Add iTwin owner member - Access Control

REST API Overview

Reference

Access Control

Download API definition:

POST https://dev-api.bentley.com/accesscontrol/itwins/{id}/members/owners

Add new iTwin owner members. iTwin Owners are users which have full control over the iTwin. Each owner is granted all permissions on the iTwin, allowing them to perform any action on the iTwin they own.

Users which are external (i.e. not in the same organization as the iTwin) are not automatically added to the iTwin. Instead, they're invited. Users which are not external, are immediately added as members on the iTwin.

Invited individuals will recieve an invitation via Email, where they'll be prompted to accept the invitation. Upon accepting, they'll then become a member of the iTwin.

Authentication

Requires Authorization header with valid Bearer token for scope itwin-platform.

For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.

You must be an owner to add other owners.

Authorization

User must have the administration_invite_member permission assigned at the iTwin level or be an Organization Administrator for the Organization that owns a given iTwin.

An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities Licensing, Cloud, and Web Services wiki page.

Request

Request parameters

Yes

Request headers

Authorization

Yes

OAuth access token with itwin-platform scope

Setting to application/vnd.bentley.itwin-platform.v2+json is recommended.

Request body

Owner Member (add)

String

Yes

User email.

Example

json

{
    "email": "John.Owner@example.com"
}

Response

Response 201 Created

iTwin owner was successfully added.

json

{
    "member": {
        "id": "99cf5e21-735c-4598-99eb-fe3940f96353",
        "email": "John.Owner@example.com",
        "givenName": "John",
        "surname": "Owner",
        "organization": "Organization Corp."
    },
    "invitation": null
}

Response 401 Unauthorized

This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.

json

{
    "error": {
        "code": "HeaderNotFound",
        "message": "Header Authorization was not found in the request. Access denied."
    }
}

Response 403 Forbidden

The user has insufficient permissions for the requested operation.

json

{
    "error": {
        "code": "InsufficientPermissions",
        "message": "The user has insufficient permissions for the requested operation."
    }
}

Response 404 Not Found

This response indicates that iTwin with specified ID was not found.

json

{
    "error": {
        "code": "ItwinNotFound",
        "message": "Requested iTwin is not available."
    }
}

Response 409 Conflict

Invalid request to add new iTwin user member. A conflict occurred during this request.

json

{
    "error": {
        "code": "OwnerAlreadyExists",
        "message": "Requested user is already an iTwin Owner.",
        "target": "email"
    }
}

Response 422 Unprocessable Entity

Invalid request to add new iTwin owner member. Request payload might be missing some of the required properties.

json

{
    "error": {
        "code": "InvalidiTwinsMemberRequest",
        "message": "Request body or query is invalid.",
        "details": [{
                "code": "MissingRequiredProperty",
                "message": "Required property is missing.",
                "target": "email"
            },
            {
                "code": "InvalidRequestBody",
                "message": "Failed to parse request body or collection is empty."
            }
        ]
    }
}

Response 429 Too many requests

This response indicates that the user has sent too many requests in a given amount of time.

json

{
    "error": {
        "code": "TooManyRequests",
        "message": "More requests were received than the subscription rate-limit allows."
    }
}

Response headers

retry-after

The number of requests exceeds the rate-limit for the client subscription.

Definitions

iTwin User Invitation status

The status of the invitation.

Pending

String

Accepted

String

iTwin User Invitation

String

The user Id in Identity Management System.

String

User that was invited.

invitedByEmail

String

User that sent the invitation.

iTwin User Invitation status

MemberInvitation-status

The status of the invitation.

createdDate

Date-time

Datetime when the invitation was created.

expirationDate

Date-time

DateTime when the invitation will expire.

roles

Role[]

List of roles.

iTwin Owner Member

String

The user Id in Identity Management System.

String

User email.

givenName

String

User given name.

surname

String

User surname.

organization

String

Organization user is member of in Identity Management System.

Adding iTwin Owner Members (response)

member

OwnerMemberRepresentation

The added itwin owner.

invitation

MemberInvitation

The invited itwin owner.

Role

String

The role id.

displayName

String

The display name of your Role.

description

String

A description of your Role.

permissions

String[]

List of permissions assigned to the role.

Owner Member (add)

String

User email.

Error

Contains error information.

code

String

One of a server-defined set of error codes.

message

String

A human-readable representation of the error.

target

String, null

The target of the error.

Error Response

Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.

error

Error

Error information.