): ZoneMember { id, _links, created_at, 5 more }
GET/zones/{zoneId}/members/{organizationUserId}
Update organization user role in a zone
client.zones.members.update(stringorganizationUserID, MemberUpdateParams { zoneId, role } params, RequestOptionsoptions?): ZoneMember { id, _links, created_at, 5 more }
PATCH/zones/{zoneId}/members/{organizationUserId}
Remove member from zone
client.zones.members.delete(stringorganizationUserID, MemberDeleteParams { zoneId } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/members/{organizationUserId}
ModelsExpand Collapse
ZoneMember { id, _links, created_at, 5 more }

Represents an organization user's membership in a zone with an assigned role

id: string

Unique identifier of the zone member

_links: _Links { organization_user, self }

HAL-format hypermedia links for zone member resources

organization_user: OrganizationUser { href }
href: string

Link to the user resource

formaturi-reference
self: Self { href }
href: string

Link to this zone member resource

formaturi-reference
created_at: string

Entity creation timestamp

formatdate-time
organization_id: string

Organization ID that owns the zone

organization_user_id: string

Organization user ID of the zone member

role: ZoneRole

Zone role type. zone_manager has full management access, zone_viewer has read-only access.

Accepts one of the following:
"zone_manager"
"zone_viewer"
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone ID the organization user is a member of

ZoneRole = "zone_manager" | "zone_viewer"

Zone role type. zone_manager has full management access, zone_viewer has read-only access.

Accepts one of the following:
"zone_manager"
"zone_viewer"

ZonesSecrets

Create
client.zones.secrets.create(stringzoneID, SecretCreateParams { data, entity_id, name, 4 more } params, RequestOptionsoptions?): Secret { id, created_at, entity_id, 7 more }
POST/zones/{zone_id}/secrets
List
client.zones.secrets.list(stringzoneID, SecretListParams { entity_id, type, xClientRequestID } params?, RequestOptionsoptions?): SecretListResponse { id, created_at, entity_id, 7 more }
GET/zones/{zone_id}/secrets
Delete
client.zones.secrets.delete(stringid, SecretDeleteParams { zone_id, xClientRequestID } params, RequestOptionsoptions?): void
DELETE/zones/{zone_id}/secrets/{id}
Update
client.zones.secrets.update(stringid, SecretUpdateParams { zone_id, data, description, 3 more } params, RequestOptionsoptions?): Secret { id, created_at, entity_id, 7 more }
PATCH/zones/{zone_id}/secrets/{id}
Retrieve
client.zones.secrets.retrieve(stringid, SecretRetrieveParams { zone_id, xClientRequestID } params, RequestOptionsoptions?): SecretRetrieveResponse { id, created_at, data, 7 more }
GET/zones/{zone_id}/secrets/{id}
ModelsExpand Collapse
Secret { id, created_at, entity_id, 7 more }
id: string

A globally unique opaque identifier

minLength1
created_at: string
formatdate-time
entity_id: string

A globally unique opaque identifier

minLength1
name: string

A name for the entity to be displayed in UI

type: "token" | "password"
Accepts one of the following:
"token"
"password"
updated_at: string
formatdate-time
version: number
minimum1
zone_id: string

A globally unique opaque identifier

minLength1
description?: string

A description of the entity

maxLength128
metadata?: unknown

A JSON object containing arbitrary metadata. Metadata will not be encrypted.

SecretPasswordFields { password, type, username }
password: string
type: "password"
username: string
SecretTokenFields { token, type }
token: string
type: "token"

ZonesPolicy Schemas

List policy schemas
client.zones.policySchemas.list(stringzoneID, PolicySchemaListParams { after, before, expand, 8 more } params?, RequestOptionsoptions?): PolicySchemaListResponse { items, pagination }
GET/zones/{zone_id}/policy-schemas
Get a policy schema by version
client.zones.policySchemas.retrieve(stringversion, PolicySchemaRetrieveParams { zone_id, format, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): SchemaVersionWithZoneInfo { is_default }
GET/zones/{zone_id}/policy-schemas/{version}
Set the default policy schema for a zone
client.zones.policySchemas.setDefault(stringversion, PolicySchemaSetDefaultParams { zone_id, body, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): SchemaVersionWithZoneInfo { is_default }
PATCH/zones/{zone_id}/policy-schemas/{version}
ModelsExpand Collapse
SchemaVersion { created_at, status, updated_at, 5 more }

A versioned Cedar schema that defines the entity model, actions, and context shape used for policy evaluation. The schema contains the valid entity types (User, Application, Resource), their attributes, and the allowed attribute values. See the Credentials API spec for a full reference of entity attributes and valid values.

created_at: string
formatdate-time
status: "active" | "deprecated" | "archived"

Controls what can be done with this schema version:

  • "active" - new policy versions can be created and validated against it.
  • "deprecated" - superseded by a newer version but still accepts new policy versions.
  • "archived" - closed to new policy versions. Existing policy set versions pinned to this schema still evaluate normally.
Accepts one of the following:
"active"
"deprecated"
"archived"
updated_at: string
formatdate-time
version: string
archived_at?: string | null
formatdate-time
cedar_schema?: string | null

Cedar schema in human-readable syntax. Populated when format=cedar.

cedar_schema_json?: unknown

Cedar schema as JSON object. Populated when format=json (default).

deprecated_at?: string | null
formatdate-time
SchemaVersionWithZoneInfo extends SchemaVersion { created_at, status, updated_at, 5 more } { is_default }

A versioned Cedar schema that defines the entity model, actions, and context shape used for policy evaluation. The schema contains the valid entity types (User, Application, Resource), their attributes, and the allowed attribute values. See the Credentials API spec for a full reference of entity attributes and valid values.

is_default: boolean

Whether this is the zone's default schema. Clients use this to pre-select which schema to write policies against. Has no effect on evaluation.

ZonesPolicies

List policies in a zone
client.zones.policies.list(stringzoneID, PolicyListParams { after, before, expand, 10 more } params?, RequestOptionsoptions?): PolicyListResponse { items, pagination }
GET/zones/{zone_id}/policies
Create a new policy
client.zones.policies.create(stringzoneID, PolicyCreateParams { name, description, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): Policy { id, created_at, created_by, 10 more }
POST/zones/{zone_id}/policies
Get a policy by ID
client.zones.policies.retrieve(stringpolicyID, PolicyRetrieveParams { zone_id, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): Policy { id, created_at, created_by, 10 more }
GET/zones/{zone_id}/policies/{policy_id}
Update a policy
client.zones.policies.update(stringpolicyID, PolicyUpdateParams { zone_id, description, name, 3 more } params, RequestOptionsoptions?): Policy { id, created_at, created_by, 10 more }
PATCH/zones/{zone_id}/policies/{policy_id}
Archive a policy
client.zones.policies.archive(stringpolicyID, PolicyArchiveParams { zone_id, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): Policy { id, created_at, created_by, 10 more }
DELETE/zones/{zone_id}/policies/{policy_id}
ModelsExpand Collapse
Policy { id, created_at, created_by, 10 more }
id: string
created_at: string
formatdate-time
created_by: string
name: string
owner_type: "platform" | "customer"

Who manages this policy:

  • "platform" — managed by the Keycard platform (system policies).
  • "customer" — managed by the tenant (custom policies).
Accepts one of the following:
"platform"
"customer"
updated_at: string
formatdate-time
zone_id: string
archived_at?: string | null
formatdate-time
description?: string | null
latest_schema_version?: string | null

Schema version the latest version was validated against (e.g., "2026-02-24"). Null when the policy has no published versions. Denormalized from PolicyVersion.schema_version for the policy referenced by latest_version_id.

latest_version?: number | null

Human-readable version number of the latest version (e.g., 1, 2, 3)

latest_version_id?: string | null
updated_by?: string | null
PolicyDraft { created_at, policy_id, schema_version, 5 more }
created_at: string
formatdate-time
policy_id: string
schema_version: string
updated_at: string
formatdate-time
updated_by: string
base_version_id?: string | null

ID of the policy version this draft was hydrated from. Null when the draft was created without an existing version.

cedar_json?: unknown

Cedar policy in JSON representation. Populated by default and when format=json is passed; null when format=cedar narrows the response to the text representation only.

cedar_raw?: string | null

Cedar policy in human-readable syntax. Populated by default and when format=cedar is passed; null when format=json narrows the response to the JSON representation only.

ZonesPoliciesVersions

List versions of a policy
client.zones.policies.versions.list(stringpolicyID, VersionListParams { zone_id, after, before, 7 more } params, RequestOptionsoptions?): VersionListResponse { items, pagination }
GET/zones/{zone_id}/policies/{policy_id}/versions
Create a new immutable policy version
client.zones.policies.versions.create(stringpolicyID, VersionCreateParams { zone_id, schema_version, cedar_json, 3 more } params, RequestOptionsoptions?): PolicyVersion { id, created_at, created_by, 10 more }
POST/zones/{zone_id}/policies/{policy_id}/versions
Get a specific policy version
client.zones.policies.versions.retrieve(stringversionID, VersionRetrieveParams { zone_id, policy_id, format, 2 more } params, RequestOptionsoptions?): PolicyVersion { id, created_at, created_by, 10 more }
GET/zones/{zone_id}/policies/{policy_id}/versions/{version_id}
Archive a policy version
client.zones.policies.versions.archive(stringversionID, VersionArchiveParams { zone_id, policy_id, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): PolicyVersion { id, created_at, created_by, 10 more }
DELETE/zones/{zone_id}/policies/{policy_id}/versions/{version_id}
ModelsExpand Collapse
PolicyVersion { id, created_at, created_by, 10 more }
id: string
created_at: string
formatdate-time
created_by: string
owner_type: "platform" | "customer"

Who manages this policy version:

  • "platform" — managed by the Keycard platform (system policy versions).
  • "customer" — managed by the tenant (custom policy versions).
Accepts one of the following:
"platform"
"customer"
policy_id: string
schema_version: string

Schema version this policy was validated against when created.

sha: string

Hex-encoded content hash

version: number
zone_id: string
archived_at?: string | null
formatdate-time
archived_by?: string | null
cedar_json?: unknown

Cedar policy in JSON representation. Populated by default and when format=json is passed; null when format=cedar narrows the response to the text representation only.

cedar_raw?: string | null

Cedar policy in human-readable syntax. Populated by default and when format=cedar is passed; null when format=json narrows the response to the JSON representation only.

ZonesPackages

ModelsExpand Collapse
InputState { effective_bindings, effective_schema }

Computed input state for a package — derived at response time from the package kind's schema and the package's input binding. Not stored.

effective_schema is the full input schema (kind + binding required constraints merged). effective_bindings resolves the CEL binding to show actual static values and {"$input": "path"} references for install-provided fields.

effective_bindings?: Record<string, unknown>
effective_schema?: EffectiveSchema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

Package { id, created_at, kind, 15 more }
id: string
created_at: string
formatdate-time
kind: string
name: string
minLength1
maxLength128
published: boolean

Whether the package is published. Unpublished packages are excluded from list endpoints by default; pass include_unpublished=true to include them.

slug: string

Server-populated URL-friendly identifier.

updated_at: string
formatdate-time
current_version?: PackageVersion { id, created_at, manifest_sha, 12 more }
id: string
created_at: string
formatdate-time
manifest_sha: string
name: string
owner_type: "platform" | "customer"
Accepts one of the following:
"platform"
"customer"
version: number
formatint32
archived_at?: string | null
formatdate-time
created_by?: string
description?: string
icon_url?: string
inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

tags?: Array<string>
description?: string
maxLength1024
draft?: PackageDraft { id, manifest_sha, name, 8 more }
id: string
manifest_sha: string
name: string
updated_at: string
formatdate-time
description?: string
icon_url?: string
inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

tags?: Array<string>
icon_url?: string
maxLength512
input_state?: InputState { effective_bindings, effective_schema }

Computed input state for a package — derived at response time from the package kind's schema and the package's input binding. Not stored.

effective_schema is the full input schema (kind + binding required constraints merged). effective_bindings resolves the CEL binding to show actual static values and {"$input": "path"} references for install-provided fields.

effective_bindings?: Record<string, unknown>
effective_schema?: EffectiveSchema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

source?: PackageSource { scope }

Provenance info for a package originating from an ancestor catalog.

scope: "global" | "org" | "zone"

Scope type of the catalog where the package is authored.

Accepts one of the following:
"global"
"org"
"zone"
tags?: Array<string>
PackageDraft { id, manifest_sha, name, 8 more }
id: string
manifest_sha: string
name: string
updated_at: string
formatdate-time
description?: string
icon_url?: string
inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

tags?: Array<string>
PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

PackageList { items, pagination }
items: Array<Package { id, created_at, kind, 15 more } >
id: string
created_at: string
formatdate-time
kind: string
name: string
minLength1
maxLength128
published: boolean

Whether the package is published. Unpublished packages are excluded from list endpoints by default; pass include_unpublished=true to include them.

slug: string

Server-populated URL-friendly identifier.

updated_at: string
formatdate-time
current_version?: PackageVersion { id, created_at, manifest_sha, 12 more }
id: string
created_at: string
formatdate-time
manifest_sha: string
name: string
owner_type: "platform" | "customer"
Accepts one of the following:
"platform"
"customer"
version: number
formatint32
archived_at?: string | null
formatdate-time
created_by?: string
description?: string
icon_url?: string
inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

tags?: Array<string>
description?: string
maxLength1024
draft?: PackageDraft { id, manifest_sha, name, 8 more }
id: string
manifest_sha: string
name: string
updated_at: string
formatdate-time
description?: string
icon_url?: string
inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

tags?: Array<string>
icon_url?: string
maxLength512
input_state?: InputState { effective_bindings, effective_schema }

Computed input state for a package — derived at response time from the package kind's schema and the package's input binding. Not stored.

effective_schema is the full input schema (kind + binding required constraints merged). effective_bindings resolves the CEL binding to show actual static values and {"$input": "path"} references for install-provided fields.

effective_bindings?: Record<string, unknown>
effective_schema?: EffectiveSchema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

source?: PackageSource { scope }

Provenance info for a package originating from an ancestor catalog.

scope: "global" | "org" | "zone"

Scope type of the catalog where the package is authored.

Accepts one of the following:
"global"
"org"
"zone"
tags?: Array<string>
PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

PackageSource { scope }

Provenance info for a package originating from an ancestor catalog.

scope: "global" | "org" | "zone"

Scope type of the catalog where the package is authored.

Accepts one of the following:
"global"
"org"
"zone"

ZonesPackagesVersions

ModelsExpand Collapse
PackageVersion { id, created_at, manifest_sha, 12 more }
id: string
created_at: string
formatdate-time
manifest_sha: string
name: string
owner_type: "platform" | "customer"
Accepts one of the following:
"platform"
"customer"
version: number
formatint32
archived_at?: string | null
formatdate-time
created_by?: string
description?: string
icon_url?: string
inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

tags?: Array<string>
PackageVersionList { items, pagination }
items: Array<PackageVersion { id, created_at, manifest_sha, 12 more } >
id: string
created_at: string
formatdate-time
manifest_sha: string
name: string
owner_type: "platform" | "customer"
Accepts one of the following:
"platform"
"customer"
version: number
formatint32
archived_at?: string | null
formatdate-time
created_by?: string
description?: string
icon_url?: string
inputs?: PackageInputBinding { bindings, schema }

Input binding for a package.

schema constrains install-level inputs. bindings is a CEL expression that assembles the flat input map — static values are CEL literals, install-provided values are pkg.inputs.X references. Evaluated at provisioning time to produce the entities.inputs map for entity bindings.

bindings?: string

CEL expression assembling the flat input map from static values and install-provided values (referenced via pkg.inputs.X).

Scope:

  • pkg.inputs — install-supplied values conforming to schema.
schema?: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

outputs?: PackageOutputBinding { bindings, schema }

Output binding for a package.

schema describes the flat outputs surfaced on an install. bindings is a CEL expression — a map literal whose keys match schema.properties and whose values project fields out of the resolved entity graph. Evaluated after the provisioner has resolved all entities.

bindings: string

CEL expression source. Must evaluate to a map whose fields match schema.properties.

Scope: entities:

  • entities.inputs — the package's input values (merged with install inputs at provisioning time).
  • entities.<name> — resolved entities in the graph, each with href: string and outputs: map<string, dyn>.
schema: Schema { additionalProperties, const, default, 17 more }

A subset of JSON Schema 2020-12 used to describe package input and output shapes.

Supported keywords:

  • Structural: type, properties, required, items, additionalProperties
  • Annotations: title, description, default, readOnly, writeOnly
  • Constraints: pattern, minLength, maxLength, minimum, maximum, minItems, maxItems, enum, const, format

Intentionally unsupported (reject at release time rather than silently ignore):

  • Schema combinators: allOf, anyOf, oneOf, not
  • References: $ref, $dynamicRef
  • patternProperties, propertyNames, unevaluatedProperties
  • Custom vocabularies and $vocabulary

Dialect: JSON Schema 2020-12 (implied — authors do not include $schema).

additionalProperties?: unknown

Schema for properties not named in properties.

const?: unknown

Constant allowed value.

default?: unknown

Default value (annotation).

description?: string

Human-readable description (annotation).

enum?: Array<unknown>

Enumerated allowed values.

format?: string

Format hint (e.g., "uri", "uuid", "email", "date-time").

items?: unknown

Schema for array items.

maximum?: number
maxItems?: number
maxLength?: number
minimum?: number
minItems?: number
minLength?: number
pattern?: string
properties?: unknown

Property schemas, keyed by property name.

readOnly?: boolean

Read-only hint — server-populated, ignored on write.

required?: Array<string>

Names of required properties.

title?: string

Human-readable title (annotation).

type?: "object" | "array" | "string" | 4 more

The type keyword in JSON Schema 2020-12.

Accepts one of the following:
"object"
"array"
"string"
"integer"
"number"
"boolean"
"null"
writeOnly?: boolean

Write-only hint (passwords, secrets) — never returned on read.

properties?: Record<string, unknown>

Vocabulary-defined metadata properties, keyed by property URN.

Known properties are declared with their schemas; additional properties with custom URNs are permitted via Record<unknown>.

Each property carries x-subject-types indicating which entity types it applies to. Properties with draft/ in the URN are experimental and carry x-internal: true.

tags?: Array<string>

ZonesInstalls

ModelsExpand Collapse
Install { id, created_at, package_id, 9 more }
id: string
created_at: string
formatdate-time
package_id: string
package_slug: string
Accepts one of the following:
"pending"
"active"
"deleting"
"failed"
"deleted"
updated_at: string
formatdate-time
inputs?: Record<string, unknown>

Install-specific input values that supplement the package's inputs. Merged with the package's input values to form the complete entities.inputs for entity binding evaluation.

org_id?: string
outputs?: Record<string, unknown>

Resolved output values produced by the provisioner, conforming to the package's Package.outputs.schema. Flat — the provisioner evaluates Package.outputs.bindings against the resolved entity graph.

package_version?: number
zone_id?: string
InstallList { items, pagination }
items: Array<Install { id, created_at, package_id, 9 more } >
id: string
created_at: string
formatdate-time
package_id: string
package_slug: string
Accepts one of the following:
"pending"
"active"
"deleting"
"failed"
"deleted"
updated_at: string
formatdate-time
inputs?: Record<string, unknown>

Install-specific input values that supplement the package's inputs. Merged with the package's input values to form the complete entities.inputs for entity binding evaluation.

org_id?: string
outputs?: Record<string, unknown>

Resolved output values produced by the provisioner, conforming to the package's Package.outputs.schema. Flat — the provisioner evaluates Package.outputs.bindings against the resolved entity graph.

package_version?: number
zone_id?: string
InstallStatus = "pending" | "active" | "deleting" | 2 more
Accepts one of the following:
"pending"
"active"
"deleting"
"failed"
"deleted"

ZonesCatalog Tasks

ModelsExpand Collapse
Task { id, created_at, operation, 9 more }
id: string
created_at: string
formatdate-time
operation: TaskOperation
Accepts one of the following:
"create"
"delete"
status: TaskStatus
Accepts one of the following:
"pending"
"running"
"completed"
"failed"
updated_at: string
formatdate-time
error_message?: string
install_id?: string
package_id?: string
package_slug?: string
package_version?: number
warnings?: Array<Warning>

Informational warnings about the task outcome. For delete tasks, warns when adopted entities (pre-existing resources not created by the catalog) will be preserved rather than deleted.

code: "validation_error" | "bad_request" | "unauthorized" | 6 more
Accepts one of the following:
"validation_error"
"bad_request"
"unauthorized"
"forbidden"
"not_found"
"conflict"
"rate_limit_exceeded"
"internal_error"
"service_unavailable"
details: Array<Detail>
code: "validation_error" | "bad_request" | "unauthorized" | 6 more
Accepts one of the following:
"validation_error"
"bad_request"
"unauthorized"
"forbidden"
"not_found"
"conflict"
"rate_limit_exceeded"
"internal_error"
"service_unavailable"
field: string

valid json path for request body

message: string

error message for specific error

message: string

summary of the error

path: string
formaturl
request_id: string
formatuuid
status: number

HTTP Status Code

timestamp: string
formatdate-time
TaskOperation = "create" | "delete"
Accepts one of the following:
"create"
"delete"
TaskStatus = "pending" | "running" | "completed" | "failed"
Accepts one of the following:
"pending"
"running"
"completed"
"failed"

ZonesPolicy Sets

List policy sets in a zone
client.zones.policySets.list(stringzoneID, PolicySetListParams { active, after, before, 12 more } params?, RequestOptionsoptions?): PolicySetListResponse { items, pagination }
GET/zones/{zone_id}/policy-sets
Create a new policy set
client.zones.policySets.create(stringzoneID, PolicySetCreateParams { name, scope_type, target_type, 2 more } params, RequestOptionsoptions?): PolicySetWithBinding { active, active_version, active_version_id, 5 more }
POST/zones/{zone_id}/policy-sets
Get a policy set by ID
client.zones.policySets.retrieve(stringpolicySetID, PolicySetRetrieveParams { zone_id, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): PolicySetWithBinding { active, active_version, active_version_id, 5 more }
GET/zones/{zone_id}/policy-sets/{policy_set_id}
Update a policy set
client.zones.policySets.update(stringpolicySetID, PolicySetUpdateParams { zone_id, name, ifMatch, 2 more } params, RequestOptionsoptions?): PolicySetWithBinding { active, active_version, active_version_id, 5 more }
PATCH/zones/{zone_id}/policy-sets/{policy_set_id}
Archive a policy set
client.zones.policySets.archive(stringpolicySetID, PolicySetArchiveParams { zone_id, ifMatch, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): PolicySetWithBinding { active, active_version, active_version_id, 5 more }
DELETE/zones/{zone_id}/policy-sets/{policy_set_id}
ModelsExpand Collapse
Attestation { payload, protected, signature }

JWS Flattened JSON Serialization (RFC 7515 §7.2.2) of a policy set attestation. The protected header carries the signing algorithm and key identifier; the payload is a base64url-encoded AttestationStatement canonicalized per RFC 8785 (JCS). Verify using the zone JWKS endpoint (RFC 7517). Currently signed with RS256; future zone key types (e.g. EdDSA) will be indicated by the "alg" header — no envelope changes required.

payload: string

Base64url-encoded AttestationStatement (RFC 7515 §3). Decode to inspect attestation content. The RFC 8785 canonical form of the decoded JSON is the JWS Signing Input alongside the protected header.

protected: string

Base64url-encoded JWS protected header (RFC 7515 §4). Contains at minimum "alg" (signing algorithm — currently RS256, will migrate to EdDSA) and "kid" (signing key identifier resolvable via the zone JWKS endpoint).

signature: string

Base64url-encoded digital signature computed over the JWS Signing Input (ASCII(protected) || '.' || payload) per RFC 7515 §5.1.

AttestationStatement { attested_at, attested_by, key_id, 7 more }

Decoded content of an Attestation JWS payload. Describes the exact policy set version composition at attestation time. This schema defines what consumers see after base64url-decoding the Attestation.payload field.

attested_at: string
formatdate-time
attested_by: string
key_id: string

Key ID of the signing key used to produce the attestation signature. Matches the "kid" in the JWS protected header.

manifest_sha: string

SHA-256 of the policy set version manifest. Verifiers MUST check this matches the policy_set_version.manifest_sha to detect attestation/version mismatches.

policy_set_id: string
policy_set_version: number
status: "created" | "re_signed"

Event that produced this attestation. "created" is the initial attestation at version creation; "re_signed" is a re-attestation after key rotation (same content, new signature).

Accepts one of the following:
"created"
"re_signed"
type: "policy_set_attestation"

Statement type discriminator

v: 1

Statement schema version

zone_id: string
PolicySet { id, created_at, created_by, 10 more }
id: string
created_at: string
formatdate-time
created_by: string
name: string
owner_type: "platform" | "customer"

Who manages this policy set:

  • "platform" — managed by the Keycard platform (system policies).
  • "customer" — managed by the tenant (custom policies).
Accepts one of the following:
"platform"
"customer"
Deprecatedscope_type: "zone" | "resource" | "user" | "session"

Deprecated. Use target_type instead. Carries the same value.

Accepts one of the following:
"zone"
"resource"
"user"
"session"
target_type: "zone" | "user"

What this policy set targets:

  • "zone" — applies to all requests in the zone.
  • "user" — scoped to a specific user.

resource and session are reserved; legacy sets with those scopes carry them in the deprecated scope_type field.

Accepts one of the following:
"zone"
"user"
updated_at: string
formatdate-time
zone_id: string
archived_at?: string | null
formatdate-time
latest_version?: number | null

Human-readable version number of the latest version (e.g., 1, 2, 3)

latest_version_id?: string | null
updated_by?: string | null
PolicySetDraft { created_at, manifest, policy_set_id, 7 more }
created_at: string
formatdate-time
manifest: PolicySetManifest { entries }
entries: Array<PolicySetManifestEntry { policy_id, policy_version_id, sha } >
policy_id: string
policy_version_id: string
sha?: string

SHA-256 of the policy version content, populated by the server

policy_set_id: string
schema_version: string
updated_at: string
formatdate-time
updated_by: string
base_version_id?: string | null

ID of the policy set version this draft was hydrated from. Null when the draft was created without an existing version.

description?: string | null
name?: string | null
warnings?: Array<Warning>

Warnings about manifest entries that would prevent creating a version from this draft. Present only when there are warnings; omitted when empty.

message: string

Human-readable description of the warning, e.g. 'validated against schema "2026-02-24", draft targets "2026-03-16"' or 'policy version is archived'.

policy_id: string
policy_version_id: string
type: "policy_version_archived" | "schema_version_mismatch"
Accepts one of the following:
"policy_version_archived"
"schema_version_mismatch"
detail?: Detail { draft_schema_version, policy_schema_version }

Structured detail payload. Present for warning types that carry additional context (e.g. schema_version_mismatch includes the two schema versions). Omitted when the type alone is sufficient (e.g. policy_version_archived).

draft_schema_version?: string

Schema version the draft targets. Present only for schema_version_mismatch warnings.

policy_schema_version?: string

Schema version the policy version was validated against. Present only for schema_version_mismatch warnings.

PolicySetManifest { entries }
entries: Array<PolicySetManifestEntry { policy_id, policy_version_id, sha } >
policy_id: string
policy_version_id: string
sha?: string

SHA-256 of the policy version content, populated by the server

PolicySetManifestEntry { policy_id, policy_version_id, sha }
policy_id: string
policy_version_id: string
sha?: string

SHA-256 of the policy version content, populated by the server

PolicySetWithBinding extends PolicySet { id, created_at, created_by, 10 more } { active, active_version, active_version_id, 5 more }
active?: boolean

Whether this policy set is currently bound to a scope

active_version?: number | null

Human-readable version number of the active version (e.g., 1, 2, 3)

active_version_id?: string | null

Public ID of the currently active (bound) version

mode?: "active" | "shadow" | null
Accepts one of the following:
"active"
"shadow"
Deprecatedscope_target_id?: string | null

Deprecated. Use target_id instead. Carries the active binding's target; null when unbound.

shadow_version?: number | null

Human-readable version number of the shadow version

shadow_version_id?: string | null

Public ID of the shadow (observed) version, if any

target_id?: string | null

Target entity ID. Equals zone_id for zone-targeted sets; the principal identifier for principal-scoped sets. Null only for legacy non-zone sets that predate target tracking.

ZonesPolicy SetsVersions

List versions of a policy set
client.zones.policySets.versions.list(stringpolicySetID, VersionListParams { zone_id, after, before, 6 more } params, RequestOptionsoptions?): VersionListResponse { items, pagination }
GET/zones/{zone_id}/policy-sets/{policy_set_id}/versions
Create a new immutable policy set version
client.zones.policySets.versions.create(stringpolicySetID, VersionCreateParams { zone_id, manifest, schema_version, 2 more } params, RequestOptionsoptions?): PolicySetVersion { id, created_at, created_by, 10 more }
POST/zones/{zone_id}/policy-sets/{policy_set_id}/versions
Get a specific policy set version
client.zones.policySets.versions.retrieve(stringversionID, VersionRetrieveParams { zone_id, policy_set_id, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): PolicySetVersion { id, created_at, created_by, 10 more }
GET/zones/{zone_id}/policy-sets/{policy_set_id}/versions/{version_id}
Activate a policy set version
client.zones.policySets.versions.update(stringversionID, VersionUpdateParams { zone_id, policy_set_id, active, 2 more } params, RequestOptionsoptions?): PolicySetVersion { id, created_at, created_by, 10 more }
PATCH/zones/{zone_id}/policy-sets/{policy_set_id}/versions/{version_id}
Archive a policy set version
client.zones.policySets.versions.archive(stringversionID, VersionArchiveParams { zone_id, policy_set_id, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): PolicySetVersion { id, created_at, created_by, 10 more }
DELETE/zones/{zone_id}/policy-sets/{policy_set_id}/versions/{version_id}
List policy versions in a policy set version
client.zones.policySets.versions.listPolicies(stringversionID, VersionListPoliciesParams { zone_id, policy_set_id, after, 8 more } params, RequestOptionsoptions?): VersionListPoliciesResponse { items, pagination }
GET/zones/{zone_id}/policy-sets/{policy_set_id}/versions/{version_id}/policies
ModelsExpand Collapse
PolicySetVersion { id, created_at, created_by, 10 more }
id: string
created_at: string
formatdate-time
created_by: string
manifest: PolicySetManifest { entries }
entries: Array<PolicySetManifestEntry { policy_id, policy_version_id, sha } >
policy_id: string
policy_version_id: string
sha?: string

SHA-256 of the policy version content, populated by the server

manifest_sha: string

Hex-encoded SHA-256 of the canonicalized manifest

owner_type: "platform" | "customer"

Who manages this policy set version:

  • "platform" — managed by the Keycard platform (system policy set versions).
  • "customer" — managed by the tenant (custom policy set versions).
Accepts one of the following:
"platform"
"customer"
policy_set_id: string
schema_version: string

Schema version pinned to this policy set version. Determines the Cedar schema used for evaluation when activated.

version: number
active?: boolean

Whether this policy set version is currently bound with mode='active'

archived_at?: string | null
formatdate-time
archived_by?: string | null
attestation?: AttestationStatement { attested_at, attested_by, key_id, 7 more } | null

Decoded content of an Attestation JWS payload. Describes the exact policy set version composition at attestation time. This schema defines what consumers see after base64url-decoding the Attestation.payload field.

attested_at: string
formatdate-time
attested_by: string
key_id: string

Key ID of the signing key used to produce the attestation signature. Matches the "kid" in the JWS protected header.

manifest_sha: string

SHA-256 of the policy set version manifest. Verifiers MUST check this matches the policy_set_version.manifest_sha to detect attestation/version mismatches.

policy_set_id: string
policy_set_version: number
status: "created" | "re_signed"

Event that produced this attestation. "created" is the initial attestation at version creation; "re_signed" is a re-attestation after key rotation (same content, new signature).

Accepts one of the following:
"created"
"re_signed"
type: "policy_set_attestation"

Statement type discriminator

v: 1

Statement schema version

zone_id: string