Site Home
API Reference
LoginTry for Free

Create Role

post
https://{application_vanity_domain}/api/v1/roles
Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…

Creates a new role resource.

Required Permissions

Below is the list of required permissions needed to interact with this API. For each permission, the allowed permission boundaries are also specified.

PermissionBoundaryDescription
role:createApplicationThe subject can create roles within the application to which the subject belongs.
TenantThe subject can create roles owned by the tenant to which the subject belongs.
Tenant Inclusion ListThe subject can create roles owned by tenants specified in the tenant inclusion list.
Tenant Exclusion ListThe subject can create roles owned by tenants that belong to the subject's application but are not included in the tenant exclusion list.
Body Params

Role Resource

Role

string
enum
length between 1 and 30

[Required on Create] The type of the owner of the resource.

Allowed:
string
length between 1 and 26

[Required on Create] The ID of the owner of the resource.

string
enum
length between 1 and 45
Defaults to CUSTOM

Enum representing the type of the role. Only CUSTOM role types can be created.

  • PREDEFINED: [Read-only] A predefined role. These roles are created by Wristband.
  • CUSTOM: A custom role that is created by an end user.
Allowed:
string
length between 1 and 40

[Required on Create] The name of the role. Name must be unique (case-insensitive) within an application.
Application-level roles are prefixed with app:<app_domain_name>:, and tenant-level roles
are prefixed with tnt:<tnt_domain_name>:.

string
length between 1 and 60

[Required on Create] The display name of the role.

string
length between 1 and 500

Optional description of the role.

string
length ≤ 26

Optional ID of the permission boundary that is assigned to this role.

string
enum
length between 1 and 45

[Required on Create] Enum representing the tenants that this permission boundary should be visible to.

  • ALL: The role is visible to all tenants, and it can also be assigned to all users and tenant-level clients.
  • TENANT_INCLUSION_LIST: The role is visible to only the tenants specified in the tenantVisibilityInclusionList field, and it can only be assigned to users and tenant-level clients that belong to the tenants in that list.
  • NONE: The role is not visible to any tenants, and it can only be assigned to application-level subjects (such as an application-level client).
  • OWNER: The role is only visible to the tenant that owns it, and it can only be assigned to users and tenant-level clients that belong to the owning tenant.

** For APPLICATION owner type, visibility can be any of ALL, TENANT_INCLUSION_LIST, or NONE.
** For TENANT owner type, visibility can only be OWNER.

Allowed:
tenantVisibilityInclusionList
array of strings
length ≤ 10

The list of tenants that this role should be visible to. This value should only be used if the tenantVisibility is set to TENANT_INCLUSION_LIST.

tenantVisibilityInclusionList
Responses

Updated 20 days ago

Language
Credentials
Bearer
JWT
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated 20 days ago