Skip to main content
POST
/
api
/
v1
/
access_requests
Create an access request
curl --request POST \
  --url https://api.accessowl.com/api/v1/access_requests \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "permission_ids": [
    "7488a646-e31f-11e4-aace-600308960664"
  ],
  "request_reason": "Need access to complete Q4 reporting",
  "resource_id": "7488a646-e31f-11e4-aace-600308960663"
}
'
{
  "application_id": "7488a646-e31f-11e4-aace-600308960662",
  "grantee_user_id": "9488a646-e31f-11e4-aace-600308960666",
  "id": "8488a646-e31f-11e4-aace-600308960665",
  "inserted_at": "2023-01-15T10:30:00Z",
  "permission_ids": [
    "7488a646-e31f-11e4-aace-600308960664"
  ],
  "provisioning_type": "automatic",
  "request_reason": "Need access to complete Q4 reporting",
  "requestor_user_id": "9488a646-e31f-11e4-aace-600308960666",
  "resource_id": "7488a646-e31f-11e4-aace-600308960663",
  "status": "pending_approval"
}

Authorizations

Authorization
string
header
required

Bearer token authentication. Pass your AccessOwl API token in the Authorization header as Bearer <token>.

Headers

Idempotency-Key
string

Optional key (1–255 chars) for safely retrying a request. Reusing the same key for the same request returns 409 Conflict and is not processed again — this confirms the request was already received. Keys are retained for 14 days.

Required string length: 1 - 255

Body

application/json

Access request parameters

Request body for creating an access request

permission_ids
string<uuid>[]
required

List of permission IDs to request

Minimum array length: 1
request_reason
string
required

Reason for requesting access

Maximum string length: 255
resource_id
string<uuid>
required

Resource ID to request access to

user_id
string<uuid>

User to request access for. Required when authenticating with an API token. With a user login, defaults to the authenticated user if omitted.

Response

Access request created

An access request

application_id
string<uuid>
required

Application ID

id
string<uuid>
required

Access request ID

permission_ids
string<uuid>[]
required

Requested permission IDs

request_reason
string
required

Request reason

resource_id
string<uuid>
required

Resource ID

status
enum<string>
required

Current status of the access request

Available options:
pending_approval,
pending_permissions_assignment,
access_granted,
denied,
rejected,
processing_access,
scheduled,
pending_dependency
grantee_user_id
string<uuid>

User ID of the grantee

inserted_at
string<date-time>

Creation timestamp

provisioning_type
enum<string> | null

Provisioning type

Available options:
application_admin,
automatic
requestor_user_id
string<uuid>

User ID of the requestor