client_id |
The API client's ID. |
client_description |
A human-readable description of the API client. |
client_name |
A descriptive, human-readable name for the API client. |
client_type |
The type of the API client's ownership and credential management. Possible values:
CLIENT. Indicates the creator owns and manages the credentials.USER_CLIENT. Indicates another user owns the client and manages the credentials.
|
created_by |
The user who created the API client. |
created_date |
The ISO 8601 timestamp indicating when the API client was created. |
actions |
Actions available on the API client. When set to true, you can perform a given action on the API client. Includes:
delete. Enables you to remove the API client.deactivate_all. Enables you to deactivate the API client's credentials.edit. Enables you to update the API client.edit_apis. Enables you to update the apis the API client can access, same as edit_auth.edit_auth. Enables you to update the apis the API client can access, same as edit_apis.edit_groups. Enables you to update the groups the API client can access.edit_ip_acl. Enables you to update the ip_acl the API client can access.edit_switch_account. Enables you to update the API client's option to manage many accounts.lock. Enables you to lock the API client.unlock. Enables you to unlock the API client.transfer. Enables you to transfer the API client to a new owner.
|
active_credential_count |
The number of credentials active for the API client. When the count is 0, you can delete the API client without interruption. |
allow_account_switch |
When true, the API client can manage more than one account. |
api_access |
The APIs the API client can access. Includes:
all_accessible_apis. When true, the API client can access a full set of available APIs.apis. The set of APIs the API client can access. It returns each API's details when all_accessible_apis is set to false. Includes:
access_level. The API client's access level defined on an API basis. Possible values:
READ-ONLYREAD-WRITECREDENTIAL-READ-ONLYCREDENTIAL-READ-WRITE
Note: CREDENTIAL-READ-ONLY and CREDENTIAL-READ-WRITE is returned only for the API Keys and Traffic Management API.
api_id. The API's ID. To get this value, run the Allowed APIs data source.api_name. A descriptive, human-readable name for the API.description. A human-readable description for the API.documentation_url. A link to the API's documentation.endpoint. An endpoint from which the API can access resources.
|
authorized_users |
The API client's valid users. To get the username, run the Authorized users data source. |
can_auto_create_credential |
When true, your API client can create credentials for a new API client. Defaults to false if not set.
Note: Auto-creating credentials is available only if the API client is created for the same user as the actor API client. |
base_url |
The base URL for the service. |
access_token |
The part of the client secret that identifies your API client and lets you access applications and resources. |
credentials |
The API client's credentials. Each credential record includes:
credential_id. The credential's ID.description. A human-readable description for the credential.client_token. The part of the credential that identifies the API client.created_on. The ISO 8601 timestamp indicating when the credential was created.description. A human-readable description for the credential.expires_on. The ISO 8601 timestamp indicating when the credential expires. The default expiration date is two years from the creation date.status. The credential's status, either ACTIVE, INACTIVE, or DELETED.actions. Actions available on the API client's credential. When set to true, you can perform a given action on the credential.
activate. Enables you to activate the credential.deactivate. Enables you to deactivate the credential.edit_description. Enables you to modify your credential's description.edit_expiration. Enables you to modify the credential's expiration date.delete. Enables you to remove the credential.
|
group_access |
The API client's group access. Includes:
clone_authorized_user_groups. When true, the API client's group access is copied from the authorized user.groups. Groups the API client can access. Each group record includes:
group_id. A group's ID.group_name. A descriptive, human-readable name for the group.is_blocked. When true, this blocks the API client's access to the group's child groups.parent_group_id. The parent group's ID within the group tree.sub_groups. Children of the parent group. Its nesting level is 50.role_description. A human-readable description for the role that conveys its use.role_id. A role's ID.role_name. A descriptive, human-readable name for the role.
|
ip_acl |
The API client's IP list restriction. Includes:
enable. When true, the API client can access the IP access control list (ACL). cidr. IP addresses or CIDR blocks the API client can access. These details are returned when enable is set to true.
|
notification_emails |
Email addresses of users who get notified when credentials expire. |
purge_options |
Provides details of the API client's access to the Fast Purge API. Includes:
can_purge_by_cache_tag. When true, the API client can purge content by cache tag.can_purge_by_cp_code. When true, the API client can purge content by CP code.cp_code_access. CP codes the API client can purge. Includes:
all_current_and_new_cp_codes. When true, the API client can purge content by all current and new CP codes.cp_codes. CP codes the API client can purge. To get these values, run the List allowed CP codes operation from the Identity and Access Management API.
Notes:
- The details of
purge_options are returned if the apis argument includes an api_name of CCU APIs or the all_accessible_apis argument is set to true.
- The details of
cp_codes aren't returned if the all_current_and_new_cp_codes argument is set to true or clone_authorized_user_groups is false.
|
is_locked |
When true, the API client is locked. |
