Privacera Ops Server API¶

The Privacera Ops Server API provides a comprehensive set of RESTful endpoints that enable users to programmatically manage and monitor operational tasks and connector configurations within the Privacera environment.

Key Concepts¶

Before using the Privacera Ops Server API, it's important to understand the foundational objects:

Task¶

A Task represents an operational action within the Privacera platform, such as syncing policies, managing resources, or performing service-level updates. These actions can be initiated through the API or user interface (UI), and the progress of each task can be tracked via predefined status (e.g., NEW, PROCESSING,SUCCESS, etc.).

Each task includes the following attributes:

appName:
- Represents the name of the application associated with the task.
- Format: <prefix>_<service_type>_<environment_name>
- The appName is typically a composite string that includes:
  - A static prefix (e.g., policysync)
  - The type of service (e.g., databricks_sql_analytics)
  - An environment identifier (e.g., dev, prod)
- Example : policysync_databricks_sql_analytics_dev.
appType:
- Denotes the category or function of the application within Privacera.
- Represents a set of predefined string values that classify the application type.
- Example : PS_CONNECTOR.
appSubType:
- Specifies a finer classification of the application.
- This value corresponds to the servicetype defined in the connector properties.
- Example: databricks_sql_analytics
- Supported Values: bigquery, collibra, databricks_sql_analytics, databricks_unity_catalog, dremio_ps, lakeformation, mssql, oracle, postgres, powerbi, redshift, s3, snowflake, vertica.

requestInfo:

Contains detailed information about the task request.
An object that includes one or more key-value pairs defining the action to perform and the resources involved.

Example :

JSON
{ 
  "appName": "policysync_databricks-sql_analytics_dev", 
  "appType": "PS_CONNECTOR", 
  "type": "RESOURCE_SYNC", 
  "appSubType": "databricks_sql_analytics", 
  "requestInfo": { 
    "action" : "add", 
    "resources": [ 
      { 
        "type": "database", 
        "values" : { 
          "database": "north_sales" 
        } 
      } 
    ] 
  }, 
  "source": "REST" 
}

action (optional): Specifies the action to be performed. Supported Values: add, update, delete. If not provided, a full sync is performed with resource filtering.
resources: A list of resources involved in the task.
type: The type of resource (e.g., "database").
values: An object specifying the resource's name or identifier (e.g., "database": "north_sales").

source:
- Indicates the origin of the task request.
- Example : REST (when the task is initiated through a RESTful API call)
guid:
- A globally Unique Identifier for the task.
- Example: 23e4567-e89b-12d3-a456-426614174000.
status:
- Current status of the task lifecycle.
- Possible Values: NEW, WAITING, PROCESSING, SUCCESS, FAILED, CANCELLED.

Connector¶

A Connector defines the configuration required to integrate Privacera with an external service, such as Databricks or Snowflake. It includes the necessary settings and credentials to enable communication between Privacera and the external service.

Each connector includes the following attributes:

name:
- The name of the connector instance.
- Must be unique within the Privacera environment.
- Example: databricks-connector.
type:
- The type of connector being created.
- Should match the appSubType used in the corresponding task request.
- Example: databricks_sql_analytics.
applicationProperties:
- An array of key-value pairs representing the configuration for the connector.
- Example:
  JSON
  1 2 3 4 5 6
  [ { "name": "spark.master", "value": "local[*]" } ]
id, globalId, version:
- Metadata used for tracking and versioning:
  - id: The unique identifier for the connector instance. Example: 123.
  - globalId: A globally unique identifier for the connector instance. Example: 23e4567-e89b-12d3-a456-426614174000.
  - version: The version of the connector instance. Example: 1.0.0.

Authentication¶

To interact with the APIs, include a bearer token in the request headers for authentication.

Bash
1	`-H "Authorization: Bearer <your-token>"`

How to Obtain a Bearer Token

To authenticate API requests, follow these steps to generate a token in the Self-Managed Privacera Portal:

Log in with an Admin Role.
Navigate to Settings → Token Management.
Click Generate Token.
Fill in the form:
- User: Select the currently logged-in user.
- Token Name: Provide a descriptive name.
- Scope: Choose Sync Status.
- Expiry: Set the expiration date.
Click Generate Token and copy the token for use in API requests.

API Categories¶

The Privacera Ops Server API is organized into functional categories, each corresponding to specific operations you can perform on tasks and connectors. These categories group related endpoints, allowing you to manage different aspects of the platform efficiently:

Task API – Provides endpoints to create, retrieve, update, delete, cancel, and batch-process operational tasks. These APIs also support filtering by parameters, including status, type, application name, and creation time.
Connector API – Supports full lifecycle management of connectors, including creating, updating, patching, deleting, and exporting connector configurations. These endpoints facilitate the management of integrations with external systems, such as Databricks, BigQuery, and Snowflake.
Connector Config File API – Provides endpoints to retrieve default configuration files for specific connector types. These files are useful when provisioning new connectors or managing templates.
Config API – Provides endpoints related to metadata, such as retrieving available task types or registered connectors. These endpoints are useful for driving dynamic UI features and supporting automated workflows.

Example Use Cases¶

The following examples demonstrate how to interact with key Privacera Ops Server APIs. Each use case includes a cURL command with the corresponding JSON payload or response.

Note

Replace <ops-server-url> with the actual domain of your Privacera OPS Server instance.
Replace <your-token> with the bearer token you generated.

Create a Task¶

Endpoint: POST /api/task
Description: Creates a new operational task, such as a policy or permission sync.

cURLRequest Payload (create-task.json)

Bash
curl -X POST https://<ops-server-url>/api/task \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d @create-task.json

JSON
{
  "appName": "policysync_databricks",
  "appType": "PS_CONNECTOR",
  "appSubType": "databricks_sql_analytics",
  "type": "RESOURCE_SYNC",
  "requestInfo": {
    "action": "add",
    "resources": [
      {
        "type": "database",
        "values": {
          "database": "sales_db"
        }
      }
    ]
  },
  "source": "REST"
}

Get Task by ID¶

Endpoint: GET /api/task/{id}
Description: Retrieves detailed task metadata by task ID.

cURLSample Response

Bash
curl -X GET https://<ops-server-url>/api/task/12345 \
  -H "Authorization: Bearer <your-token>"

JSON
{
  "id": 12345,
  "appName": "policysync_databricks",
  "status": "SUCCESS",
  "createTime": "2024-04-10T12:30:00Z"
}

Create a Connector¶

Endpoint: POST /api/connector
Description: Creates a new connector using the specified configuration.

cURLRequest Payload (create-connector.json)

Bash
curl -X POST https://<ops-server-url>/api/connector \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d @create-connector.json

JSON
{
  "name": "databricks-connector",
  "type": "databricks_sql_analytics",
  "applicationProperties": [
    {
      "name": "spark.master",
      "value": "local[*]"
    }
  ]
}

Download Connector Configuration (JSON)¶

Endpoint: GET /api/connector/config/download-json/{id}
Description: Downloads the configuration of a connector as a JSON file using its ID.

cURL

Bash
curl -X GET https://<ops-server-url>/api/connector/config/download-json/123 \
  -H "Authorization: Bearer <your-token>"

Modify Configuration for a Running Connector¶

Use this API to update configurations for a running connector. It allows you to manage various types of resources (e.g., projects, users) through a single endpoint.

Manage resource¶

Easily add or remove resources from the managed list of a specific connector using the appCode.

➕ Add Managed Resource¶

Endpoint: PUT /api/v1/public/connector/modify/config
Description: Add a project to the managed list using the specified appCode.

cURLRequest Payload (update-connector-config)

Bash
curl -X PUT https://<ops-server-url>/api/v1/public/connector/modify/config \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d @update-connector-config.json

JSON
{
  "appCode": "<PLEASE_UPDATE>",
  "action": "APPEND",
  "propertyName":"manage.project.list",
  "value":"project2"
}

➖ Remove Managed Resource¶

Endpoint: PUT /api/v1/public/connector/modify/config
Description: Remove a project from the managed list using the specified appCode.

cURLRequest Payload (update-connector-config)

Bash
curl -X PUT https://<ops-server-url>/api/v1/public/connector/modify/config \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d @update-connector-config.json

JSON
{
  "appCode": "<PLEASE_UPDATE>",
  "action": "REMOVE",
  "propertyName":"manage.project.list",
  "value":"project2"
}

Manage Users¶

Add or remove users from the managed list using the same endpoint.

➕ Add Managed User¶

Endpoint: PUT /api/v1/public/connector/modify/config
Description: Add a user to the managed list using the specified appCode.

cURLRequest Payload (update-connector-config)

Bash
curl -X PUT https://<ops-server-url>/api/v1/public/connector/modify/config \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d @update-connector-config.json

JSON
{
  "appCode": "<PLEASE_UPDATE>",
  "action": "APPEND",
  "propertyName":"manage.user.list",
  "value":"user2"
}

➖ Remove Managed Resource¶

Endpoint: PUT /api/v1/public/connector/modify/config
Description: Remove a user from the managed list using the specified appCode.

cURLRequest Payload (update-connector-config)

Bash
curl -X PUT https://<ops-server-url>/api/v1/public/connector/modify/config \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d @update-connector-config.json

JSON
{
  "appCode": "<PLEASE_UPDATE>",
  "action": "REMOVE",
  "propertyName":"manage.user.list",
  "value":"user2"
}

Note

The same API can be used to manage various resource types across different service types. For more details, refer to the API Reference.

API Reference¶

For the full API schema, endpoint details, and parameter definitions, refer to the Privacera Ops Server API Swagger section.

Prev topic: PEG API - PrivaceraCloud

Privacera Ops Server API¶

Key Concepts¶

Task¶

Connector¶

Authentication¶

API Categories¶

Example Use Cases¶

Create a Task¶

Get Task by ID¶

Create a Connector¶

Download Connector Configuration (JSON)¶

Modify Configuration for a Running Connector¶

Manage resource¶

➕ Add Managed Resource¶

➖ Remove Managed Resource¶

Manage Users¶

➕ Add Managed User¶

➖ Remove Managed Resource¶

API Reference¶

Comments