Skip to content

ZMS API

Introduction

The Authorization Management Service (ZMS) API

This API has the following attributes:

Attribute Value
namespace com.yahoo.athenz.zms
version 1

Authentication

X.509 Certificate Support

All ZMS API commands require that the client use a TLS certificate issued by Athenz. Services can use their Athenz Issued Service Identity certificates when communicating with ZMS.

Authorization

Every write request against ZMS server is authorized against the configured policy data to verify that the principal has been given the rights to make the requested change. Each request description below gives the authorization command that includes the action and resource that the ZMS Server will run the authorization check against. For example, the create subdomain command has the following authorize statement:

authorize ("create", "{parent}:domain");

This indicates that the principal requesting to create subdomain called athens.ci must have grant rights to action "create" for resource called "domain" in domain "athens".

API Documentation

Please refer to the ZMS OpenAPI documentation