FinSpace Public API

2022/02/28 - FinSpace Public API - 11 new api methods

Changes  Add new APIs for managing Users and Permission Groups.

CreatePermissionGroup (new) Link ¶

Creates a group of permissions for various actions that a user can perform in FinSpace.

See also: AWS API Documentation

Request Syntax

client.create_permission_group(
    name='string',
    description='string',
    applicationPermissions=[
        'CreateDataset'|'ManageClusters'|'ManageUsersAndGroups'|'ManageAttributeSets'|'ViewAuditData'|'AccessNotebooks'|'GetTemporaryCredentials',
    ],
    clientToken='string'
)
type name

string

param name

[REQUIRED]

The name of the permission group.

type description

string

param description

A brief description for the permission group.

type applicationPermissions

list

param applicationPermissions

[REQUIRED]

The option to indicate FinSpace application permissions that are granted to a specific group.

  • CreateDataset – Group members can create new datasets.

  • ManageClusters – Group members can manage Apache Spark clusters from FinSpace notebooks.

  • ManageUsersAndGroups – Group members can manage users and permission groups.

  • ManageAttributeSets – Group members can manage attribute sets.

  • ViewAuditData – Group members can view audit data.

  • AccessNotebooks – Group members will have access to FinSpace notebooks.

  • GetTemporaryCredentials – Group members can get temporary API credentials.

  • (string) --

type clientToken

string

param clientToken

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'permissionGroupId': 'string'
}

Response Structure

  • (dict) --

    • permissionGroupId (string) --

      The unique identifier for the permission group.

UpdatePermissionGroup (new) Link ¶

Modifies the details of a permission group. You cannot modify a permissionGroupID .

See also: AWS API Documentation

Request Syntax

client.update_permission_group(
    permissionGroupId='string',
    name='string',
    description='string',
    applicationPermissions=[
        'CreateDataset'|'ManageClusters'|'ManageUsersAndGroups'|'ManageAttributeSets'|'ViewAuditData'|'AccessNotebooks'|'GetTemporaryCredentials',
    ],
    clientToken='string'
)
type permissionGroupId

string

param permissionGroupId

[REQUIRED]

The unique identifier for the permission group to update.

type name

string

param name

The name of the permission group.

type description

string

param description

A brief description for the permission group.

type applicationPermissions

list

param applicationPermissions

The permissions that are granted to a specific group for accessing the FinSpace application.

  • CreateDataset – Group members can create new datasets.

  • ManageClusters – Group members can manage Apache Spark clusters from FinSpace notebooks.

  • ManageUsersAndGroups – Group members can manage users and permission groups.

  • ManageAttributeSets – Group members can manage attribute sets.

  • ViewAuditData – Group members can view audit data.

  • AccessNotebooks – Group members will have access to FinSpace notebooks.

  • GetTemporaryCredentials – Group members can get temporary API credentials.

  • (string) --

type clientToken

string

param clientToken

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'permissionGroupId': 'string'
}

Response Structure

  • (dict) --

    • permissionGroupId (string) --

      The unique identifier for the updated permission group.

GetUser (new) Link ¶

Retrieves details for a specific user.

See also: AWS API Documentation

Request Syntax

client.get_user(
    userId='string'
)
type userId

string

param userId

[REQUIRED]

The unique identifier of the user to get data for.

rtype

dict

returns

Response Syntax

{
    'userId': 'string',
    'status': 'CREATING'|'ENABLED'|'DISABLED',
    'firstName': 'string',
    'lastName': 'string',
    'emailAddress': 'string',
    'type': 'SUPER_USER'|'APP_USER',
    'apiAccess': 'ENABLED'|'DISABLED',
    'apiAccessPrincipalArn': 'string',
    'createTime': 123,
    'lastEnabledTime': 123,
    'lastDisabledTime': 123,
    'lastModifiedTime': 123,
    'lastLoginTime': 123
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier for the user account that is retrieved.

    • status (string) --

      The current status of the user account.

      • CREATING – The user account creation is in progress.

      • ENABLED – The user account is created and is currently active.

      • DISABLED – The user account is currently inactive.

    • firstName (string) --

      The first name of the user.

    • lastName (string) --

      The last name of the user.

    • emailAddress (string) --

      The email address that is associated with the user.

    • type (string) --

      Indicates the type of user.

      • SUPER_USER – A user with permission to all the functionality and data in FinSpace.

      • APP_USER – A user with specific permissions in FinSpace. The users are assigned permissions by adding them to a permissions group.

    • apiAccess (string) --

      Indicates whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.

      • ENABLED – The user has permissions to use the APIs.

      • DISABLED – The user does not have permissions to use any APIs.

    • apiAccessPrincipalArn (string) --

      The ARN identifier of an AWS user or role that is allowed to call the GetProgrammaticAccessCredentials API to obtain a credentials token for a specific FinSpace user. This must be an IAM role within your FinSpace account.

    • createTime (integer) --

      The timestamp at which the user account was created in FinSpace. The value is determined as epoch time in milliseconds.

    • lastEnabledTime (integer) --

      Describes the last time the user account was enabled. The value is determined as epoch time in milliseconds.

    • lastDisabledTime (integer) --

      Describes the last time the user account was disabled. The value is determined as epoch time in milliseconds.

    • lastModifiedTime (integer) --

      Describes the last time the user account was updated. The value is determined as epoch time in milliseconds.

    • lastLoginTime (integer) --

      Describes the last time that the user logged into their account. The value is determined as epoch time in milliseconds.

DisableUser (new) Link ¶

Denies access to the FinSpace web application and API for the specified user.

See also: AWS API Documentation

Request Syntax

client.disable_user(
    userId='string',
    clientToken='string'
)
type userId

string

param userId

[REQUIRED]

The unique identifier for the user account that you want to disable.

type clientToken

string

param clientToken

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'userId': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier for the disabled user account.

CreateUser (new) Link ¶

Creates a new user in FinSpace.

See also: AWS API Documentation

Request Syntax

client.create_user(
    emailAddress='string',
    type='SUPER_USER'|'APP_USER',
    firstName='string',
    lastName='string',
    ApiAccess='ENABLED'|'DISABLED',
    apiAccessPrincipalArn='string',
    clientToken='string'
)
type emailAddress

string

param emailAddress

[REQUIRED]

The email address of the user that you want to register. The email address serves as a uniquer identifier for each user and cannot be changed after it's created.

type type

string

param type

[REQUIRED]

The option to indicate the type of user. Use one of the following options to specify this parameter:

  • SUPER_USER – A user with permission to all the functionality and data in FinSpace.

  • APP_USER – A user with specific permissions in FinSpace. The users are assigned permissions by adding them to a permission group.

type firstName

string

param firstName

The first name of the user that you want to register.

type lastName

string

param lastName

The last name of the user that you want to register.

type ApiAccess

string

param ApiAccess

The option to indicate whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.

  • ENABLED – The user has permissions to use the APIs.

  • DISABLED – The user does not have permissions to use any APIs.

type apiAccessPrincipalArn

string

param apiAccessPrincipalArn

The ARN identifier of an AWS user or role that is allowed to call the GetProgrammaticAccessCredentials API to obtain a credentials token for a specific FinSpace user. This must be an IAM role within your FinSpace account.

type clientToken

string

param clientToken

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'userId': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier for the user.

ResetUserPassword (new) Link ¶

Resets the password for a specified user ID and generates a temporary one. Only a superuser can reset password for other users. Resetting the password immediately invalidates the previous password associated with the user.

See also: AWS API Documentation

Request Syntax

client.reset_user_password(
    userId='string',
    clientToken='string'
)
type userId

string

param userId

[REQUIRED]

The unique identifier of the user that a temporary password is requested for.

type clientToken

string

param clientToken

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'userId': 'string',
    'temporaryPassword': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier of the user that a new password is generated for.

    • temporaryPassword (string) --

      A randomly generated temporary password for the requested user account. This password expires in 7 days.

ListUsers (new) Link ¶

Lists all available user accounts in FinSpace.

See also: AWS API Documentation

Request Syntax

client.list_users(
    nextToken='string',
    maxResults=123
)
type nextToken

string

param nextToken

A token that indicates where a results page should begin.

type maxResults

integer

param maxResults

[REQUIRED]

The maximum number of results per page.

rtype

dict

returns

Response Syntax

{
    'users': [
        {
            'userId': 'string',
            'status': 'CREATING'|'ENABLED'|'DISABLED',
            'firstName': 'string',
            'lastName': 'string',
            'emailAddress': 'string',
            'type': 'SUPER_USER'|'APP_USER',
            'apiAccess': 'ENABLED'|'DISABLED',
            'apiAccessPrincipalArn': 'string',
            'createTime': 123,
            'lastEnabledTime': 123,
            'lastDisabledTime': 123,
            'lastModifiedTime': 123,
            'lastLoginTime': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • users (list) --

      A list of all the user accounts.

      • (dict) --

        The details of the user account.

        • userId (string) --

          The unique identifier for the user.

        • status (string) --

          The current status of the user account.

          • CREATING – The user account creation is in progress.

          • ENABLED – The user account is created and is currently active.

          • DISABLED – The user account is currently inactive.

        • firstName (string) --

          The first name of the user.

        • lastName (string) --

          The last name of the user.

        • emailAddress (string) --

          The email address of the user. The email address serves as a uniquer identifier for each user and cannot be changed after it's created.

        • type (string) --

          Indicates the type of user.

          • SUPER_USER – A user with permission to all the functionality and data in FinSpace.

          • APP_USER – A user with specific permissions in FinSpace. The users are assigned permissions by adding them to a permissions group.

        • apiAccess (string) --

          Indicates whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.

          • ENABLED – The user has permissions to use the APIs.

          • DISABLED – The user does not have permissions to use any APIs.

        • apiAccessPrincipalArn (string) --

          The ARN identifier of an AWS user or role that is allowed to call the GetProgrammaticAccessCredentials API to obtain a credentials token for a specific FinSpace user. This must be an IAM role within your FinSpace account.

        • createTime (integer) --

          The timestamp at which the user account was created in FinSpace. The value is determined as epoch time in milliseconds.

        • lastEnabledTime (integer) --

          Describes the last time the user account was enabled. The value is determined as epoch time in milliseconds.

        • lastDisabledTime (integer) --

          Describes the last time the user account was disabled. The value is determined as epoch time in milliseconds.

        • lastModifiedTime (integer) --

          Describes the last time the user account was updated. The value is determined as epoch time in milliseconds.

        • lastLoginTime (integer) --

          Describes the last time that the user logged into their account. The value is determined as epoch time in milliseconds.

    • nextToken (string) --

      A token that indicates where a results page should begin.

EnableUser (new) Link ¶

Allows the specified user to access the FinSpace web application and API.

See also: AWS API Documentation

Request Syntax

client.enable_user(
    userId='string',
    clientToken='string'
)
type userId

string

param userId

[REQUIRED]

The unique identifier for the user account that you want to enable.

type clientToken

string

param clientToken

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'userId': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier for the enabled user account.

DeletePermissionGroup (new) Link ¶

Deletes a permission group. This action is irreversible.

See also: AWS API Documentation

Request Syntax

client.delete_permission_group(
    permissionGroupId='string',
    clientToken='string'
)
type permissionGroupId

string

param permissionGroupId

[REQUIRED]

The unique identifier for the permission group that you want to delete.

type clientToken

string

param clientToken

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'permissionGroupId': 'string'
}

Response Structure

  • (dict) --

    • permissionGroupId (string) --

      The unique identifier for the deleted permission group.

ListPermissionGroups (new) Link ¶

Lists all available permission groups in FinSpace.

See also: AWS API Documentation

Request Syntax

client.list_permission_groups(
    nextToken='string',
    maxResults=123
)
type nextToken

string

param nextToken

A token that indicates where a results page should begin.

type maxResults

integer

param maxResults

[REQUIRED]

The maximum number of results per page.

rtype

dict

returns

Response Syntax

{
    'permissionGroups': [
        {
            'permissionGroupId': 'string',
            'name': 'string',
            'description': 'string',
            'applicationPermissions': [
                'CreateDataset'|'ManageClusters'|'ManageUsersAndGroups'|'ManageAttributeSets'|'ViewAuditData'|'AccessNotebooks'|'GetTemporaryCredentials',
            ],
            'createTime': 123,
            'lastModifiedTime': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • permissionGroups (list) --

      A list of all the permission groups.

      • (dict) --

        The structure for a permission group.

        • permissionGroupId (string) --

          The unique identifier for the permission group.

        • name (string) --

          The name of the permission group.

        • description (string) --

          A brief description for the permission group.

        • applicationPermissions (list) --

          Indicates the permissions that are granted to a specific group for accessing the FinSpace application.

          • CreateDataset – Group members can create new datasets.

          • ManageClusters – Group members can manage Apache Spark clusters from FinSpace notebooks.

          • ManageUsersAndGroups – Group members can manage users and permission groups.

          • ManageAttributeSets – Group members can manage attribute sets.

          • ViewAuditData – Group members can view audit data.

          • AccessNotebooks – Group members will have access to FinSpace notebooks.

          • GetTemporaryCredentials – Group members can get temporary API credentials.

          • (string) --

        • createTime (integer) --

          The timestamp at which the group was created in FinSpace. The value is determined as epoch time in milliseconds.

        • lastModifiedTime (integer) --

          Describes the last time the permission group was updated. The value is determined as epoch time in milliseconds.

    • nextToken (string) --

      A token that indicates where a results page should begin.

UpdateUser (new) Link ¶

Modifies the details of the specified user account. You cannot update the userId for a user.

See also: AWS API Documentation

Request Syntax

client.update_user(
    userId='string',
    type='SUPER_USER'|'APP_USER',
    firstName='string',
    lastName='string',
    apiAccess='ENABLED'|'DISABLED',
    apiAccessPrincipalArn='string',
    clientToken='string'
)
type userId

string

param userId

[REQUIRED]

The unique identifier for the user account to update.

type type

string

param type

The option to indicate the type of user.

  • SUPER_USER – A user with permission to all the functionality and data in FinSpace.

  • APP_USER – A user with specific permissions in FinSpace. The users are assigned permissions by adding them to a permissions group.

type firstName

string

param firstName

The first name of the user.

type lastName

string

param lastName

The last name of the user.

type apiAccess

string

param apiAccess

The option to indicate whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.

  • ENABLED – The user has permissions to use the APIs.

  • DISABLED – The user does not have permissions to use any APIs.

type apiAccessPrincipalArn

string

param apiAccessPrincipalArn

The ARN identifier of an AWS user or role that is allowed to call the GetProgrammaticAccessCredentials API to obtain a credentials token for a specific FinSpace user. This must be an IAM role within your FinSpace account.

type clientToken

string

param clientToken

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'userId': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier of the updated user account.