Infra0 Docs

API Reference

Access Management

List Access Requests

  • API Name: List Access Requests
  • API Route: GET /api/v1/access-management/requests
  • Request:
    • Query Params: page (number, default: 1), pageSize (number, default: 10), status (pending | approved | rejected, optional)
    • Auth: Session required. Admins with access.management permission see all requests; regular users see only their own.
  • What it does: Returns a paginated list of access requests. Admins see all requests system-wide; non-admins see only their own submitted requests.
  • Returns: Paginated result { data: [...], total, page, pageSize }

Create Access Request

  • API Name: Create Access Request
  • API Route: POST /api/v1/access-management/requests
  • Request:
    • Body:
json
    {
      "targetUserId": "string (required)",
      "type": "project_access | workspace_access | permission (required)",
      "resourceId": "string (required)",
      "message": "string (optional)"
    }
  • What it does: Creates a new access request for a specific resource (project, workspace, or permission). The request is submitted by the authenticated user and targeted at an admin user.
  • Returns: 201 with the created request object. 400 if required fields are missing or type is invalid.

Update Access Request

  • API Name: Approve or Reject Access Request
  • API Route: PATCH /api/v1/access-management/requests/[requestId]
  • Request:
    • Params: requestId (string) — Request ID
    • Body:
json
    {
      "status": "approved | rejected (required)"
    }
  • What it does: Approves or rejects a pending access request. Records the reviewing admin's user ID.
  • Returns: The updated request object. 400 if status is invalid.

List Users

  • API Name: List Users
  • API Route: GET /api/v1/access-management/users
  • Request:
    • Query Params: page (number, default: 1), pageSize (number, default: 10), search (string, optional), status (pending, optional)
    • Auth: Session required, permission: access.management
  • What it does: Returns a paginated list of all users. If status=pending is provided, returns only users with pending approval status.
  • Returns: Paginated user list { data: [...], total, page, pageSize }

Delete User

  • API Name: Delete User
  • API Route: DELETE /api/v1/access-management/users/[userId]
  • Request:
    • Params: userId (string) — User ID
    • Auth: Session required, permission: access.management
  • What it does: Permanently deletes a user account. Prevents self-deletion (a user cannot delete their own account).
  • Returns: { "message": "User deleted successfully" }. 400 if attempting self-deletion. 404 if user not found.

Get User Permissions

  • API Name: Get User Permissions
  • API Route: GET /api/v1/access-management/users/[userId]/permissions
  • Request:
    • Params: userId (string) — User ID
    • Auth: Session required, permission: access.management
  • What it does: Fetches the complete permission data for a user: their extra (directly granted) permissions, all system permissions, and the permission codes assigned by their role.
  • Returns:
json
  {
    "allPermissions": [...],
    "rolePermissionCodes": [...],
    "extraPermissions": [...]
  }

Grant User Permission

  • API Name: Grant Permission to User
  • API Route: POST /api/v1/access-management/users/[userId]/permissions
  • Request:
    • Params: userId (string) — User ID
    • Body:
json
    {
      "permissionId": "string (required)"
    }
  • What it does: Grants a specific extra permission to a user, beyond what their role already provides.
  • Returns: 201 with the newly granted permission record.

Revoke User Permission

  • API Name: Revoke Permission from User
  • API Route: DELETE /api/v1/access-management/users/[userId]/permissions/[permissionId]
  • Request:
    • Params: userId (string) — User ID, permissionId (string) — Permission ID
    • Auth: Session required, permission: access.management
  • What it does: Revokes a specific extra permission previously granted to a user.
  • Returns: { "success": true }

Update User Role

  • API Name: Update User Role
  • API Route: PATCH /api/v1/access-management/users/[userId]/role
  • Request:
    • Params: userId (string) — User ID
    • Body:
json
    {
      "roleId": "string (required)"
    }
  • What it does: Updates a user's global role and syncs the new role into all group memberships for that user.
  • Returns: The updated user-role record.

List Roles

  • API Name: List Roles
  • API Route: GET /api/v1/access-management/roles
  • Request:
    • Auth: Session required, permission: access.management
  • What it does: Returns all available roles in the system, excluding super_admin.
  • Returns: Array of role objects [ { "id", "name", "description" } ]

List Roles with Permissions

  • API Name: List All Roles with Their Permissions
  • API Route: GET /api/v1/access-management/roles/permissions
  • Request:
    • Auth: Session required, permission: access.management
  • What it does: Returns all roles along with their associated permissions, and also returns the full list of all system permissions. Used for the role-permission matrix UI.
  • Returns:
json
  {
    "roles": [ { "id", "name", "permissions": [...] } ],
    "permissions": [ { "id", "code", "description" } ]
  }

Update Role Permissions

  • API Name: Update Permissions for a Role
  • API Route: PUT /api/v1/access-management/roles/[roleId]/permissions
  • Request:
    • Params: roleId (string) — Role ID
    • Body:
json
    {
      "permissionIds": ["string", ...]
    }
  • What it does: Replaces all permissions for the specified role with the provided set of permission IDs.
  • Returns: The updated role with its new permissions.
User FeedbackActivity Stream