Resource Sets

The Resource Sets API provides operations to manage Resource Sets as custom collections of resources. You can use Resource Sets to assign Custom Roles to administrators who are scoped to the designated resources. See Supported Resources.

List all Resource Sets
OAuth 2.0: okta.roles.read

Lists all Resource Sets with pagination support

Request
query Parameters
after
string

The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination.

Responses
200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/iam/resource-sets
Request samples
Response samples
application/json
{}

Create a Resource Set
OAuth 2.0: okta.roles.manage

Creates a new Resource Set. See Supported resources.

Note: The maximum amount of resources allowed in a resource set object is 1000. Resources can either be identified by an Okta Resource Name (ORN) or by a REST URL format. See Okta Resource Name.

Request
Request Body schema: application/json
required
description
string

Description of the Resource Set

label
string

Unique name for the Resource Set

resources
Array of strings <= 1000

The endpoint (URL) that references all resource objects included in the Resource Set. Resources can either be identified by an Okta Resource Name (ORN) or by a REST URL format. See Okta Resource Name.

Responses
200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/iam/resource-sets
Request samples
application/json
{}
Response samples
application/json
{}

Retrieve a Resource Set
OAuth 2.0: okta.roles.read

Retrieves a Resource Set by resourceSetId

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}
Request samples
Response samples
application/json
{}

Replace a Resource Set
OAuth 2.0: okta.roles.manage

Replaces a Resource Set by resourceSetId

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
Request Body schema: application/json
required
description
string

Description of the Resource Set

label
string

Unique label for the Resource Set

Responses
200

OK

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/iam/resource-sets/{resourceSetId}
Request samples
application/json
{}
Response samples
application/json
{}

Delete a Resource Set
OAuth 2.0: okta.roles.manage

Deletes a role by resourceSetId

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/iam/resource-sets/{resourceSetId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Bindings
OAuth 2.0: okta.roles.read

Lists all Resource Set bindings with pagination support

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
query Parameters
after
string

The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination.

Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/bindings
Request samples
Response samples

Create a Resource Set Binding
OAuth 2.0: okta.roles.manage

Creates a new Resource Set binding

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
Request Body schema: application/json
required
members
Array of strings
role
string

Unique key for the role

Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/iam/resource-sets/{resourceSetId}/bindings
Request samples
application/json
{}
Response samples

Retrieve a Binding
OAuth 2.0: okta.roles.read

Retrieves a Resource Set binding by resourceSetId and roleIdOrLabel

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel
required
string

id or label of the role

Example: cr0Yq6IJxGIr0ouum0g3
Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}
Request samples
Response samples
application/json

Delete a Binding
OAuth 2.0: okta.roles.manage

Deletes a Resource Set binding by resourceSetId and roleIdOrLabel

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel
required
string

id or label of the role

Example: cr0Yq6IJxGIr0ouum0g3
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Members of a binding
OAuth 2.0: okta.roles.read

Lists all members of a Resource Set binding with pagination support

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel
required
string

id or label of the role

Example: cr0Yq6IJxGIr0ouum0g3
query Parameters
after
string

The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination.

Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members
Request samples
Response samples
application/json
{}

Add more Members to a binding
OAuth 2.0: okta.roles.manage

Adds more members to a Resource Set binding

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel
required
string

id or label of the role

Example: cr0Yq6IJxGIr0ouum0g3
Request Body schema: application/json
required
additions
Array of strings
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

patch/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members
Request samples
application/json
Response samples

Retrieve a Member of a binding
OAuth 2.0: okta.roles.read

Retrieves a member identified by memberId for a binding

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel
required
string

id or label of the role

Example: cr0Yq6IJxGIr0ouum0g3
memberId
required
string

id of a member

Example: irb1qe6PGuMc7Oh8N0g4
Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}
Request samples
Response samples
application/json
{}

Unassign a Member from a binding
OAuth 2.0: okta.roles.manage

Unassigns a member identified by memberId from a binding

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel
required
string

id or label of the role

Example: cr0Yq6IJxGIr0ouum0g3
memberId
required
string

id of a member

Example: irb1qe6PGuMc7Oh8N0g4
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Resources of a Resource Set
OAuth 2.0: okta.roles.read

Lists all resources that make up the Resource Set

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/resources
Request samples
Response samples
application/json
{}

Add more Resource to a Resource Set
OAuth 2.0: okta.roles.manage

Adds more resources to a Resource Set

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
Request Body schema: application/json
required
additions
Array of strings
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

patch/api/v1/iam/resource-sets/{resourceSetId}/resources
Request samples
application/json
Response samples
application/json
{}

Delete a Resource from a Resource Set
OAuth 2.0: okta.roles.manage

Deletes a resource identified by resourceId from a Resource Set

Request
path Parameters
resourceSetId
required
string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g
resourceId
required
string

id of a resource

Example: ire106sQKoHoXXsAe0g4
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}