Skip to main content
POST
/
api
/
v1
/
access_requests
/
bulk
Create multiple access requests
curl --request POST \
  --url https://api.accessowl.com/api/v1/access_requests/bulk \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "request_reason": "Need access to complete Q4 reporting",
  "requests": [
    {
      "permission_ids": [
        "7488a646-e31f-11e4-aace-600308960664"
      ],
      "resource_id": "7488a646-e31f-11e4-aace-600308960663"
    },
    {
      "permission_ids": [
        "7488a646-e31f-11e4-aace-600308960666"
      ],
      "resource_id": "7488a646-e31f-11e4-aace-600308960665"
    }
  ]
}
'
{
  "data": [
    {
      "application_id": "7488a646-e31f-11e4-aace-600308960662",
      "grantee_user_id": "9488a646-e31f-11e4-aace-600308960666",
      "id": "8488a646-e31f-11e4-aace-600308960665",
      "inserted_at": "2023-01-15T10:30:00Z",
      "permission_ids": [
        "7488a646-e31f-11e4-aace-600308960664"
      ],
      "provisioning_type": "automatic",
      "request_reason": "Need access to complete Q4 reporting",
      "requestor_user_id": "9488a646-e31f-11e4-aace-600308960666",
      "resource_id": "7488a646-e31f-11e4-aace-600308960663",
      "status": "pending_approval"
    }
  ]
}

Authorizations

Authorization
string
header
required

Bearer token authentication. Pass your AccessOwl API token in the Authorization header as Bearer <token>.

Headers

Idempotency-Key
string

Optional key (1–255 chars) for safely retrying a request. Reusing the same key for the same request returns 409 Conflict and is not processed again — this confirms the request was already received. Keys are retained for 14 days.

Required string length: 1 - 255

Body

application/json

Bulk access request parameters

Request body for creating multiple access requests

request_reason
string
required

Shared reason for all access requests

Maximum string length: 255
requests
BulkAccessRequestItem · object[]
required

List of access requests to create (max 10)

Required array length: 1 - 10 elements
user_id
string<uuid>

User to request access for. Required when authenticating with an API token. With a user login, defaults to the authenticated user if omitted.

Response

Access requests created

Response containing created access requests

data
AccessRequest · object[]
required

List of created access requests