Manage service accounts using the Snyk API

You can manage service accounts using the Snyk REST API.

Service account attributes

id - The ID of the service account.

name - A human-friendly name for the service account.

auth_type - Authentication strategy for the service account. The following options are available:

• api_key - The service account uses a regular Snyk API key.

• oauth_client_secret - The service account uses an OAuth 2.0 access token, which is retrieved with a client secret.

• oauth_private_key_jwt - The service account uses an OAuth 2.0 access token, which is retrieved with a JWT signed with a private key.

role_id - The role of the service account, which defines the permissions it has. Available roles can be found using the endpoint List all roles in a group.

jwks_url - A JWKs URL hosting your public keys used to verify signed JWT requests; this must be https. Required only when auth_type is oauth_private_key_jwt.

access_token_ttl_seconds - The time, in seconds, that a generated access token will be valid for. Defaults to 1 hour if unset. Required only when auth_type is oauth_client_secret or oauth_private_key_jwt.

Manage Group-level service accounts

Get a list of service accounts in your Group

Request: GET https://api.snyk.io/rest/groups/{groupId}/service_accounts

API endpoint: Get a list of group service accounts

This paginated call returns an array of objects, each describing a service account.

Create a service account for your Group

Request: POST https://api.snyk.io/rest/groups/{groupId}/service_accounts

API endpoint: Create a service account for a group

This call creates a new service account. You pass a role_id in the JSON-formatted body of the request, which defines the permissions a service account can use. This role id can be found using the endpoint List all roles in a group. Roles can be re-used for multiple service accounts.

Get a service account from your Group

Request: GET https://api.snyk.io/rest/groups/{groupId}/service_accounts/{serviceAccountId}

API endpoint: Get a group service account

This call returns details describing a specific service account.

Update a service account in your Group

Request: PATCH https://api.snyk.io/rest/groups/{groupId}/service_accounts/{serviceAccountId}

API endpoint: Update a group service account

This call updates the details of a specific service account, at this time, the name of the service account.

Delete a service account from your Group

Request: DELETE https://api.snyk.io/rest/groups/{groupId}/service_accounts/{serviceAccountId}

API endpoint: Delete a group service account

This call permanently deletes the specified service account and revokes its credentials.

Manage a service account client secret for your Group

Request: POST https://api.snyk.io/rest/groups/{groupId}/service_accounts/{serviceAccountId}/secrets

API endpoint: Manage a group service account’s client secret

This call allows you to manage the client secret for oauth_client_secret service accounts. You can perform the following operations:

• create - generate a new client secret. A service account can have a maximum of two active secrets at a time.

• delete - delete an existing client secret. This requires putting client_secret in the request body. Deleting an existing client secret would render it invalid. A service account must have at least one active secret; calling delete with your last secret will fail.

• replace - simultaneously delete the existing client secret and generate a new secret. This option is recommended if your client_secret is compromised.

Manage Organization-level service accounts

Get a list of service accounts in your Organization

Request: GET https://api.snyk.io/rest/orgs/{orgId}/service_accounts

API endpoint: Get a list of organization service accounts

This paginated call returns an array of objects, each describing a service account.

Create a service account for your Organization

Request: POST https://api.snyk.io/rest/orgs/{orgId}/service_accounts

API endpoint: Create a service account for an organization

This call creates a new service account. You pass a role_id in the JSON-formatted body of the request, which defines the permissions a service account can use. This role id can be found using the endpoint List all roles in a group. Roles can be re-used for multiple service accounts.

Get a service account from your Organization

Request: GET https://api.snyk.io/rest/orgs/{orgId}/service_accounts/{serviceAccountId}

API endpoint: Get an organization service account

This call returns details describing a specific service account.

Update a service account in your Organization

Request: PATCH https://api.snyk.io/rest/orgs/{orgId}/service_accounts/{serviceAccountId}

API endpoint: Update an organization service account

This call can update the details of a specific service account. The name of the service account is updated.

Delete a service account from your Organization

Request: DELETE https://api.snyk.io/rest/orgs/{orgId}/service_accounts/{serviceAccountId}

API endpoint: Delete a service account in an organization

This call permanently deletes the specified service account.

Manage a service account client secret for your Organization

Request: POST https://api.snyk.io/rest/orgs/{orgId}/service_accounts/{serviceAccountId}/secrets

API endpoint: Manage an organization's service account's client secret

This call allows you to manage the client secret for oauth_client_secret service accounts. You can perform the following operations:

• create - generate a new client secret. A service account can have a maximum of two active secrets at a time.

• delete - delete an existing client secret. This requires putting client_secret in the request body. Deleting an existing client secret would render it invalid. A service account must have at least one active secret; calling delete with your last secret will fail.

• replace - simultaneously delete the existing client secret and generate a new secret. This option is recommended if your client_secret is compromised.