Resource Sets

The Resource Sets API provides operations to manage Resource Sets as custom collections of resources. You can use Resource Sets to assign Custom Roles to administrators who are scoped to the designated resources. See Supported Resources.

List all Resource Sets
OAuth 2.0: `okta.roles.read`

Lists all Resource Sets with pagination support

Request

query Parameters

after

string

The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination for more information.

Responses

200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/iam/resource-sets

Request samples

Response samples

200
403
429

application/json

{"resource-sets": [{"id": "iamoJDFKaJxGIr0oamd9g",
"label": "SF-IT-1",
"description": "First San Francisco IT Resource Set",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
},
"resources": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
}
}
},
{"id": "iamoJDFKaJxGIr0oamd0q",
"label": "SF-IT-2",
"description": "Second San Francisco IT Resource Set",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q"
},
"resources": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/resources"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/bindings"
}
}
}
],
"_links": {"next": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets?after=iamoJDFKaJxGIr0oamd0q"
}
}
}

Create a Resource Set
OAuth 2.0: `okta.roles.manage`

Creates a new Resource Set

Request

Request Body schema: application/json

description	string Description of the Resource Set
label	string Unique label for the Resource Set
resources	Array of strings

Responses

200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/iam/resource-sets

Request samples

application/json

{"label": "SF-IT-People",
"description": "People in the IT department of San Francisco",
"resources": ["https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3",
"https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users",
"https://{yourOktaDomain}/api/v1/users"
]
}

Response samples

200
400
403
429

application/json

{"id": "iamoJDFKaJxGIr0oamd9g",
"label": "SF-IT-People",
"description": "People in the IT department of San Francisco",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
},
"resources": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
}
}
}

Retrieve a Resource Set
OAuth 2.0: `okta.roles.read`

Retrieves a Resource Set by resourceSetId

Request

path Parameters

resourceSetId

required

string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g

Responses

200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}

Request samples

Response samples

200
403
404
429

application/json

{"id": "iamoJDFKaJxGIr0oamd9g",
"label": "SF-IT-People",
"description": "People in the IT department of San Francisco",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
},
"resources": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
}
}
}

Replace a Resource Set
OAuth 2.0: `okta.roles.manage`

Replaces a Resource Set by resourceSetId

Request

path Parameters

resourceSetId

required

string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g

Request Body schema: application/json

description	string Description of the Resource Set
label	string Unique label for the Resource Set

Responses

200

OK

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/iam/resource-sets/{resourceSetId}

Request samples

application/json

{"label": "SF-IT-People",
"description": "People in the IT department of San Francisco",
"resources": ["https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3",
"https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users",
"https://{yourOktaDomain}/api/v1/users"
]
}

Response samples

200
400
403
404
429

application/json

{"id": "iamoJDFKaJxGIr0oamd9g",
"label": "SF-IT-People",
"description": "People in the IT department of San Francisco",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
},
"resources": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
}
}
}

Delete a Resource Set
OAuth 2.0: `okta.roles.manage`

Deletes a role by resourceSetId

Request

path Parameters

resourceSetId

required

string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g

Responses

204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/iam/resource-sets/{resourceSetId}

Request samples

Response samples

403
404
429

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

List all Bindings
OAuth 2.0: `okta.roles.read`

Lists all Resource Set bindings with pagination support

Request

path Parameters

resourceSetId

required

string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g

query Parameters

after

string

The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination for more information.

Responses

200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/bindings

Request samples

Response samples

200
403
404
429

application/json

{"roles": [{"id": "cr0WxyzJxGIr0ouum0g4",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/roles/cr0WxyzJxGIr0ouum0g4"
},
"members": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0WxyzJxGIr0ouum0g4/members"
}
}
}
],
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
},
"resource-set": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
},
"next": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings?after=cr0WxyzJxGIr0ouum0g4"
}
}
}

Create a Resource Set Binding
OAuth 2.0: `okta.roles.manage`

Creates a new Resource Set binding

Request

path Parameters

resourceSetId

required

string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g

Request Body schema: application/json

members	Array of strings
role	string Unique key for the role

Responses

200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/iam/resource-sets/{resourceSetId}/bindings

Request samples

application/json

{"role": "cr0Yq6IJxGIr0ouum0g3",
"members": ["https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
]
}

Response samples

200
400
403
404
429

application/json

{"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
},
"resource-set": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
}
}
}

Retrieve a Binding
OAuth 2.0: `okta.roles.read`

Retrieves a Resource Set binding by resourceSetId and roleIdOrLabel

Request

path Parameters

resourceSetId required	string `id` of a Resource Set Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel required	string `id` or `label` of the role Example: cr0Yq6IJxGIr0ouum0g3

Responses

200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}

Request samples

Response samples

200
403
404
429

application/json

{"id": "cr0Yq6IJxGIr0ouum0g3",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
},
"resource-set": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
}
}
}

Delete a Binding
OAuth 2.0: `okta.roles.manage`

Deletes a Resource Set binding by resourceSetId and roleIdOrLabel

Request

path Parameters

resourceSetId required	string `id` of a Resource Set Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel required	string `id` or `label` of the role Example: cr0Yq6IJxGIr0ouum0g3

Responses

204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}

Request samples

Response samples

403
404
429

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

List all Members of a binding
OAuth 2.0: `okta.roles.read`

Lists all members of a Resource Set binding with pagination support

Request

path Parameters

resourceSetId required	string `id` of a Resource Set Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel required	string `id` or `label` of the role Example: cr0Yq6IJxGIr0ouum0g3

query Parameters

after

string

The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination for more information.

Responses

200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members

Request samples

Response samples

200
403
404
429

application/json

{"members": [{"id": "irb1qe6PGuMc7Oh8N0g4",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3"
}
}
},
{"id": "irb1q92TFAHzySt3x0g4",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
}
}
}
],
"_links": {"binding": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
},
"next": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members?after=0ouRq6IJmGIr3ouum0g3"
}
}
}

Add more Members to a binding
OAuth 2.0: `okta.roles.manage`

Adds more members to a Resource Set binding

Request

path Parameters

resourceSetId required	string `id` of a Resource Set Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel required	string `id` or `label` of the role Example: cr0Yq6IJxGIr0ouum0g3

Request Body schema: application/json

additions

Array of strings

Responses

200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

patch/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members

Request samples

application/json

{"additions": ["https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3",
"https://{yourOktaDomain}/api/v1/users/00u67DU2qNCjNZYO0g3"
]
}

Response samples

200
400
403
404
429

application/json

{"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
},
"resource-set": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
}
}
}

Retrieve a Member of a binding
OAuth 2.0: `okta.roles.read`

Retrieves a member identified by memberId for a binding

Request

path Parameters

resourceSetId required	string `id` of a Resource Set Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel required	string `id` or `label` of the role Example: cr0Yq6IJxGIr0ouum0g3
memberId required	string `id` of a member Example: irb1qe6PGuMc7Oh8N0g4

Responses

200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}

Request samples

Response samples

200
403
404
429

application/json

{"id": "irb1qe6PGuMc7Oh8N0g4",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3"
}
}
}

Unassign a Member from a binding
OAuth 2.0: `okta.roles.manage`

Unassigns a member identified by memberId from a binding

Request

path Parameters

resourceSetId required	string `id` of a Resource Set Example: iamoJDFKaJxGIr0oamd9g
roleIdOrLabel required	string `id` or `label` of the role Example: cr0Yq6IJxGIr0ouum0g3
memberId required	string `id` of a member Example: irb1qe6PGuMc7Oh8N0g4

Responses

204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}

Request samples

Response samples

403
404
429

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

List all Resources of a Resource Set
OAuth 2.0: `okta.roles.read`

Lists all resources that make up the Resource Set

Request

path Parameters

resourceSetId

required

string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g

Responses

200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/iam/resource-sets/{resourceSetId}/resources

Request samples

Response samples

200
403
404
429

application/json

{"resources": [{"id": "ire106sQKoHoXXsAe0g4",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
}
}
},
{"id": "ire106riDrTYl4qA70g4",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users"
}
}
},
{"id": "irezvo4AwE2ngpMw40g3",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"users": {"href": "https://{yourOktaDomain}/api/v1/users"
},
"groups": {"href": "https://{yourOktaDomain}/api/v1/groups"
}
}
}
],
"_links": {"next": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources?after=irezvn1ZZxLSIBM2J0g3"
},
"resource-set": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
}
}
}

Add more Resource to a Resource Set
OAuth 2.0: `okta.roles.manage`

Adds more resources to a Resource Set

Request

path Parameters

resourceSetId

required

string

id of a Resource Set

Example: iamoJDFKaJxGIr0oamd9g

Request Body schema: application/json

additions

Array of strings

Responses

200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

patch/api/v1/iam/resource-sets/{resourceSetId}/resources

Request samples

application/json

{"additions": ["https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3",
"https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users"
]
}

Response samples

200
400
403
404
429

application/json

{"id": "iamoJDFKaJxGIr0oamd9g",
"label": "SF-IT-People",
"description": "People in the IT department of San Francisco",
"created": "2021-02-06T16:20:57.000Z",
"lastUpdated": "2021-02-06T16:20:57.000Z",
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
},
"resources": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
},
"bindings": {"href": "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
}
}
}

Delete a Resource from a Resource Set
OAuth 2.0: `okta.roles.manage`

Deletes a resource identified by resourceId from a Resource Set

Request

path Parameters

resourceSetId required	string `id` of a Resource Set Example: iamoJDFKaJxGIr0oamd9g
resourceId required	string `id` of a resource Example: ire106sQKoHoXXsAe0g4

Responses

204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId}

Request samples

Response samples

403
404
429

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

Resource Sets

List all Resource SetsOAuth 2.0: okta.roles.read

query Parameters

Create a Resource SetOAuth 2.0: okta.roles.manage

Request Body schema: application/json

Retrieve a Resource SetOAuth 2.0: okta.roles.read

path Parameters

Replace a Resource SetOAuth 2.0: okta.roles.manage

path Parameters

Request Body schema: application/json

Delete a Resource SetOAuth 2.0: okta.roles.manage

path Parameters

List all BindingsOAuth 2.0: okta.roles.read

path Parameters

query Parameters

Create a Resource Set BindingOAuth 2.0: okta.roles.manage

path Parameters

Request Body schema: application/json

Retrieve a BindingOAuth 2.0: okta.roles.read

path Parameters

Delete a BindingOAuth 2.0: okta.roles.manage

path Parameters

List all Members of a bindingOAuth 2.0: okta.roles.read

path Parameters

query Parameters

Add more Members to a bindingOAuth 2.0: okta.roles.manage

path Parameters

Request Body schema: application/json

Retrieve a Member of a bindingOAuth 2.0: okta.roles.read

path Parameters

Unassign a Member from a bindingOAuth 2.0: okta.roles.manage

path Parameters

List all Resources of a Resource SetOAuth 2.0: okta.roles.read

path Parameters

Add more Resource to a Resource SetOAuth 2.0: okta.roles.manage

path Parameters

Request Body schema: application/json

Delete a Resource from a Resource SetOAuth 2.0: okta.roles.manage

path Parameters

List all Resource Sets
OAuth 2.0: `okta.roles.read`

Create a Resource Set
OAuth 2.0: `okta.roles.manage`

Retrieve a Resource Set
OAuth 2.0: `okta.roles.read`

Replace a Resource Set
OAuth 2.0: `okta.roles.manage`

Delete a Resource Set
OAuth 2.0: `okta.roles.manage`

List all Bindings
OAuth 2.0: `okta.roles.read`

Create a Resource Set Binding
OAuth 2.0: `okta.roles.manage`

Retrieve a Binding
OAuth 2.0: `okta.roles.read`

Delete a Binding
OAuth 2.0: `okta.roles.manage`

List all Members of a binding
OAuth 2.0: `okta.roles.read`

Add more Members to a binding
OAuth 2.0: `okta.roles.manage`

Retrieve a Member of a binding
OAuth 2.0: `okta.roles.read`

Unassign a Member from a binding
OAuth 2.0: `okta.roles.manage`

List all Resources of a Resource Set
OAuth 2.0: `okta.roles.read`

Add more Resource to a Resource Set
OAuth 2.0: `okta.roles.manage`

Delete a Resource from a Resource Set
OAuth 2.0: `okta.roles.manage`