The Infisical REST API provides programmatic access to secrets management, machine identity administration, PKI certificate issuance, and privileged access management. The API uses per-resource versioning, Bearer token authentication via Universal Auth machine identities, and supports create, read, update, and delete operations on secrets as well as audit log queries, project management, and access control configuration.
openapi: 3.0.3
info:
title: Infisical API
description: List of all available APIs that can be consumed
version: 0.0.1
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: An access token in Infisical
schemas: {}
paths:
/api/v1/organization/roles:
post:
tags:
- Organization Roles
description: Create an organization role
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
slug:
type: string
minLength: 1
maxLength: 64
description: The slug of the role.
name:
type: string
minLength: 1
description: The name of the role.
description:
type: string
nullable: true
description: The description for the role.
permissions:
type: array
items:
anyOf:
- type: object
properties:
subject:
type: string
enum:
- workspace
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- create
- type: array
items:
type: string
enum:
- create
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- project
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- create
- request-access
- type: array
items:
type: string
enum:
- create
- request-access
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- role
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- sub-organization
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- create
- edit
- delete
- direct-access
- link-group
- type: array
items:
type: string
enum:
- create
- edit
- delete
- direct-access
- link-group
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- member
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- settings
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- incident-contact
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- sso
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- bypass-sso-enforcement
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
- bypass-sso-enforcement
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- scim
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- github-org-sync
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- github-org-sync-manual
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- ldap
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- groups
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- grant-privileges
- add-identities
- add-members
- remove-members
- remove-identities
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
- grant-privileges
- add-identities
- add-members
- remove-members
- remove-identities
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- secret-scanning
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- billing
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- manage-billing
- type: array
items:
type: string
enum:
- read
- manage-billing
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- identity
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- grant-privileges
- revoke-auth
- create-token
- get-token
- delete-token
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
- grant-privileges
- revoke-auth
- create-token
- get-token
- delete-token
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- kms
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- audit-logs
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- type: array
items:
type: string
enum:
- read
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- project-templates
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- app-connections
description: The entity this permission pertains to.
inverted:
type: boolean
description: Whether rule allows or forbids.
action:
anyOf:
- type: string
enum:
- read
- create
- edit
- delete
- connect
- rotate-credentials
- type: array
items:
type: string
enum:
- read
- create
- edit
- delete
- connect
- rotate-credentials
minItems: 1
description: Describe what action an entity can take.
conditions:
type: object
properties:
connectionId:
anyOf:
- type: string
- type: object
properties:
$eq:
type: string
minLength: 1
$ne:
type: string
minLength: 1
$in:
type: array
items:
type: string
minLength: 1
additionalProperties: false
additionalProperties: false
description: When specified, only matching conditions will be allowed to access given resource.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- organization-admin-console
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- access-all-projects
- type: array
items:
type: string
enum:
- access-all-projects
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- secret-share
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- manage-settings
- type: array
items:
type: string
enum:
- manage-settings
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- kmip
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- proxy
- type: array
items:
type: string
enum:
- proxy
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- machine-identity-auth-template
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- list-templates
- edit-templates
- create-templates
- delete-templates
- unlink-templates
- attach-templates
- type: array
items:
type: string
enum:
- list-templates
- edit-templates
- create-templates
- delete-templates
- unlink-templates
- attach-templates
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- gateway
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- create-gateways
- list-gateways
- edit-gateways
- delete-gateways
- attach-gateways
- revoke-gateway-access
- type: array
items:
type: string
enum:
- create-gateways
- list-gateways
- edit-gateways
- delete-gateways
- attach-gateways
- revoke-gateway-access
minItems: 1
description: Describe what action an entity can take.
required:
- subject
- action
additionalProperties: false
- type: object
properties:
subject:
type: string
enum:
- gateway-pool
description: The entity this permission pertains to.
action:
anyOf:
- type: string
enum:
- create-gateway-pools
- list-gateway-pools
- edit-gateway-pools
- delete-gateway-pools
- attach-gateway-pools
- type: array
items:
type: string
enum:
- create-gateway-pools
- list-gateway-pools
- edit-gateway-pools
- delete-gateway-pools
- attach-gateway-pools
minItems: 1
description: Describe what action an entity
# --- truncated at 32 KB (22418 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/infisical/refs/heads/main/openapi/infisical-infisical-api-openapi.yml