List acls
List out all acls. The acls are sorted by creation date, with the most recently-created acls coming first
Authorization
Authorization
RequiredBearer <token>
Most Braintrust endpoints are authenticated by providing your API key as a header Authorization: Bearer [api_key]
to your HTTP request. You can create an API key in the Braintrust organization settings page.
In: header
Query Parameters
limit
integer | null
Limit the number of objects to return
Minimum:0
starting_after
string
Pagination cursor id.
For example, if the final item in the last page you fetched had an id of foo
, pass starting_after=foo
to fetch the next page. Note: you may only pass one of starting_after
and ending_before
"uuid"
ending_before
string
Pagination cursor id.
For example, if the initial item in the last page you fetched had an id of foo
, pass ending_before=foo
to fetch the previous page. Note: you may only pass one of starting_after
and ending_before
"uuid"
ids
Any properties in string, array<string>
Filter search results to a particular set of object IDs. To specify a list of IDs, include the query param multiple times
object_type
Requiredstring
The object type that the ACL applies to
Value in:"organization" | "project" | "experiment" | "dataset" | "prompt" | "prompt_session" | "group" | "role" | "org_member" | "project_log" | "org_project"
object_id
Requiredstring
The id of the object the ACL applies to
Format:"uuid"
Status code | Description |
---|---|
200 | Returns a list of acl objects |
400 | The request was unacceptable, often due to missing a required parameter |
401 | No valid API key provided |
403 | The API key doesn’t have permissions to perform the request |
429 | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests |
500 | Something went wrong on Braintrust's end. (These are rare.) |
Create acl
Create a new acl. If there is an existing acl with the same contents as the one specified in the request, will return the existing acl unmodified
Authorization
Authorization
RequiredBearer <token>
Most Braintrust endpoints are authenticated by providing your API key as a header Authorization: Bearer [api_key]
to your HTTP request. You can create an API key in the Braintrust organization settings page.
In: header
Request Body (Optional)
Any desired information about the new acl object
object_type
Requiredstring
The object type that the ACL applies to
Value in:"organization" | "project" | "experiment" | "dataset" | "prompt" | "prompt_session" | "group" | "role" | "org_member" | "project_log" | "org_project"
object_id
Requiredstring
The id of the object the ACL applies to
Format:"uuid"
user_id
string | null
Id of the user the ACL applies to. Exactly one of user_id
and group_id
will be provided
"uuid"
group_id
string | null
Id of the group the ACL applies to. Exactly one of user_id
and group_id
will be provided
"uuid"
permission
string & null
restrict_object_type
string & null
role_id
string | null
Id of the role the ACL grants. Exactly one of permission
and role_id
will be provided
"uuid"
Status code | Description |
---|---|
200 | Returns the new acl object |
400 | The request was unacceptable, often due to missing a required parameter |
401 | No valid API key provided |
403 | The API key doesn’t have permissions to perform the request |
429 | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests |
500 | Something went wrong on Braintrust's end. (These are rare.) |
An ACL grants a certain permission or role to a certain user or group on an object.
ACLs are inherited across the object hierarchy. So for example, if a user has read permissions on a project, they will also have read permissions on any experiment, dataset, etc. created within that project.
To restrict a grant to a particular sub-object, you may specify restrict_object_type
in the ACL, as part of a direct permission grant or as part of a role.
Delete single acl
Delete a single acl
Authorization
Authorization
RequiredBearer <token>
Most Braintrust endpoints are authenticated by providing your API key as a header Authorization: Bearer [api_key]
to your HTTP request. You can create an API key in the Braintrust organization settings page.
In: header
Request Body (Optional)
Parameters which uniquely specify the acl to delete
object_type
Requiredstring
The object type that the ACL applies to
Value in:"organization" | "project" | "experiment" | "dataset" | "prompt" | "prompt_session" | "group" | "role" | "org_member" | "project_log" | "org_project"
object_id
Requiredstring
The id of the object the ACL applies to
Format:"uuid"
user_id
string | null
Id of the user the ACL applies to. Exactly one of user_id
and group_id
will be provided
"uuid"
group_id
string | null
Id of the group the ACL applies to. Exactly one of user_id
and group_id
will be provided
"uuid"
permission
string & null
restrict_object_type
string & null
role_id
string | null
Id of the role the ACL grants. Exactly one of permission
and role_id
will be provided
"uuid"
Status code | Description |
---|---|
200 | Returns the deleted acl object |
400 | The request was unacceptable, often due to missing a required parameter |
401 | No valid API key provided |
403 | The API key doesn’t have permissions to perform the request |
429 | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests |
500 | Something went wrong on Braintrust's end. (These are rare.) |
An ACL grants a certain permission or role to a certain user or group on an object.
ACLs are inherited across the object hierarchy. So for example, if a user has read permissions on a project, they will also have read permissions on any experiment, dataset, etc. created within that project.
To restrict a grant to a particular sub-object, you may specify restrict_object_type
in the ACL, as part of a direct permission grant or as part of a role.
{acl_id}
Get acl
Get an acl object by its id
Authorization
Authorization
RequiredBearer <token>
Most Braintrust endpoints are authenticated by providing your API key as a header Authorization: Bearer [api_key]
to your HTTP request. You can create an API key in the Braintrust organization settings page.
In: header
Path Parameters
acl_id
Requiredstring
Acl id
Format:"uuid"
Status code | Description |
---|---|
200 | Returns the acl object |
400 | The request was unacceptable, often due to missing a required parameter |
401 | No valid API key provided |
403 | The API key doesn’t have permissions to perform the request |
429 | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests |
500 | Something went wrong on Braintrust's end. (These are rare.) |
An ACL grants a certain permission or role to a certain user or group on an object.
ACLs are inherited across the object hierarchy. So for example, if a user has read permissions on a project, they will also have read permissions on any experiment, dataset, etc. created within that project.
To restrict a grant to a particular sub-object, you may specify restrict_object_type
in the ACL, as part of a direct permission grant or as part of a role.
{acl_id}
Delete acl
Delete an acl object by its id
Authorization
Authorization
RequiredBearer <token>
Most Braintrust endpoints are authenticated by providing your API key as a header Authorization: Bearer [api_key]
to your HTTP request. You can create an API key in the Braintrust organization settings page.
In: header
Path Parameters
acl_id
Requiredstring
Acl id
Format:"uuid"
Status code | Description |
---|---|
200 | Returns the deleted acl object |
400 | The request was unacceptable, often due to missing a required parameter |
401 | No valid API key provided |
403 | The API key doesn’t have permissions to perform the request |
429 | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests |
500 | Something went wrong on Braintrust's end. (These are rare.) |
An ACL grants a certain permission or role to a certain user or group on an object.
ACLs are inherited across the object hierarchy. So for example, if a user has read permissions on a project, they will also have read permissions on any experiment, dataset, etc. created within that project.
To restrict a grant to a particular sub-object, you may specify restrict_object_type
in the ACL, as part of a direct permission grant or as part of a role.
Batch update acls
Batch update acls. This operation is idempotent, so adding acls which already exist will have no effect, and removing acls which do not exist will have no effect.
Authorization
Authorization
RequiredBearer <token>
Most Braintrust endpoints are authenticated by providing your API key as a header Authorization: Bearer [api_key]
to your HTTP request. You can create an API key in the Braintrust organization settings page.
In: header
Request Body (Optional)
Acls to add/remove.
add_acls
array<object> | null
An ACL grants a certain permission or role to a certain user or group on an object.
ACLs are inherited across the object hierarchy. So for example, if a user has read permissions on a project, they will also have read permissions on any experiment, dataset, etc. created within that project.
To restrict a grant to a particular sub-object, you may specify restrict_object_type
in the ACL, as part of a direct permission grant or as part of a role.
remove_acls
array<object> | null
An ACL grants a certain permission or role to a certain user or group on an object.
ACLs are inherited across the object hierarchy. So for example, if a user has read permissions on a project, they will also have read permissions on any experiment, dataset, etc. created within that project.
To restrict a grant to a particular sub-object, you may specify restrict_object_type
in the ACL, as part of a direct permission grant or as part of a role.
Status code | Description |
---|---|
200 | A success status |
400 | The request was unacceptable, often due to missing a required parameter |
401 | No valid API key provided |
403 | The API key doesn’t have permissions to perform the request |
429 | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests |
500 | Something went wrong on Braintrust's end. (These are rare.) |