Avnology ID
API ReferenceGovernance

Review Campaigns

Periodic access reviews -- managers certify their reports' access.

RPCs

MethodPath
CreateReviewCampaignPOST /v1/governance/reviewCampaigns
GetReviewCampaignGET /v1/governance/reviewCampaigns/{id}
ListReviewCampaignsGET /v1/governance/reviewCampaigns
ListReviewItemsGET /v1/governance/reviewCampaigns/{id}/items
SubmitReviewPOST /v1/governance/reviewItems/{id}:submit

Base URL: https://<Domain id="api"/>

Authentication: Bearer token with governance.review:write.

Workflow

  1. Campaign created with a scope (filter over permissions) and deadline.
  2. Items generated -- one per (reviewer, target identity, permission) triple.
  3. Reviewers submit approve or revoke per item.
  4. Revoke actions delete Keto tuples immediately; approve is a no-op but records attestation.
  5. Campaign reaches completed state once every item is resolved or the deadline passes.

Start a campaign

Submit a review item

POST /v1/governance/reviewItems/{id}:submit
{ "decision": "REVOKE", "note": "No longer on the backend team" }

Valid decision values: APPROVE, REVOKE, MODIFY (reduces scope).

Access Requests

Create, approve, deny, and cancel time-bound access requests.

Separation of Duties

Static rules that prevent toxic combinations of permissions.

On this page

RPCsWorkflowStart a campaignSubmit a review item