Skip to content

Delegated Access

Manage delegated access, which allows a user to perform actions on behalf of another user. These APIs allow logged-in users to request consent from other app users, grant consent requests, view all consents related to their account, and revoke any granted permissions.

To request delegated access, see OAuth2.0 Token.
To create a dependent user with delegated access, see Create users

Download OpenAPI description
delegated-access.openapi.json
delegated-access.openapi.yaml
Languages
Servers
Sandbox environment
https://api.sbx.transmitsecurity.io/cis/
Production environment (US)
https://api.transmitsecurity.io/cis/
Production environment (EU)
https://api.eu.transmitsecurity.io/cis/
Production environment (CA)
https://api.ca.transmitsecurity.io/cis/
Production environment (AU)
https://api.au.transmitsecurity.io/cis/

Grant consent

Request

Grant the requested consent once it's approved by the user. This will provide the requesting user (the actor) permissions to act on behalf of the user that approved the consent (the subject). Since the approving user must be logged-in, this is authorized using a user access token of the subject.

Security
UserAccessToken
Bodyapplication/jsonrequired
consent_idstringrequired

Consent ID returned to your consent URI upon redirection

curl -i -X POST \
  https://api.sbx.transmitsecurity.io/cis/v1/delegated-access/consents/me/grant \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "consent_id": "string"
  }'

Responses

Consent has been created for the user

Response
No content

Request consent

Request

Send a consent request to give the requesting user (the actor) permissions to act on behalf of another user (the subject) when needed. An email will be sent to the subject with a link to your consent page. The consent URI will include a query param named consent_id used to grant the consent, permissions array, and the subject's user ID as subject_id. Since this call must be initiated by a logged-in user, it's authorized using a user access token of the actor.

Security
UserAccessToken
Bodyapplication/jsonrequired
permissionsArray of stringsrequired

Names of permissions

consent_uristringrequired

URI of your consent page, which the browser will redirect to when the user clicks the link in the consent email. The URI must accept the following query parameters: consent_id used to grant the consent, permissions array of permissions to present the user to approve, subject_id and actor_id. This URI must also be configured as an allowed redirect URI in the Admin Portal.

Example: "https://www.example.com/consent"
subject_idstringrequired

ID of the user that grants permissions to another user to act on their behalf

consent_expirationnumber

Validity period of the consent in seconds. Once expired, new consent must be granted to obtain the permissions

curl -i -X POST \
  https://api.sbx.transmitsecurity.io/cis/v1/delegated-access/consents/me/request \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "permissions": [
      "string"
    ],
    "consent_uri": "https://www.example.com/consent",
    "subject_id": "string",
    "consent_expiration": 0
  }'

Responses

Consent request has been sent

Response
No content

Get consents

Request

Get all the consents that were granted or requested by the specified user. This call is authorized by a user access token of this user.

Security
UserAccessToken
curl -i -X GET \
  https://api.sbx.transmitsecurity.io/cis/v1/delegated-access/consents/me \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

The requested user permissions

Bodyapplication/json
consents_as_actorArray of objects

Consents requested by this user (as the actor)

consents_as_subjectArray of objects

Consents that this user was requested to grant (as the subject)

Response
application/json
{
  "consents_as_actor": [
    { … }
  ],
  "consents_as_subject": [
    { … }
  ]
}

Revoke permissions as actor

Request

Revokes my permissions (the actor) to act on behalf of another user (the subject). This call is initiated by the actor who is logged-in, so it's authorized using a user access token.

Security
UserAccessToken
Query
permissionsArray of strings

Names of permissions to revoke. If no permissions are specified, all permissions will be revoked.

subject_idstringrequired

ID of the user that granted the permissions.

curl -i -X DELETE \
  'https://api.sbx.transmitsecurity.io/cis/v1/delegated-access/consents/me/permissions/actor?permissions=string&subject_id=string' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Permissions revoked

Response
No content

Revoke permissions as subject

Request

Revokes permissions of another user (the actor) to act on my behalf (the subject). This call is initiated by the subject who is logged-in, so it's authorized using a user access token.

Security
UserAccessToken
Query
permissionsArray of strings

Names of permissions to revoke. If no permissions are specified, all permissions will be revoked.

actor_idstringrequired

ID of the user that received the permissions.

curl -i -X DELETE \
  'https://api.sbx.transmitsecurity.io/cis/v1/delegated-access/consents/me/permissions/subject?permissions=string&actor_id=string' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Permissions revoked

Response
No content