API endpoint | Available from |
---|---|
| ThoughtSpot Cloud ts7.jun.cl |
| ThoughtSpot Cloud ts7.jun.cl |
| ThoughtSpot Cloud ts7.sep.cl |
| ThoughtSpot Cloud ts7.sep.cl |
| ThoughtSpot Cloud ts7.sep.cl |
Security APIs
The Security APIs allow you to share ThoughtSpot objects, such as Liveboards and visualizations, with another user or a user group. Any ThoughtSpot user can share objects with another user or user group.
Supported operationsπ
Required permissionsπ
-
To query object permissions, you must have administrator access.
-
To share an object or visualization with another user, you must have edit access to the object.
Share objects with another userπ
To programmatically share ThoughtSpot objects with another user or user group, use the /tspublic/v1/security/share
API.
When you share an object like a Liveboard or visualization, a notification with a live link is sent to the user. When the users access this object, they can view the last saved version of the object.
Resource URLπ
POST /tspublic/v1/security/share
Request parametersπ
Form parameter | Description | ||
---|---|---|---|
| String. Type of metadata object. Specify one of the following values as a metadata object type:
| ||
| String. A JSON array of the GUIDs of the objects to be shared. | ||
| String_. A string with the GUIDs of the user or user group, and the type of access privilege.
For example, to provide read-only access to a user with a GUID of
The following example shows how to set the permission string to provide read-only access to multiple users:
Similarly, to share objects with one or several user groups, specify the GUIDs and access permission type in the following format:
| ||
| Array of Strings. Email addresses to notify when the object is shared. | ||
| Boolean. If set to | ||
| String. The message text to send in the object share notification email. | ||
| Boolean. When set to |
Example requestπ
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' --header 'X-Requested-By: ThoughtSpot' \
-d 'type=PINBOARD_ANSWER_BOOK&id=["237921cc-ebf5-445a-8b7b-15c301f8456e"]&permission={"permissions":{"237921cc-ebf5-445a-8b7b-15c301f8456e":{"shareMode":"READ_ONLY"}}}&emailshares=["tsuser@thoughtspot.com"]¬ify=false&useCustomEmbedUrls=true' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/share'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/share
Example responseπ
Response code 204
Response codesπ
HTTP status code | Description |
---|---|
204 | Successful operation |
400 | Invalid parameter value |
Share a visualization with another user or user groupπ
If you want to share a specific visualization from a Liveboard with another user or user group, use the /tspublic/v1/security/shareviz
API. This API lets you share the visualization with specific user IDs and provide read-only access.
Resource URLπ
POST /tspublic/v1/security/shareviz
Request parametersπ
Form parameter | Description |
---|---|
| String. Type of the metadata object. The valid value is |
| String. The GUID of the Liveboard to which the visualization belongs. |
| String. The GUID of the users and groups to which you want to share the visualization. |
| String. The GUID of visualization. |
| Sring. Email addresses to notify when the object is shared. |
| Boolean. If set to |
| String. The message text to send in the notification email. |
| Boolean. When set to |
Example requestπ
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' --header 'X-Requested-By: ThoughtSpot' \
-d 'type=PINBOARD_ANSWER_BOOK&pinboardId=7a9a6715-e154-431b-baaf-7b58246c13dd&principalids=%5B%2259481331-ee53-42be-a548-bd87be6ddd4a%22%5D&vizid=e9753523-5de5-41ef-8d8c-b840f0260ea0&emailshares=%5Btsuser%40thoughtspot.com%5D¬ify=true&useCustomEmbedUrls=false' 'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/shareviz'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/shareviz
Example responseπ
Response code 204
Response codesπ
HTTP status code | Description |
---|---|
204 | Successful operation |
400 | Invalid parameter value |
Get object permission details for a specific object typeπ
ThoughtSpot users can get access to objects through the privileges assigned to the groups to which they belong. This type of object permission is referred to as EFFECTIVE
.
Users can also access objects when another user shares a Liveboard or Answer directly with them or the user group to which they belong. This type of object permission is referred to as DEFINED
.
To get permission details for a specific metadata type and ID, send a GET
request to the /tspublic/v1/security/metadata/permissions
endpoint.
Resource URLπ
GET /tspublic/v1/security/metadata/permissions
Request parametersπ
Parameter Name | Parameter Type | Description |
---|---|---|
| Query parameter | String. Type of the object. Valid values are:
|
| Query parameter | String. A JSON array of the GUIDs of the objects. |
| Query parameter | Boolean. Object permission details for the dependent objects. When set to |
| Query parameter | String. Valid values are:
|
Example requestπ
curl -X GET \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/metadata/permissions?type=PINBOARD_ANSWER_BOOK&id=%5B%22d084c256-e284-4fc4-b80c-111cb606449a%22%2C%20%2241a39422-2da0-4601-9d4a-59c27181c5f5%22%5D&dependentshare=false&permissiontype=EFFECTIVE'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/metadata/permissions?type=PINBOARD_ANSWER_BOOK&id=%5B%22d084c256-e284-4fc4-b80c-111cb606449a%22%2C%20%2241a39422-2da0-4601-9d4a-59c27181c5f5%22%5D&dependentshare=false&permissiontype=EFFECTIVE
Example responseπ
If the GET
operation is successful, the API returns a response with the permission details for the specified object IDs.
-
Note that the
shareMode
property indicates the object-level permission assigned to a given user.-
READ_ONLY
indicates view permissions to an object -
MODIFY
indicates edit permissions to an object
-
-
If the user doesnβt have access to the specified objects, the API returns a
403 unauthorized
error. -
If the user doesnβt have access to one of the specified objects, the API returns only those objects to which a user has
READ_ONLY
orMODIFY
permissions.
{
"41a39422-2da0-4601-9d4a-59c27181c5f5": {
"permissions": {
"59481331-ee53-42be-a548-bd87be6ddd4a": {
"topLevelObjectId": "41a39422-2da0-4601-9d4a-59c27181c5f5",
"shareMode": "READ_ONLY",
"dependents": [
{
"id": "160e1259-5838-4688-a30a-2442b6d5281e",
"name": "Credit Consumption & Usage, Top 10 Users, This Month",
"author": "41a39422-2da0-4601-9d4a-59c27181c5f5",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "41a39422-2da0-4601-9d4a-59c27181c5f5"
},
{
"id": "835ffe9d-78de-4817-a201-4a35385df18c",
"name": "Monthly Credits Consumed, with Unique Users",
"author": "41a39422-2da0-4601-9d4a-59c27181c5f5",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "41a39422-2da0-4601-9d4a-59c27181c5f5"
}
]
}
}
},
"d084c256-e284-4fc4-b80c-111cb606449a": {
"permissions": {
"59481331-ee53-42be-a548-bd87be6ddd4a": {
"topLevelObjectId": "d084c256-e284-4fc4-b80c-111cb606449a",
"shareMode": "READ_ONLY",
"dependents": [
{
"id": "a9466299-4e89-4a2f-a1b2-d87337a4afc6",
"name": "Total Sales by Store",
"author": "d084c256-e284-4fc4-b80c-111cb606449a",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "d084c256-e284-4fc4-b80c-111cb606449a"
},
{
"id": "d766e0da-2fa6-4af5-ab44-d86f28326c3a",
"name": "Total Sales by Product Type",
"author": "d084c256-e284-4fc4-b80c-111cb606449a",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "d084c256-e284-4fc4-b80c-111cb606449a"
}
]
}
}
}
}
Response codesπ
HTTP status code | Description |
---|---|
200 | Successful operation |
400 | Invalid parameter value |
403 | Unauthorized request |
Get permission details for a specific object IDπ
To get permission details for a specific object, send a GET
request to the /tspublic/v1/security/metadata/permissions
endpoint.
Resource URLπ
GET /tspublic/v1/security/metadata/{id}/permissions
Request parametersπ
Parameter Name | Parameter Type | Description |
---|---|---|
| Query parameter | String. Type of the object. Valid values are:
|
| Path parameter | String. The GUID of the object to query. |
| Query parameter | Boolean. Object permission details for the dependent objects. When set to |
| Query parameter | String. Valid values are:
|
Example requestπ
curl -X GET \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/metadata/d084c256-e284-4fc4-b80c-111cb606449a/permissions?type=PINBOARD_ANSWER_BOOK&dependentshare=false&permissiontype=EFFECTIVE'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/metadata/d084c256-e284-4fc4-b80c-111cb606449a/permissions?type=PINBOARD_ANSWER_BOOK&dependentshare=false&permissiontype=EFFECTIVE'
Example responseπ
If the GET
operation is successful, the API returns a response with the permission details for the specified object.
-
Note that the
shareMode
property indicates the object-level permission assigned to a given user.-
READ_ONLY
indicates view permissions to an object -
MODIFY
indicates edit permissions to an object
-
-
If the user doesnβt have access to the specified object, the API returns a
403 unauthorized
error.
{
"d084c256-e284-4fc4-b80c-111cb606449a": {
"permissions": {
"59481331-ee53-42be-a548-bd87be6ddd4a": {
"topLevelObjectId": "d084c256-e284-4fc4-b80c-111cb606449a",
"shareMode": "READ_ONLY",
"dependents": [
{
"id": "d0f39bd0-47ae-45af-a214-bea2286e220a",
"name": "Total Quantity Purchased by Product",
"author": "d084c256-e284-4fc4-b80c-111cb606449a",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "d084c256-e284-4fc4-b80c-111cb606449a"
},
{
"id": "a9466299-4e89-4a2f-a1b2-d87337a4afc6",
"name": "Total Sales by Store",
"author": "d084c256-e284-4fc4-b80c-111cb606449a",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "d084c256-e284-4fc4-b80c-111cb606449a"
},
{
"id": "d766e0da-2fa6-4af5-ab44-d86f28326c3a",
"name": "Total Sales by Product Type",
"author": "d084c256-e284-4fc4-b80c-111cb606449a",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "d084c256-e284-4fc4-b80c-111cb606449a"
}
]
}
}
}
}
Response codesπ
HTTP status code | Description |
---|---|
200 | Successful operation |
400 | Invalid parameter value |
403 | Unauthorized request |
Get object permission details for multiple object typesπ
To query object permission details for multiple object types and IDs, send a POST
request to the /tspublic/v1/security/effectivepermissionbulk
endpoint.
Resource URLπ
POST /tspublic/v1/security/effectivepermissionbulk
Request parametersπ
Form parameter | Description |
---|---|
| Array of Strings. A JSON array of the object IDs for each object type. Valid object types are:
For example, to get permission details for specific Liveboards and answers, specify the value of {"PINBOARD_ANSWER_BOOK": ["d084c256-e284-4fc4-b80c-111cb606449a"], "QUESTION_ANSWER_BOOK": ["92f48c07-9c62-4bfa-81ac-55f3049165b4"]} |
| Boolean. Object permission details for the dependent objects. When set to |
Example requestπ
curl -X POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'X-Requested-By: ThoughtSpot' \
-d 'idsbytype=%7B%20%09%22PINBOARD_ANSWER_BOOK%22%3A%20%5B%22d084c256-e284-4fc4-b80c-111cb606449a%22%5D%2C%20%09%22QUESTION_ANSWER_BOOK%22%3A%20%5B%2292f48c07-9c62-4bfa-81ac-55f3049165b4%22%5D%20%7D&dependentshare=true' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/effectivepermissionbulk'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/security/effectivepermissionbulk
Example responseπ
If the data query operation is successful, the API returns the object permission details for the specified object IDs and types.
-
Note that the
shareMode
property indicates the object-level permission assigned to a given user.-
READ_ONLY
indicates view permissions to an object -
MODIFY
indicates edit permissions to an object
-
-
If the user doesnβt have access to the specified objects, the API returns a
403 unauthorized
error. -
If the user doesnβt have access to one of the specified objects, the API returns only those objects to which a user has
READ_ONLY
orMODIFY
permissions.
{
"QUESTION_ANSWER_BOOK": {
"92f48c07-9c62-4bfa-81ac-55f3049165b4": {
"permissions": {
"59481331-ee53-42be-a548-bd87be6ddd4a": {
"topLevelObjectId": "92f48c07-9c62-4bfa-81ac-55f3049165b4",
"shareMode": "READ_ONLY",
"dependents": [
{
"id": "44cb25f9-9032-4d45-9d74-bbf66e1502f0",
"name": "Username",
"author": "965b5f46-7162-4c16-8aac-7ab26f313b25",
"type": "LOGICAL_COLUMN",
"shareMode": "READ_ONLY",
"isHidden": false,
"owner": "965b5f46-7162-4c16-8aac-7ab26f313b25",
"ownerName": "Credit Usage Worksheet"
},
{
"id": "5ff6043f-a340-46e0-98f1-84b4b3a96f1b",
"name": "Credit Window ID",
"author": "965b5f46-7162-4c16-8aac-7ab26f313b25",
"type": "LOGICAL_COLUMN",
"shareMode": "READ_ONLY",
"isHidden": false,
"owner": "965b5f46-7162-4c16-8aac-7ab26f313b25",
"ownerName": "Credit Usage Worksheet"
}
],
"answerBookQueryEditable": true
}
}
}
},
"PINBOARD_ANSWER_BOOK": {
"d084c256-e284-4fc4-b80c-111cb606449a": {
"permissions": {
"59481331-ee53-42be-a548-bd87be6ddd4a": {
"topLevelObjectId": "d084c256-e284-4fc4-b80c-111cb606449a",
"shareMode": "READ_ONLY",
"dependents": [
{
"id": "d0f39bd0-47ae-45af-a214-bea2286e220a",
"name": "Total Quantity Purchased by Product",
"author": "d084c256-e284-4fc4-b80c-111cb606449a",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "d084c256-e284-4fc4-b80c-111cb606449a"
},
{
"id": "d766e0da-2fa6-4af5-ab44-d86f28326c3a",
"name": "Total Sales by Product Type",
"author": "d084c256-e284-4fc4-b80c-111cb606449a",
"type": "QUESTION_ANSWER_BOOK",
"shareMode": "READ_ONLY",
"isHidden": true,
"owner": "d084c256-e284-4fc4-b80c-111cb606449a"
}
]
}
}
}
}
}
Response codesπ
HTTP status code | Description |
---|---|
200 | Successful operation |
400 | Invalid parameter value |
403 | Unauthorized request |