Get iTwin owner members - Access Control

REST API Overview

Reference

Access Control

Download API definition:

GET https://dev-api.bentley.com/accesscontrol/itwins/{id}/members/owners

Retrieves a list of iTwin owner members. iTwin Owners are users which have full control over the iTwin. Each owner is granted all permissions on the iTwin, allowing them to perform any action on the iTwin they own.

Missing Users

When members are removed from the Bentley Identity Management System, they are not automatically removed from the iTwin. Therefore, it is possible to have a situation where the user is no longer valid, yet they are still a member of the iTwin. When this happens, the user member will be returned from this API endpoint with the follow values:

{
    "id": <memberId>,
    "email": null,
    "givenName": null,
    "surname": null,
    "organization": null,
    ...
}

You should account for this in your software if you do not want to show these users.

Cleanup

The Access Control API will perform a once-a-week cleanup to remove these "Missing Users". You can rely on this automated clean-up if this timeline is sufficient.

If not, you can use the Remove iTwin Owner Member API (use the memberId) to remove the owner member from the iTwin.

Authentication

Requires Authorization header with valid Bearer token for scope itwin-platform.

For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.

Authorization

The calling user must be a member of the iTwin. Organization Administrator can also retrieve iTwin owner members for any iTwin in their Organization.

An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities Licensing, Cloud, and Web Services wiki page.

Request

Request parameters

Yes

Request headers

Authorization

Yes

OAuth access token with itwin-platform scope

Setting to application/vnd.bentley.itwin-platform.v2+json is recommended.

Response

Response 200 OK

json

{
    "members": [{
            "id": "99cf5e21-735c-4598-99eb-fe3940f96353",
            "email": "John.Owner@example.com",
            "givenName": "John",
            "surname": "Owner",
            "organization": "Organization Corp."
        },
        {
            "id": "25407933-cad2-41a2-acf4-5a074c83046b",
            "email": "Maria.Owner@example.com",
            "givenName": "Maria",
            "surname": "Owner",
            "organization": "Organization Corp."
        }
    ],
    "_links": {
        "self": {
            "href": "https://api.bentley.com/iTwins/806b19d5-c037-48a4-aa98-e297c81453f1/members/owners?$skip=0&$top=100"
        },
        "prev": {
            "href": "https://api.bentley.com/iTwins/806b19d5-c037-48a4-aa98-e297c81453f1/members/owners?$skip=0&$top=100"
        },
        "next": {
            "href": "https://api.bentley.com/iTwins/806b19d5-c037-48a4-aa98-e297c81453f1/members/owners?$skip=100&$top=100"
        }
    }
}

Response 401 Unauthorized

This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.

json

{
    "error": {
        "code": "HeaderNotFound",
        "message": "Header Authorization was not found in the request. Access denied."
    }
}

Response 404 Not Found

This response indicates that iTwin with specified ID was not found.

json

{
    "error": {
        "code": "ItwinNotFound",
        "message": "Requested iTwin is not available."
    }
}

Response 422 Unprocessable Entity

Invalid request to get iTwin user members.

json

{
    "error": {
        "code": "InvalidiTwinsMemberRequest",
        "message": "Request body or query is invalid.",
        "details": [{
                "code": "InvalidValue",
                "message": "Value outside of valid range.",
                "target": "$top"
            },
            {
                "code": "InvalidRequestBody",
                "message": "Failed to parse request body or collection is empty."
            }
        ]
    }
}

Response 429 Too many requests

This response indicates that the client sent more requests than allowed by this API for the current tier of the client.

json

{
    "error": {
        "code": "RateLimitExceeded",
        "message": "The client sent more requests than allowed by this API for the current tier of the client."
    }
}

Response headers

retry-after

Number of seconds to wait until client is allowed to make more requests.

Definitions

iTwin Owner Member

String

The user Id in Identity Management System.

String

User email.

givenName

String

User given name.

surname

String

User surname.

organization

String

Organization user is member of in Identity Management System.

iTwin Owner Members

members

OwnerMemberRepresentation[]

List of itwin owners.

_links

links-paging

Contains the hyperlinks to the previous and next pages of results.

links (paging)

URLs for redoing the current request, getting to the previous or next page of results, if applicable containg.

self

link

URL for redoing the current request.

link

URL for getting the next page of results.

link

URL for getting the previous page of results.

link

Hyperlink container.

href

String

Hyperlink container.

Error

Contains error information.

code

String

One of a server-defined set of error codes.

message

String

A human-readable representation of the error.

target

String, null

The target of the error.

Error Response

Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.

error

Error

Error information.

Was this page helpful?