ApiManagementAuthz
POST
/v1/mgmt/authz/schema/load

Authorization

Descope Project ID and Management Key
AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Request Body

application/json

Load an authz schema for your project.

curl -X POST "https://api.descope.com/v1/mgmt/authz/schema/load" \  -H "Content-Type: application/json" \  -d '{}'
{  "schema": {    "namespaces": [      {        "name": "string",        "relationDefinitions": [          {            "name": "string",            "complexDefinition": {              "nType": "string",              "children": [                {}              ],              "expression": {                "neType": "string",                "relationDefinition": "string",                "relationDefinitionNamespace": "string",                "targetRelationDefinition": "string",                "targetRelationDefinitionNamespace": "string"              }            },            "conditionExpr": "string"          }        ]      }    ],    "name": "string",    "conditions": [      {        "name": "string",        "params": [          {            "name": "string",            "type": "string"          }        ],        "expression": "string",        "builtin": true      }    ]  }}
export type EmptyBody = ({} | null)export interface Response {schema?: {/** * List of namespaces in the schema */namespaces?: {/** * Name of the namespace (entity type) */name?: string/** * The relation definitions belonging to the namespace */relationDefinitions?: {/** * Name of the relation definition */name?: string/** * Optional complex definition for complex (union, intersect, sub) relation definitions */complexDefinition?: Node/** * DEPRECATED — DO NOT USE. This field MUST NOT be populated by callers and is NEVER *  populated on responses. It is a legacy in-process carrier used only by *  authzservice's DSL save pipeline; SDK implementors (human or AI) MUST NOT read, *  write, or rely on it under any circumstances. Author and read condition *  expressions exclusively through the DSL-based RPCs (SaveDSLSchema / LoadDSLSchema) *  using the `with` clause. This field will be removed in a future release. *  JSON shape, documented only for historical context: {"name":"DuringShift"} or *  {"op":"and","children":[...]}. */conditionExpr?: string}[]}[]name?: string/** * Conditions defined in the schema */conditions?: Condition[]}}export interface Node {/** * Node type can be either child, union, intersect or sub */nType?: string/** * For union, intersect or sub, the children nodes */children?: EmptyBody[]/** * The expression for child nodes */expression?: NodeExpression}export interface NodeExpression {/** * Expression type can be either self, userSet, relationLeft, relationRight */neType?: string/** * The name of the relation definition for self and relationLeft/Right */relationDefinition?: string/** * The namespace of the relation definition */relationDefinitionNamespace?: string/** * The name of the relation definition for targetSet as well as type of relation for target relationLeft/Right */targetRelationDefinition?: string/** * The namespace of the target relation definition */targetRelationDefinitionNamespace?: string}export interface Condition {name?: stringparams?: ConditionParam[]expression?: string/** * true for conditions auto-expanded from built-in constraint declarations */builtin?: boolean}export interface ConditionParam {name?: stringtype?: string}
Was this helpful?