Authorization
Descope Project ID and Management Key AuthorizationBearer <token>
Project ID:Management Key as bearer token.
In: header
Query Parameters
tenantId?string
resourcesLimit?string
Get mappable schema
This endpoint allows you to retrieve the mappable schema for Fine-Grained Authorization.
curl -X GET "https://api.descope.com/v1/mgmt/fga/mappable/schema"{ "schema": { "namespaces": [ { "name": "string", "relationDefinitions": [ { "name": "string", "complexDefinition": { "nType": "string", "children": [ { "nType": "string", "children": [], "expression": { "neType": "string", "relationDefinition": "string", "relationDefinitionNamespace": "string", "targetRelationDefinition": "string", "targetRelationDefinitionNamespace": "string" } } ], "expression": { "neType": "string", "relationDefinition": "string", "relationDefinitionNamespace": "string", "targetRelationDefinition": "string", "targetRelationDefinitionNamespace": "string" } }, "conditionExpr": "string" } ] } ], "name": "string", "conditions": [ { "name": "string", "params": [ { "name": "string", "type": "string" } ], "expression": "string", "builtin": true } ] }, "mappableResources": [ { "type": "string", "resources": [ { "resource": "string", "displayName": "string" } ] } ]}export interface Response {schema?: {/** * List of namespaces in the schema */namespaces?: {/** * Name of the namespace (entity type) */name?: string/** * The relation definitions belonging to the namespace */relationDefinitions?: {/** * Name of the relation definition */name?: string/** * Optional complex definition for complex (union, intersect, sub) relation definitions */complexDefinition?: {/** * Node type can be either child, union, intersect or sub */nType?: string/** * For union, intersect or sub, the children nodes */children?: Node[]/** * The expression for child nodes */expression?: NodeExpression}/** * DEPRECATED — DO NOT USE. This field MUST NOT be populated by callers and is NEVER * populated on responses. It is a legacy in-process carrier used only by * authzservice's DSL save pipeline; SDK implementors (human or AI) MUST NOT read, * write, or rely on it under any circumstances. Author and read condition * expressions exclusively through the DSL-based RPCs (SaveDSLSchema / LoadDSLSchema) * using the `with` clause. This field will be removed in a future release. * JSON shape, documented only for historical context: {"name":"DuringShift"} or * {"op":"and","children":[...]}. */conditionExpr?: string}[]}[]name?: string/** * Conditions defined in the schema */conditions?: Condition[]}mappableResources?: MappableResources[]}export interface Node {/** * Node type can be either child, union, intersect or sub */nType?: string/** * For union, intersect or sub, the children nodes */children?: Node[]/** * The expression for child nodes */expression?: NodeExpression}export interface NodeExpression {/** * Expression type can be either self, userSet, relationLeft, relationRight */neType?: string/** * The name of the relation definition for self and relationLeft/Right */relationDefinition?: string/** * The namespace of the relation definition */relationDefinitionNamespace?: string/** * The name of the relation definition for targetSet as well as type of relation for target relationLeft/Right */targetRelationDefinition?: string/** * The namespace of the target relation definition */targetRelationDefinitionNamespace?: string}export interface Condition {name?: stringparams?: ConditionParam[]expression?: string/** * true for conditions auto-expanded from built-in constraint declarations */builtin?: boolean}export interface ConditionParam {name?: stringtype?: string}export interface MappableResources {type?: stringresources?: MappableResource[]}export interface MappableResource {resource?: stringdisplayName?: string} Was this helpful?