Skip to main content

Access Management APIs

API

Description

Audit Logs

Report on changes made to BigPanda resources.

Roles

Manage user roles within BigPanda.

SCIM Users

Enables users to provision and manage user accounts and roles.

Relevant Permissions

Roles with the following permissions can access the Audit Logs API:

Name

Description

Audit Logs

View the Audit Log in BigPanda Settings and the Audit Logs API.

To learn more about how BigPanda's permissions work, see the RBAC - Role Based Access Control guide.

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.

BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls.

API rate limitations

To maintain quality of service, BigPanda APIs are limited to 5 requests per second. Additional requests will return a 429 response code and the request will need to be retried.

API Keys

API keys securely authenticate calls to the BigPanda Public API. Using the API Keys API, you can create new keys and manage details about your organization's keys.

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.

BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls.

API rate limitations

To maintain quality of service, BigPanda APIs are limited to 5 requests per second. Additional requests will return a 429 response code and the request will need to be retried.

Relevant Permissions

Roles with the following permission can access API Keys API:

Permission Name

Description

API Keys

View, edit, and create API Keys in BigPanda Settings.

Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.

API Key Management

Parameters

The API keys object schema includes the following attributes:

Attribute

Description

Type

created_by

The unique ID associated with the user who created the API key.

String

name

Name of the API key.

String

description

Description of the API key.

String

active

Whether or not the API key is active.

One of: true or false.

Boolean

organization

The system-generated ID of the BigPanda organization where the API key was generated.

String

key_suffix

The last four characters of the API key.

String

key_hash

Hashed version of the API key.

String

created_at

Unix epoch time when the API key was created (in seconds).

String

last_used

Unix epoch time when the API key was last used (in seconds).

String

roles

The BigPanda role(s) associated with the API key.

Array of Strings

user_id

The unique ID of the BigPanda user assigned to the API key.

String

service_account_id

The unique ID of the BigPanda service account assigned to the API key.

String

id

The unique ID of the BigPanda API key.

String

Sample Object

{
    "created_by": "63bd568977a8d60012bf3chf",
    "name": "Test Key",
    "description": "Testing API keys",
    "active": true,
    "organization": "63bd568709cb331300ffaabc",
    "key_suffix": "2387",
    "key_hash": "6e48c296a7199d3035c259fd9114471aa6cacd11a7d53010cbc250df33be1a97e680a890657f603ae20ef3dc13808h41",
    "created_at": 1677010474,
    "__v": 0,
    "last_used": 1703001639,
    "roles": [
        "admin",
        "user",
        "Testing"
    ],
    "user_id": "63bd568977a8d60012bf3abc",
    "id": "63f5262a263ad112002d1ab8"
}

JIT Provisioning

SSO with Just-In-Time (JIT) Provisioning automatically creates user accounts in BigPanda when users first log in via SSO, eliminating the need for manual account creation. Account creation is based on rules and properties defined in your SSO provider’s object.

With JIT Security Assertion Markup Language (SAML) mapping, you can also configure roles to automatically sync to BigPanda each time a user logs in. See the SSO Configuration documentation for more information about JIT Provisioning.

The JIT Provisioning API allows you to manage JIT SAML role mapping and domains programmatically, enabling you to bulk manage large datasets and directories.

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.

BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls.

API rate limitations

To maintain quality of service, BigPanda APIs are limited to 5 requests per second. Additional requests will return a 429 response code and the request will need to be retried.

Relevant Permissions

Roles with the following permission can use the JIT Provisioning API:

Permission Name

Description

Single Sign-On

View, select, and configure JIT SSO via the UI and API.

You can adjust permission access levels by selecting either the View or Full Access option. To learn more about how BigPanda's permissions work, see the Roles Management guide.

JIT Provisioning

SCIM Users API

The SCIM Users API is based on the open standard System for Cross-domain Identity Management (SCIM): Protocol 1.1. SCIM is an open standard used for automating the exchange of user identity information between identity domains or IT systems. Its purpose is to facilitate and ease the management of user identities in cloud based applications. BigPanda uses JSON-based formats for SCIM.

SCIM Users

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.

BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls.

Parameters

The Service Provider Configuration object schema includes the following attributes.

Attribute

Description

Type

schemas

Array of the ids of the schemas available through the Service Provider Configuration

Array

id

Unique identifier of the schema

String

patch

Determines whether users are able to send patch calls

Boolean

bulk

Bulk and return operations settings

Attributes:

supported - Determines whether bulk returns are available during SCIM API calls

maxOperations - The maximum number of users that can be returned per bulk API calls

maxPayloadSize - The character limit for bulk API call returns

Object

filter

Bulk and return operations settings

Attributes:

supported - Determines whether users are able to use a filter on GET calls

maxResults - The maximum number of users that can be returned per API call

Object

changePassword

Password change settings

Attributes:

supported - Determines whether a patch call can be sent to update a user’s password field.

Object

sort

Sort settings

Attributes:

supported - Determines whether users are able to change the order results are listed in

Object

etag

Etag support settings

Attributes:

supported - Determines whether users are able to use the etag feature.

Object

authenticationSchemas

Array of the authentication schemas that will be accepted by SCIM API calls

Attributes:

type - What type of authentication token the authentication uses

name - The name of the authentication schema as set by IETF standard

description - The description of the authentication schema as set by IETF standard

specUrl - The URL link to specifications for the authentication

primary - Determines whether this is the default authentication type for SCIM calls

Array of Objects

xmlDataFormat

xml format support options

Attributes:

supported - Determines whether SCIM user data can be sent in an xml file

Object

Sample Service Provider Config Object

{
  "schemas": [
    "urn:scim:schemas:core:1.0"
  ],
  "id": "urn:scim:schemas:core:1.0",
  "patch": {
    "supported": true
  },
  "bulk": {
    "supported": false,
    "maxOperations": 10000,
    "maxPayloadSize": 10000000
  },
  "filter": {
    "supported": true,
    "maxResults": 1000
  },
  "changePassword": {
    "supported": false
  },
  "sort": {
    "supported": true
  },
  "etag": {
    "supported": false
  },
  "authenticationSchemes": [
    {
      "type": "oauthbearertoken",
      "name": "OAuth Bearer Token",
      "description": "Authentication Scheme using the OAuth Bearer Token Standard",
      "specUrl": "http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-01",
      "primary": true
    }
  ],
  "xmlDataFormat": {
    "supported": false
  }
}

Parameters

The Users object schema includes the following attributes.

Attribute

Description

Type

id

Unique identifier for the SCIM Resource as defined by the Service Provider

String

userName

Unique identifier for the User, typically used by the user to directly authenticate to BigPanda

String

displayName

The name of the user as displayed in the BigPanda UI

String

meta

Tags containing metadata about the user account.

Attributes:

created - The DateTime ( ISO 8601) the resource was added to the Service Provider

location - The URI of the resource being returned

Object

active

Indicates if the user's administrative status is active and can authenticate to BigPanda.

Boolean

password

The user's initial clear text password.

This attribute is used to specify an initial password when creating a new User.

This value will never be returned by a Service Provider in any form

String

phoneNumbers

The user’s phone number. BigPanda supports only 1 phone number per user

Attributes:

value - the string with the phone number

type - what type of number. Options are: work, home, other

Object

roles

A list of BigPanda roles assigned to the user

Array of Strings

Sample SCIM User Object

{
  "id": "5f82d3495558352a180e51cb",
  "userName": "email@acme.com",
  "displayName": "Stella R",
  "active": true,
  "meta": {
    "created": "2020-10-11T09:41:29.372Z",
    "location": "https://api.bigpanda.io/resources/v2.0/scim/Users/5f82d3495558352a180e51cb"
  },
  "schemas": [
    "urn:scim:schemas:core:1.0"
  ],
  "roles": [
    "admin",
    "user"
  ],
  "phoneNumbers": [
    {
      "value": "+555-634-5375",
      "type": "other"
    }
  ]
}

Users v1

In this section: