Bentley Systems

iTwin Access Control API

Manage user permissions, roles, group memberships, owner members, share invitations, and job-based access for iTwin projects. Provides role-based access control across the iTwin Platform with 39 operations covering invitations, group/user membership, share links, and permission discovery.

iTwin Access Control API is one of 32 APIs that Bentley Systems publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

This API exposes 3 machine-runnable capabilities that can be deployed as REST, MCP, or Agent Skill surfaces via Naftiko.

Tagged areas include Access Control, Identity, Permissions, Roles, and Groups. The published artifact set on APIs.io includes API documentation, an API reference, an OpenAPI specification, and 3 Naftiko capability specs.

GitHub OpenAPI

Documentation

📖
Documentation
https://developer.bentley.com/apis/access-control-v2/
📖
APIReference
https://developer.bentley.com/apis/access-control-v2/operations/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/bentley-systems/refs/heads/main/openapi/itwin-access-control-openapi.yml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/bentley-systems/refs/heads/main/capabilities/access-control-permissions.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/bentley-systems/refs/heads/main/capabilities/access-control-roles.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/bentley-systems/refs/heads/main/capabilities/access-control-members.yaml

OpenAPI Specification

itwin-access-control-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: iTwin Access Control API
  description: "Role-based access control for iTwins \u2014 permissions, roles, group membership, owner members, invitations,\
    \ shares, and job-based access."
  version: '1.0'
  contact:
    name: Bentley Developer Relations
    url: https://developer.bentley.com/apis/access-control/
  license:
    name: Bentley Developer Portal Terms
    url: https://developer.bentley.com/legal/
servers:
- url: https://api.bentley.com/accesscontrol
  description: iTwin Platform Production
externalDocs:
  description: iTwin Access Control API Documentation
  url: https://developer.bentley.com/apis/access-control/
tags:
- name: Members
  description: Members resources for the iTwin Access Control API.
- name: Groups
  description: Groups resources for the iTwin Access Control API.
- name: Roles
  description: Roles resources for the iTwin Access Control API.
- name: Invitations
  description: Invitations resources for the iTwin Access Control API.
- name: Shares
  description: Shares resources for the iTwin Access Control API.
- name: Jobs
  description: Jobs resources for the iTwin Access Control API.
- name: Permissions
  description: Permissions resources for the iTwin Access Control API.
security:
- OAuth2: []
paths:
  /itwins/{iTwinId}/members/users:
    parameters:
    - name: iTwinId
      in: path
      required: true
      schema:
        type: string
        format: uuid
    get:
      tags:
      - Members
      summary: Get Members
      operationId: GetMembers
      responses:
        '200':
          description: List of Members
          content:
            application/json:
              schema:
                type: object
    post:
      tags:
      - Members
      summary: Create Member
      operationId: CreateMember
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '201':
          description: Member created
          content:
            application/json:
              schema:
                type: object
  /itwins/{iTwinId}/members/groups:
    parameters:
    - name: iTwinId
      in: path
      required: true
      schema:
        type: string
        format: uuid
    get:
      tags:
      - Groups
      summary: Get Groups
      operationId: GetGroups
      responses:
        '200':
          description: List of Groups
          content:
            application/json:
              schema:
                type: object
    post:
      tags:
      - Groups
      summary: Create Group
      operationId: CreateGroup
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '201':
          description: Group created
          content:
            application/json:
              schema:
                type: object
  /itwins/{iTwinId}/roles:
    parameters:
    - name: iTwinId
      in: path
      required: true
      schema:
        type: string
        format: uuid
    get:
      tags:
      - Roles
      summary: Get Roles
      operationId: GetRoles
      responses:
        '200':
          description: List of Roles
          content:
            application/json:
              schema:
                type: object
    post:
      tags:
      - Roles
      summary: Create Role
      operationId: CreateRole
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '201':
          description: Role created
          content:
            application/json:
              schema:
                type: object
  /itwins/{iTwinId}/invitations:
    parameters:
    - name: iTwinId
      in: path
      required: true
      schema:
        type: string
        format: uuid
    get:
      tags:
      - Invitations
      summary: Get Invitations
      operationId: GetInvitations
      responses:
        '200':
          description: List of Invitations
          content:
            application/json:
              schema:
                type: object
    post:
      tags:
      - Invitations
      summary: Create Invitation
      operationId: CreateInvitation
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '201':
          description: Invitation created
          content:
            application/json:
              schema:
                type: object
  /itwins/{iTwinId}/shares:
    parameters:
    - name: iTwinId
      in: path
      required: true
      schema:
        type: string
        format: uuid
    get:
      tags:
      - Shares
      summary: Get Shares
      operationId: GetShares
      responses:
        '200':
          description: List of Shares
          content:
            application/json:
              schema:
                type: object
    post:
      tags:
      - Shares
      summary: Create Share
      operationId: CreateShare
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '201':
          description: Share created
          content:
            application/json:
              schema:
                type: object
  /itwins/{iTwinId}/jobs:
    parameters:
    - name: iTwinId
      in: path
      required: true
      schema:
        type: string
        format: uuid
    get:
      tags:
      - Jobs
      summary: Get Jobs
      operationId: GetJobs
      responses:
        '200':
          description: List of Jobs
          content:
            application/json:
              schema:
                type: object
    post:
      tags:
      - Jobs
      summary: Create Job
      operationId: CreateJob
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '201':
          description: Job created
          content:
            application/json:
              schema:
                type: object
  /permissions:
    get:
      tags:
      - Permissions
      summary: Get Permissions
      operationId: GetPermissions
      responses:
        '200':
          description: List of Permissions
          content:
            application/json:
              schema:
                type: object
    post:
      tags:
      - Permissions
      summary: Create Permission
      operationId: CreatePermission
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '201':
          description: Permission created
          content:
            application/json:
              schema:
                type: object
components:
  securitySchemes:
    OAuth2:
      type: oauth2
      description: "iTwin Platform OAuth2 \u2014 Bentley IMS"
      flows:
        authorizationCode:
          authorizationUrl: https://ims.bentley.com/connect/authorize
          tokenUrl: https://ims.bentley.com/connect/token
          scopes:
            itwin-platform: Full access to iTwin Platform APIs
  schemas:
    Error:
      type: object
      properties:
        error:
          type: object
          properties:
            code:
              type: string
            message:
              type: string
            details:
              type: array
              items:
                type: object