> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://developer-test.atomicwork.com/llms.txt. > For full documentation content, see https://developer-test.atomicwork.com/llms-full.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://developer-test.atomicwork.com/_mcp/server. # Create a grant for a user POST https://{tenant}.atomicwork.com/api/v1/iga/grants Content-Type: application/json Create an identity grant directly without going through the IGA approval workflow. This is the primary endpoint for programmatic access provisioning — use it when an external system (HRMS, onboarding tool, compliance platform) needs to grant access to a user. **Required fields:** `user_id` and `entitlement_id`. Call `GET /iga/apps` then `GET /iga/entitlements?app_id={id}` to discover valid entitlement IDs. **Optional fields:** - `policy_id` or `policy_key` — link the grant to a specific access policy - `granted_by` — record which user or system initiated the grant - `granted_at` — backdate the grant timestamp (ISO 8601); defaults to now The grant method (how provisioning happens) is automatically derived from the entitlement's provisioning configuration — Okta, Azure AD, JumpCloud, Google Workspace, or manual service request. Returns the created grant with its `id`, resolved `status`, `entitlement`, `app`, and provisioning details. Reference: https://developer-test.atomicwork.com/atomicwork-public-api/access-management/postapi-v-1-iga-grants ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: collection version: 1.0.0 paths: /api/v1/iga/grants: post: operationId: postapi-v-1-iga-grants summary: Create a grant for a user description: > Create an identity grant directly without going through the IGA approval workflow. This is the primary endpoint for programmatic access provisioning — use it when an external system (HRMS, onboarding tool, compliance platform) needs to grant access to a user. **Required fields:** `user_id` and `entitlement_id`. Call `GET /iga/apps` then `GET /iga/entitlements?app_id={id}` to discover valid entitlement IDs. **Optional fields:** - `policy_id` or `policy_key` — link the grant to a specific access policy - `granted_by` — record which user or system initiated the grant - `granted_at` — backdate the grant timestamp (ISO 8601); defaults to now The grant method (how provisioning happens) is automatically derived from the entitlement's provisioning configuration — Okta, Azure AD, JumpCloud, Google Workspace, or manual service request. Returns the created grant with its `id`, resolved `status`, `entitlement`, `app`, and provisioning details. tags: - subpackage_accessManagement parameters: - name: X-Api-Key in: header required: true schema: type: string - name: X-Workspace-Id in: header required: false schema: type: string responses: '200': description: Successful response content: application/json: schema: $ref: >- #/components/schemas/Access Management_postapi_v1_iga_grants_Response_200 requestBody: description: Request body for creating a grant via the public API content: application/json: schema: type: object properties: user_id: type: integer format: int64 description: The ID of the user who will receive the grant entitlement_id: type: integer format: int64 description: The ID of the entitlement to grant policy_id: type: integer format: int64 description: Optional policy ID to associate with the grant policy_key: type: string description: Optional policy key (alternative to policy_id) granted_by: type: integer format: int64 description: >- Optional user ID of who authorized this grant. Defaults to the API key owner. granted_at: type: string format: date-time description: >- Optional timestamp of when the grant was authorized. Defaults to current time. required: - user_id - entitlement_id servers: - url: https://{tenant}.atomicwork.com components: schemas: Access Management_postapi_v1_iga_grants_Response_200: type: object properties: {} description: Empty response body title: Access Management_postapi_v1_iga_grants_Response_200 securitySchemes: ApiKeyAuth: type: apiKey in: header name: X-Api-Key ``` ## SDK Code Examples ```python import requests url = "https://{tenant}.atomicwork.com/api/v1/iga/grants" payload = { "user_id": 123456, "entitlement_id": 78910, "policy_id": 555, "policy_key": "POLICY-ACCESS-ADMIN", "granted_by": 98765, "granted_at": "2024-04-15T09:30:00Z" } headers = { "X-Workspace-Id": "{{workspace_id}}", "X-Api-Key": "", "Content-Type": "application/json" } response = requests.post(url, json=payload, headers=headers) print(response.json()) ``` ```javascript const url = 'https://{tenant}.atomicwork.com/api/v1/iga/grants'; const options = { method: 'POST', headers: { 'X-Workspace-Id': '{{workspace_id}}', 'X-Api-Key': '', 'Content-Type': 'application/json' }, body: '{"user_id":123456,"entitlement_id":78910,"policy_id":555,"policy_key":"POLICY-ACCESS-ADMIN","granted_by":98765,"granted_at":"2024-04-15T09:30:00Z"}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://{tenant}.atomicwork.com/api/v1/iga/grants" payload := strings.NewReader("{\n \"user_id\": 123456,\n \"entitlement_id\": 78910,\n \"policy_id\": 555,\n \"policy_key\": \"POLICY-ACCESS-ADMIN\",\n \"granted_by\": 98765,\n \"granted_at\": \"2024-04-15T09:30:00Z\"\n}") req, _ := http.NewRequest("POST", url, payload) req.Header.Add("X-Workspace-Id", "{{workspace_id}}") req.Header.Add("X-Api-Key", "") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://{tenant}.atomicwork.com/api/v1/iga/grants") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Post.new(url) request["X-Workspace-Id"] = '{{workspace_id}}' request["X-Api-Key"] = '' request["Content-Type"] = 'application/json' request.body = "{\n \"user_id\": 123456,\n \"entitlement_id\": 78910,\n \"policy_id\": 555,\n \"policy_key\": \"POLICY-ACCESS-ADMIN\",\n \"granted_by\": 98765,\n \"granted_at\": \"2024-04-15T09:30:00Z\"\n}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.post("https://{tenant}.atomicwork.com/api/v1/iga/grants") .header("X-Workspace-Id", "{{workspace_id}}") .header("X-Api-Key", "") .header("Content-Type", "application/json") .body("{\n \"user_id\": 123456,\n \"entitlement_id\": 78910,\n \"policy_id\": 555,\n \"policy_key\": \"POLICY-ACCESS-ADMIN\",\n \"granted_by\": 98765,\n \"granted_at\": \"2024-04-15T09:30:00Z\"\n}") .asString(); ``` ```php request('POST', 'https://{tenant}.atomicwork.com/api/v1/iga/grants', [ 'body' => '{ "user_id": 123456, "entitlement_id": 78910, "policy_id": 555, "policy_key": "POLICY-ACCESS-ADMIN", "granted_by": 98765, "granted_at": "2024-04-15T09:30:00Z" }', 'headers' => [ 'Content-Type' => 'application/json', 'X-Api-Key' => '', 'X-Workspace-Id' => '{{workspace_id}}', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://{tenant}.atomicwork.com/api/v1/iga/grants"); var request = new RestRequest(Method.POST); request.AddHeader("X-Workspace-Id", "{{workspace_id}}"); request.AddHeader("X-Api-Key", ""); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{\n \"user_id\": 123456,\n \"entitlement_id\": 78910,\n \"policy_id\": 555,\n \"policy_key\": \"POLICY-ACCESS-ADMIN\",\n \"granted_by\": 98765,\n \"granted_at\": \"2024-04-15T09:30:00Z\"\n}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = [ "X-Workspace-Id": "{{workspace_id}}", "X-Api-Key": "", "Content-Type": "application/json" ] let parameters = [ "user_id": 123456, "entitlement_id": 78910, "policy_id": 555, "policy_key": "POLICY-ACCESS-ADMIN", "granted_by": 98765, "granted_at": "2024-04-15T09:30:00Z" ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://{tenant}.atomicwork.com/api/v1/iga/grants")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```