API ReferenceGovernance
Governance
Access requests, periodic access reviews, and Separation-of-Duties rules.
Governance
GovernanceService implements the three classic IGA pillars:
- Access requests -- users request time-bound or permanent access; approvers review.
- Review campaigns -- scheduled bulk reviews where managers certify their reports' access.
- Separation of Duties (SoD) -- static rules that prevent toxic permission combinations (e.g. "same user cannot both create and approve a purchase order").
Base URL: https://<Domain id="api"/>
Authentication: Bearer API key. Different RPCs require different scopes -- see each sub-page.
Sub-sections
| Area | What it covers |
|---|---|
| Access Requests | Create / approve / deny / cancel time-bound access requests |
| Review Campaigns | Start campaigns, list reviewable items, submit attestations |
| Separation of Duties | Define SoD rules, check for violations |
Common model
An AccessRequest, ReviewCampaign, ReviewItem, SoDRule, and SoDViolation all carry:
id-- ULID prefixacr_/rvc_/rvi_/sod_/sodv_organization_idcreated_at,updated_atcreated_by(actor identity)
Events
Every governance mutation emits an audit event and (if subscribed) a webhook:
governance.access_request.createdgovernance.access_request.approvedgovernance.access_request.deniedgovernance.review_campaign.startedgovernance.review_campaign.completedgovernance.sod_rule.violated