FinSpace Public API

2022/02/28 - FinSpace Public API - 11 new api methods

Changes  Add new APIs for managing Users and Permission Groups.

CreatePermissionGroup (new) Link ¶

Creates a group of permissions for various actions that a user can perform in FinSpace.

See also: AWS API Documentation

Request Syntax

client.create_permission_group(
    name='string',
    description='string',
    applicationPermissions=[
        'CreateDataset'|'ManageClusters'|'ManageUsersAndGroups'|'ManageAttributeSets'|'ViewAuditData'|'AccessNotebooks'|'GetTemporaryCredentials',
    ],
    clientToken='string'
)
type name:

string

param name:

[REQUIRED]

The name of the permission group.

type description:

string

param description:

A brief description for the permission group.

type applicationPermissions:

list

param applicationPermissions:

[REQUIRED]

The option to indicate FinSpace application permissions that are granted to a specific group.

  • CreateDataset – Group members can create new datasets.

  • ManageClusters – Group members can manage Apache Spark clusters from FinSpace notebooks.

  • ManageUsersAndGroups – Group members can manage users and permission groups.

  • ManageAttributeSets – Group members can manage attribute sets.

  • ViewAuditData – Group members can view audit data.

  • AccessNotebooks – Group members will have access to FinSpace notebooks.

  • GetTemporaryCredentials – Group members can get temporary API credentials.

  • (string) --

type clientToken:

string

param clientToken:

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'permissionGroupId': 'string'
}

Response Structure

  • (dict) --

    • permissionGroupId (string) --

      The unique identifier for the permission group.

DeletePermissionGroup (new) Link ¶

Deletes a permission group. This action is irreversible.

See also: AWS API Documentation

Request Syntax

client.delete_permission_group(
    permissionGroupId='string',
    clientToken='string'
)
type permissionGroupId:

string

param permissionGroupId:

[REQUIRED]

The unique identifier for the permission group that you want to delete.

type clientToken:

string

param clientToken:

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'permissionGroupId': 'string'
}

Response Structure

  • (dict) --

    • permissionGroupId (string) --

      The unique identifier for the deleted permission group.

ResetUserPassword (new) Link ¶

Resets the password for a specified user ID and generates a temporary one. Only a superuser can reset password for other users. Resetting the password immediately invalidates the previous password associated with the user.

See also: AWS API Documentation

Request Syntax

client.reset_user_password(
    userId='string',
    clientToken='string'
)
type userId:

string

param userId:

[REQUIRED]

The unique identifier of the user that a temporary password is requested for.

type clientToken:

string

param clientToken:

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'userId': 'string',
    'temporaryPassword': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier of the user that a new password is generated for.

    • temporaryPassword (string) --

      A randomly generated temporary password for the requested user account. This password expires in 7 days.

EnableUser (new) Link ¶

Allows the specified user to access the FinSpace web application and API.

See also: AWS API Documentation

Request Syntax

client.enable_user(
    userId='string',
    clientToken='string'
)
type userId:

string

param userId:

[REQUIRED]

The unique identifier for the user account that you want to enable.

type clientToken:

string

param clientToken:

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'userId': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier for the enabled user account.

UpdatePermissionGroup (new) Link ¶

Modifies the details of a permission group. You cannot modify a permissionGroupID.

See also: AWS API Documentation

Request Syntax

client.update_permission_group(
    permissionGroupId='string',
    name='string',
    description='string',
    applicationPermissions=[
        'CreateDataset'|'ManageClusters'|'ManageUsersAndGroups'|'ManageAttributeSets'|'ViewAuditData'|'AccessNotebooks'|'GetTemporaryCredentials',
    ],
    clientToken='string'
)
type permissionGroupId:

string

param permissionGroupId:

[REQUIRED]

The unique identifier for the permission group to update.

type name:

string

param name:

The name of the permission group.

type description:

string

param description:

A brief description for the permission group.

type applicationPermissions:

list

param applicationPermissions:

The permissions that are granted to a specific group for accessing the FinSpace application.

  • CreateDataset – Group members can create new datasets.

  • ManageClusters – Group members can manage Apache Spark clusters from FinSpace notebooks.

  • ManageUsersAndGroups – Group members can manage users and permission groups.

  • ManageAttributeSets – Group members can manage attribute sets.

  • ViewAuditData – Group members can view audit data.

  • AccessNotebooks – Group members will have access to FinSpace notebooks.

  • GetTemporaryCredentials – Group members can get temporary API credentials.

  • (string) --

type clientToken:

string

param clientToken:

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'permissionGroupId': 'string'
}

Response Structure

  • (dict) --

    • permissionGroupId (string) --

      The unique identifier for the updated permission group.

UpdateUser (new) Link ¶

Modifies the details of the specified user account. You cannot update the userId for a user.

See also: AWS API Documentation

Request Syntax

client.update_user(
    userId='string',
    type='SUPER_USER'|'APP_USER',
    firstName='string',
    lastName='string',
    apiAccess='ENABLED'|'DISABLED',
    apiAccessPrincipalArn='string',
    clientToken='string'
)
type userId:

string

param userId:

[REQUIRED]

The unique identifier for the user account to update.

type type:

string

param type:

The option to indicate the type of user.

  • SUPER_USER– A user with permission to all the functionality and data in FinSpace.

  • APP_USER – A user with specific permissions in FinSpace. The users are assigned permissions by adding them to a permissions group.

type firstName:

string

param firstName:

The first name of the user.

type lastName:

string

param lastName:

The last name of the user.

type apiAccess:

string

param apiAccess:

The option to indicate whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.

  • ENABLED – The user has permissions to use the APIs.

  • DISABLED – The user does not have permissions to use any APIs.

type apiAccessPrincipalArn:

string

param apiAccessPrincipalArn:

The ARN identifier of an AWS user or role that is allowed to call the GetProgrammaticAccessCredentials API to obtain a credentials token for a specific FinSpace user. This must be an IAM role within your FinSpace account.

type clientToken:

string

param clientToken:

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'userId': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier of the updated user account.

GetUser (new) Link ¶

Retrieves details for a specific user.

See also: AWS API Documentation

Request Syntax

client.get_user(
    userId='string'
)
type userId:

string

param userId:

[REQUIRED]

The unique identifier of the user to get data for.

rtype:

dict

returns:

Response Syntax

{
    'userId': 'string',
    'status': 'CREATING'|'ENABLED'|'DISABLED',
    'firstName': 'string',
    'lastName': 'string',
    'emailAddress': 'string',
    'type': 'SUPER_USER'|'APP_USER',
    'apiAccess': 'ENABLED'|'DISABLED',
    'apiAccessPrincipalArn': 'string',
    'createTime': 123,
    'lastEnabledTime': 123,
    'lastDisabledTime': 123,
    'lastModifiedTime': 123,
    'lastLoginTime': 123
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier for the user account that is retrieved.

    • status (string) --

      The current status of the user account.

      • CREATING – The user account creation is in progress.

      • ENABLED – The user account is created and is currently active.

      • DISABLED – The user account is currently inactive.

    • firstName (string) --

      The first name of the user.

    • lastName (string) --

      The last name of the user.

    • emailAddress (string) --

      The email address that is associated with the user.

    • type (string) --

      Indicates the type of user.

      • SUPER_USER – A user with permission to all the functionality and data in FinSpace.

      • APP_USER – A user with specific permissions in FinSpace. The users are assigned permissions by adding them to a permissions group.

    • apiAccess (string) --

      Indicates whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.

      • ENABLED – The user has permissions to use the APIs.

      • DISABLED – The user does not have permissions to use any APIs.

    • apiAccessPrincipalArn (string) --

      The ARN identifier of an AWS user or role that is allowed to call the GetProgrammaticAccessCredentials API to obtain a credentials token for a specific FinSpace user. This must be an IAM role within your FinSpace account.

    • createTime (integer) --

      The timestamp at which the user account was created in FinSpace. The value is determined as epoch time in milliseconds.

    • lastEnabledTime (integer) --

      Describes the last time the user account was enabled. The value is determined as epoch time in milliseconds.

    • lastDisabledTime (integer) --

      Describes the last time the user account was disabled. The value is determined as epoch time in milliseconds.

    • lastModifiedTime (integer) --

      Describes the last time the user account was updated. The value is determined as epoch time in milliseconds.

    • lastLoginTime (integer) --

      Describes the last time that the user logged into their account. The value is determined as epoch time in milliseconds.

DisableUser (new) Link ¶

Denies access to the FinSpace web application and API for the specified user.

See also: AWS API Documentation

Request Syntax

client.disable_user(
    userId='string',
    clientToken='string'
)
type userId:

string

param userId:

[REQUIRED]

The unique identifier for the user account that you want to disable.

type clientToken:

string

param clientToken:

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'userId': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier for the disabled user account.

CreateUser (new) Link ¶

Creates a new user in FinSpace.

See also: AWS API Documentation

Request Syntax

client.create_user(
    emailAddress='string',
    type='SUPER_USER'|'APP_USER',
    firstName='string',
    lastName='string',
    ApiAccess='ENABLED'|'DISABLED',
    apiAccessPrincipalArn='string',
    clientToken='string'
)
type emailAddress:

string

param emailAddress:

[REQUIRED]

The email address of the user that you want to register. The email address serves as a uniquer identifier for each user and cannot be changed after it's created.

type type:

string

param type:

[REQUIRED]

The option to indicate the type of user. Use one of the following options to specify this parameter:

  • SUPER_USER – A user with permission to all the functionality and data in FinSpace.

  • APP_USER – A user with specific permissions in FinSpace. The users are assigned permissions by adding them to a permission group.

type firstName:

string

param firstName:

The first name of the user that you want to register.

type lastName:

string

param lastName:

The last name of the user that you want to register.

type ApiAccess:

string

param ApiAccess:

The option to indicate whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.

  • ENABLED – The user has permissions to use the APIs.

  • DISABLED – The user does not have permissions to use any APIs.

type apiAccessPrincipalArn:

string

param apiAccessPrincipalArn:

The ARN identifier of an AWS user or role that is allowed to call the GetProgrammaticAccessCredentials API to obtain a credentials token for a specific FinSpace user. This must be an IAM role within your FinSpace account.

type clientToken:

string

param clientToken:

A token that ensures idempotency. This token expires in 10 minutes.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'userId': 'string'
}

Response Structure

  • (dict) --

    • userId (string) --

      The unique identifier for the user.

ListUsers (new) Link ¶

Lists all available user accounts in FinSpace.

See also: AWS API Documentation

Request Syntax

client.list_users(
    nextToken='string',
    maxResults=123
)
type nextToken:

string

param nextToken:

A token that indicates where a results page should begin.

type maxResults:

integer

param maxResults:

[REQUIRED]

The maximum number of results per page.

rtype:

dict

returns:

Response Syntax

{
    'users': [
        {
            'userId': 'string',
            'status': 'CREATING'|'ENABLED'|'DISABLED',
            'firstName': 'string',
            'lastName': 'string',
            'emailAddress': 'string',
            'type': 'SUPER_USER'|'APP_USER',
            'apiAccess': 'ENABLED'|'DISABLED',
            'apiAccessPrincipalArn': 'string',
            'createTime': 123,
            'lastEnabledTime': 123,
            'lastDisabledTime': 123,
            'lastModifiedTime': 123,
            'lastLoginTime': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • users (list) --

      A list of all the user accounts.

      • (dict) --

        The details of the user account.

        • userId (string) --

          The unique identifier for the user.

        • status (string) --

          The current status of the user account.

          • CREATING – The user account creation is in progress.

          • ENABLED – The user account is created and is currently active.

          • DISABLED – The user account is currently inactive.

        • firstName (string) --

          The first name of the user.

        • lastName (string) --

          The last name of the user.

        • emailAddress (string) --

          The email address of the user. The email address serves as a uniquer identifier for each user and cannot be changed after it's created.

        • type (string) --

          Indicates the type of user.

          • SUPER_USER – A user with permission to all the functionality and data in FinSpace.

          • APP_USER – A user with specific permissions in FinSpace. The users are assigned permissions by adding them to a permissions group.

        • apiAccess (string) --

          Indicates whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.

          • ENABLED – The user has permissions to use the APIs.

          • DISABLED – The user does not have permissions to use any APIs.

        • apiAccessPrincipalArn (string) --

          The ARN identifier of an AWS user or role that is allowed to call the GetProgrammaticAccessCredentials API to obtain a credentials token for a specific FinSpace user. This must be an IAM role within your FinSpace account.

        • createTime (integer) --

          The timestamp at which the user account was created in FinSpace. The value is determined as epoch time in milliseconds.

        • lastEnabledTime (integer) --

          Describes the last time the user account was enabled. The value is determined as epoch time in milliseconds.

        • lastDisabledTime (integer) --

          Describes the last time the user account was disabled. The value is determined as epoch time in milliseconds.

        • lastModifiedTime (integer) --

          Describes the last time the user account was updated. The value is determined as epoch time in milliseconds.

        • lastLoginTime (integer) --

          Describes the last time that the user logged into their account. The value is determined as epoch time in milliseconds.

    • nextToken (string) --

      A token that indicates where a results page should begin.

ListPermissionGroups (new) Link ¶

Lists all available permission groups in FinSpace.

See also: AWS API Documentation

Request Syntax

client.list_permission_groups(
    nextToken='string',
    maxResults=123
)
type nextToken:

string

param nextToken:

A token that indicates where a results page should begin.

type maxResults:

integer

param maxResults:

[REQUIRED]

The maximum number of results per page.

rtype:

dict

returns:

Response Syntax

{
    'permissionGroups': [
        {
            'permissionGroupId': 'string',
            'name': 'string',
            'description': 'string',
            'applicationPermissions': [
                'CreateDataset'|'ManageClusters'|'ManageUsersAndGroups'|'ManageAttributeSets'|'ViewAuditData'|'AccessNotebooks'|'GetTemporaryCredentials',
            ],
            'createTime': 123,
            'lastModifiedTime': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • permissionGroups (list) --

      A list of all the permission groups.

      • (dict) --

        The structure for a permission group.

        • permissionGroupId (string) --

          The unique identifier for the permission group.

        • name (string) --

          The name of the permission group.

        • description (string) --

          A brief description for the permission group.

        • applicationPermissions (list) --

          Indicates the permissions that are granted to a specific group for accessing the FinSpace application.

          • CreateDataset – Group members can create new datasets.

          • ManageClusters – Group members can manage Apache Spark clusters from FinSpace notebooks.

          • ManageUsersAndGroups – Group members can manage users and permission groups.

          • ManageAttributeSets – Group members can manage attribute sets.

          • ViewAuditData – Group members can view audit data.

          • AccessNotebooks – Group members will have access to FinSpace notebooks.

          • GetTemporaryCredentials – Group members can get temporary API credentials.

          • (string) --

        • createTime (integer) --

          The timestamp at which the group was created in FinSpace. The value is determined as epoch time in milliseconds.

        • lastModifiedTime (integer) --

          Describes the last time the permission group was updated. The value is determined as epoch time in milliseconds.

    • nextToken (string) --

      A token that indicates where a results page should begin.