Tecton HTTP API (1.0)

License: Proprietary

Tecton provides a HTTP API to read feature data and perform administrative tasks. Please see the individual services below for more information on their function and how to use them.

Postman Definitions: You can also load our API definitions as a Postman Collection for use in Postman.

Feature Service

Tecton provides a low-latency feature server that exposes HTTP endpoints to retrieve feature values and metadata from the online store. These endpoints are typically used during model predictions. The feature servers retrieve data from the online store and perform any additional aggregations and filtering as necessary.

GetFeatures

Get Features API to retrieve feature values from Tecton's online store

Authorizations:

Tecton-key

Request Body schema: application/json

object (GetFeaturesParameters)

Parameters for get-features.

Exactly one of featureServiceName and featureServiceId must be set. Next ID: 19

featureServiceId	string FeatureService ID. Exactly one of this field and `featureServiceName` must be set.
featureServiceName	string FeatureService name. Exactly one of this field and `featureServiceId` must be set.
workspaceName	string
joinKeyMap	object Join keys used for Batch and Stream FeatureViews. The key of this map is the join key name and the value is the join key value for this request. The values are encoded as follows: For string keys, the value should be a string. For int64 keys, the value should be a string of the decimal representation of the integer.
requestContextMap	object Request context used for On-Demand Feature Views. The key of this map is the request context key name and the value is the request context value for this request. The values are encoded as follows: For string values, the value should be a string. For int64 values, the value should be a string of the decimal representation of the integer. For double values, the value should be a number.
	object (MetadataOptions) Options for retrieving additional metadata about the feature values.
allowPartialResults	boolean Default: "false" Whether incomplete results should be returned when the Online Feature Store size limit has been exceeded for this request. If this is not true, then the response will be an error in this case. This is an advanced option and should only be set after consulting with the Tecton team.
	object (Request level options to control feature server behavior)

Responses

Request samples

Payload

Content type

application/json

{"params": {"featureServiceName": "fraud_detection_feature_service",
"workspaceName": "prod",
"joinKeyMap": {"user_id": "A123",
"ad_id": "5417"
},
"requestContextMap": {"amount": 500
},
"metadataOptions": {"includeSloInfo": true,
"includeEffectiveTimes": true,
"includeNames": true,
"includeDataTypes": true,
"includeServingStatus": true
}
}
}

Response samples

Content type

application/json

{"result": {"features": [true,
null,
null,
null,
"669",
58.349395161290275,
40.13619047619047,
59.59825688073392,
28941.299999999977,
842.8599999999999,
90946.93999999996,
["892054b9598370dce846bb6e4b5805a1",
"cc9f13814a736160984bc9896222e4d9",
"43a9799c961de6ebb22c122d8c7eb340"
]
]
},
"metadata": {"features": [{"name": "transaction_amount_is_higher_than_average.transaction_amount_is_higher_than_average",
"dataType": {"type": "boolean"
},
"status": "PRESENT"
},
{"name": "merchant_fraud_rate.is_fraud_mean_1d_1d",
"effectiveTime": "2023-05-03T00:00:00Z",
"dataType": {"type": "float64"
},
"status": "MISSING_DATA"
},
{"name": "merchant_fraud_rate.is_fraud_mean_30d_1d",
"effectiveTime": "2023-05-03T00:00:00Z",
"dataType": {"type": "float64"
},
"status": "MISSING_DATA"
},
{"name": "merchant_fraud_rate.is_fraud_mean_90d_1d",
"effectiveTime": "2023-05-03T00:00:00Z",
"dataType": {"type": "float64"
},
"status": "MISSING_DATA"
},
{"name": "user_distinct_merchant_transaction_count_30d.distinct_merchant_transaction_count_30d",
"effectiveTime": "2023-05-04T00:00:00Z",
"dataType": {"type": "int64"
},
"status": "PRESENT"
},
{"name": "user_transaction_amount_metrics.amt_mean_1d_10m",
"effectiveTime": "2023-05-04T15:50:00Z",
"dataType": {"type": "float64"
},
"status": "PRESENT"
},
{"name": "user_transaction_amount_metrics.amt_mean_1h_10m",
"effectiveTime": "2023-05-04T15:50:00Z",
"dataType": {"type": "float64"
},
"status": "PRESENT"
},
{"name": "user_transaction_amount_metrics.amt_mean_3d_10m",
"effectiveTime": "2023-05-04T15:50:00Z",
"dataType": {"type": "float64"
},
"status": "PRESENT"
},
{"name": "user_transaction_amount_metrics.amt_sum_1d_10m",
"effectiveTime": "2023-05-04T15:50:00Z",
"dataType": {"type": "float64"
},
"status": "PRESENT"
},
{"name": "user_transaction_amount_metrics.amt_sum_1h_10m",
"effectiveTime": "2023-05-04T15:50:00Z",
"dataType": {"type": "float64"
},
"status": "PRESENT"
},
{"name": "user_transaction_amount_metrics.amt_sum_3d_10m",
"effectiveTime": "2023-05-04T15:50:00Z",
"dataType": {"type": "float64"
},
"status": "PRESENT"
},
{"name": "user_transaction_counts.transaction_id_last_3_1d_1d",
"effectiveTime": "2023-05-03T00:00:00Z",
"dataType": {"type": "array",
"elementType": {"type": "string"
}
},
"status": "PRESENT"
}
],
"sloInfo": {"sloEligible": true,
"sloServerTimeSeconds": 0.015835683,
"dynamodbResponseSizeBytes": 23722,
"serverTimeSeconds": 0.016889888,
"storeMaxLatency": 0.02687345,
"storeResponseSizeBytes": 23722
}
}
}

GetFeaturesBatch

Batch GetFeatures API to retrieve feature values in batch from Tecton's online store. The maximum batch size for a single batch request is 10. NOTE: This endpoint is only for feature services with Redis feature views.

Authorizations:

Tecton-key

Request Body schema: application/json

object (GetFeaturesBatchParameters)

Parameters for get-features-batch.

Exactly one of featureServiceName and featureServiceId must be set.

featureServiceId	string FeatureService ID. Exactly one of this field and `featureServiceName` must be set.
featureServiceName	string FeatureService name. Exactly one of this field and `featureServiceId` must be set.
workspaceName	string
	Array of objects (GetFeaturesBatchRequestData) Contains individual `GetFeatures` request parameters in an array. Each array element contains join keys and request contexts corresponding to a single `GetFeatures` request. The response will return results to each `GetFeatures` request in the same order that they are specified in the array.
	object (MetadataOptions) Options for retrieving additional metadata about the feature values.

Responses

Request samples

Payload

Content type

application/json

{"params": {"featureServiceName": "fraud_detection_feature_service",
"requestData": [{"joinKeyMap": {"user_uuid": "6c423390-9a64-52c8-9bb3-bbb108c74198"
},
"requestContextMap": {"amount": 2000
}
},
{"joinKeyMap": {"user_uuid": "6c423390-9a64-52c8-9bb3-bbb108c74198"
},
"requestContextMap": {"amount": 500
}
}
],
"workspaceName": "prod",
"metadataOptions": {"includeSloInfo": true,
"includeEffectiveTimes": true,
"includeNames": true,
"includeDataTypes": true,
"includeServingStatus": true
}
}
}

Response samples

Content type

application/json

{"result": [{"features": [null,
null,
null,
"37",
"3",
"138",
"307",
"37",
"3",
"138"
]
},
{"features": [null,
null,
null,
"43",
null,
"128",
"254",
"43",
null,
"128"
]
}
],
"metadata": {"features": [{"name": "user_ad_impression_counts.impression_count_1d_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["MISSING_DATA",
"MISSING_DATA"
]
},
{"name": "user_ad_impression_counts.impression_count_1h_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["MISSING_DATA",
"MISSING_DATA"
]
},
{"name": "user_ad_impression_counts.impression_count_3d_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["MISSING_DATA",
"MISSING_DATA"
]
},
{"name": "user_click_counts.clicked_count_1d_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["PRESENT",
"PRESENT"
]
},
{"name": "user_click_counts.clicked_count_1h_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["PRESENT",
"MISSING_DATA"
]
},
{"name": "user_click_counts.clicked_count_3d_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["PRESENT",
"PRESENT"
]
},
{"name": "user_distinct_ad_count_7d.distinct_ad_count",
"effectiveTime": "2023-05-26T00:00:00Z",
"dataType": {"type": "int64"
},
"status": ["PRESENT",
"PRESENT"
]
},
{"name": "user_impression_counts.impression_count_1d_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["PRESENT",
"PRESENT"
]
},
{"name": "user_impression_counts.impression_count_1h_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["PRESENT",
"MISSING_DATA"
]
},
{"name": "user_impression_counts.impression_count_3d_1h",
"effectiveTime": "2023-05-26T18:00:00Z",
"dataType": {"type": "int64"
},
"status": ["PRESENT",
"PRESENT"
]
}
],
"sloInfo": [{"sloEligible": true,
"sloServerTimeSeconds": 0.001231726,
"dynamodbResponseSizeBytes": 1873,
"serverTimeSeconds": 0.001231726,
"storeMaxLatency": 0.000877174,
"storeResponseSizeBytes": 1873
},
{"sloEligible": true,
"sloServerTimeSeconds": 0.001329688,
"dynamodbResponseSizeBytes": 1937,
"serverTimeSeconds": 0.001329688,
"storeMaxLatency": 0.000791104,
"storeResponseSizeBytes": 1937
}
],
"batchSloInfo": {"sloEligible": true,
"sloServerTimeSeconds": 0.001329688,
"serverTimeSeconds": 0.00181146,
"storeMaxLatency": 0.000877174
}
}
}

Metadata

Get Metadata about the feature service from Tecton

Authorizations:

Tecton-key

Request Body schema: application/json

Returns metadata about a FeatureService, including the schema for join keys and request context, as well as the in-order output schema of returned feature values.

object (FeatureServiceLocator)

featureServiceId	string FeatureService ID. Exactly one of this field and `featureServiceName` must be set.
featureServiceName	string FeatureService name. Exactly one of this field and `featureServiceId` must be set.
workspaceName	string Workspace name.

Responses

Request samples

Payload

Content type

application/json

{"params": {"featureServiceName": "fraud_detection_feature_service",
"workspaceName": "prod"
}
}

Response samples

Content type

application/json

{"featureServiceType": "DEFAULT",
"inputJoinKeys": [{"name": "user_id",
"dataType": {"type": "string"
}
},
{"name": "merchant",
"dataType": {"type": "string"
}
}
],
"inputRequestContextKeys": [{"name": "amt",
"dataType": {"type": "float64"
}
}
],
"featureValues": [{"name": "transaction_amount_is_higher_than_average.transaction_amount_is_higher_than_average",
"dataType": {"type": "boolean"
}
},
{"name": "merchant_fraud_rate.is_fraud_mean_1d_1d",
"dataType": {"type": "float64"
}
},
{"name": "merchant_fraud_rate.is_fraud_mean_30d_1d",
"dataType": {"type": "float64"
}
},
{"name": "merchant_fraud_rate.is_fraud_mean_90d_1d",
"dataType": {"type": "float64"
}
},
{"name": "user_distinct_merchant_transaction_count_30d.distinct_merchant_transaction_count_30d",
"dataType": {"type": "int64"
}
},
{"name": "user_transaction_amount_metrics.amt_mean_1d_10m",
"dataType": {"type": "float64"
}
},
{"name": "user_transaction_amount_metrics.amt_mean_1h_10m",
"dataType": {"type": "float64"
}
},
{"name": "user_transaction_amount_metrics.amt_mean_3d_10m",
"dataType": {"type": "float64"
}
},
{"name": "user_transaction_amount_metrics.amt_sum_1d_10m",
"dataType": {"type": "float64"
}
},
{"name": "user_transaction_amount_metrics.amt_sum_1h_10m",
"dataType": {"type": "float64"
}
},
{"name": "user_transaction_amount_metrics.amt_sum_3d_10m",
"dataType": {"type": "float64"
}
},
{"name": "user_transaction_counts.transaction_id_last_3_1d_1d",
"dataType": {"type": "array",
"elementType": {"type": "string"
}
}
}
]
}

SCIM Service

Tecton's SCIM implementation allows you to control provisioning of users, service accounts, groups, group memberships and access controls from within your Identity Provider so that you can manage onboarding and guarantee off-boarding through your existing processes.

⚠️ Private Preview

Note that this API is currently in Private Preview. To learn more, please contact your Tecton representative.

Groups - Get all groups

Retrieve information on all Tecton Groups. Note that role assignments and members are not returned for each group (call "Get a group" instead). Implements RFC-7644 section 3.4.2.

Authorizations:

Tecton-key/Admin

query Parameters

filter	string An optional filter. Filtering by displayName with the equality operator is the only supported filter (e.g. `displayName eq engineering`). See the RFC-7644 section 3.4.2.2 for more information about available filters.
startIndex	integer <int64> This represents the 1-based index of the first query result. A value less than 1 SHALL be interpreted as 1. Default is 1. See here for information on pagination.
count	integer <int64> Specifies the desired maximum number of query results per page. Non-negative integer. Less than 0 is treated as 0. No default value.
sortBy	string Sorting is optional. See here for more information on this field.
sortOrder	string Allowed values are `ascending` and `descending`. Defaults to `ascending`.

Responses

Response samples

200
401
403

Content type

application/json

{"schemas": ["string"
],
"startIndex": 0,
"itemsPerPage": 0,
"totalResults": 0,
"Resources": [{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"displayName": "string",
"description": "string"
}
]
}

Groups - Create a group

Create a new group. Note that displayName must be unique. See: Creating Resources.

Authorizations:

Tecton-key/Admin

Request Body schema: application/json

schemas	Array of strings Expected to be `["urn:ietf:params:scim:schemas:core:2.0:Group"]`.
	object (scimResourceMeta) A complex attribute containing resource metadata. This is optional on requests. See the specification.
displayName	string A human-readable name for the Group. It must be unique.
description	string Text to describe the Group.
	Array of objects (scimAttributeMember) A list of members of the Group.
	Array of objects (scimAttributeRole) The roles directly assigned to the group.

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["string"
],
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"displayName": "string",
"description": "string",
"members": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Response samples

201
401
403
409

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"displayName": "string",
"members": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
],
"description": "string"
}

Groups - Get a group

Retrieve information on a Tecton Group. Implements RFC-7644 section 3.4.1.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier for the Group as defined by Tecton.

Responses

Response samples

200
401
403
404

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"displayName": "string",
"members": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
],
"description": "string"
}

Groups - Delete a group

See: Deleting Resources.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier for the Group as defined by Tecton.

Responses

Response samples

204
401
403
404

Content type

application/json

{ }

Groups - Replace a group

Update a Group (i.e. update their displayName, description, members and/or roles). See: Replacing with PUT.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier for the Group as defined by Tecton.

Request Body schema: application/json

schemas	Array of strings Expected to be `["urn:ietf:params:scim:schemas:core:2.0:Group"]`.
	object (scimResourceMeta) A complex attribute containing resource metadata. This is optional on requests. See the specification.
displayName	string A human-readable name for the Group. It must be unique.
	Array of objects (scimAttributeMember) A list of members of the Group.
	Array of objects (scimAttributeRole) The roles directly assigned to the group.
description	string Text to describe the Group.

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["string"
],
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"displayName": "string",
"members": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
],
"description": "string"
}

Response samples

200
401
403
404

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"displayName": "string",
"members": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
],
"description": "string"
}

Service Accounts - Get all service accounts

Note that role assignments and memberships are not returned for each service account (call "Get a service account" instead). See: Query Resources.

Authorizations:

Tecton-key/Admin

query Parameters

filter	string An optional filter. Filtering by name with the equality operator is the only supported filter (e.g. `name eq fraudRiskApp`). See the RFC-7644 section 3.4.2.2 for more information about available filters.
startIndex	integer <int64> This represents the 1-based index of the first query result. A value less than 1 SHALL be interpreted as 1. Default is 1. See here for information on pagination.
count	integer <int64> Specifies the desired maximum number of query results per page. Non-negative integer. Less than 0 is treated as 0. No default value.
sortBy	string Sorting is optional. See here for more information on this field.
sortOrder	string Allowed values are `ascending` and `descending`. Defaults to `ascending`.

Responses

Response samples

200
401
403

Content type

application/json

{"schemas": ["string"
],
"startIndex": 0,
"itemsPerPage": 0,
"totalResults": 0,
"Resources": [{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"name": "string",
"active": true,
"description": "string"
}
]
}

Service Accounts - Create a service account

Create a new Service Account. Note that the name must be unique. Group memberships must be set after the service account is created. See: Creating Resources.

Authorizations:

Tecton-key/Admin

Request Body schema: application/json

schemas	Array of strings Expected to be `["urn:ietf:params:scim:schemas:core:2.0:ServiceAccount"]`.
	object (scimResourceMeta) A complex attribute containing resource metadata. This is optional on requests. See the specification.
name	string The Service Account's name. The name must be unique. It is editable.
active	boolean Whether the Service Account is active or not. Setting a Service Account as inactive will preserve their group memberships and role assignments. Inactive Service Accounts can not call Tecton APIs. Inactive Service Accounts may be reactivated by setting active to true.
description	string Text to describe the Service Account, typically what the Service Account is used for.
	Array of objects (scimAttributeRole) The roles directly assigned to the service account.

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["string"
],
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"name": "string",
"active": true,
"description": "string",
"roles": [{"type": "string",
"value": "string"
}
]
}

Response samples

201
401
403
409

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"name": "string",
"active": true,
"description": "string",
"apiKey": "string",
"groups": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Service Accounts - Get a service account

Implements Retrieving a Known Resource from the SCIM protocol specification for Tecton service accounts.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier for the Service Account as defined by Tecton.

Responses

Response samples

200
401
403
404

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"name": "string",
"active": true,
"description": "string",
"groups": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Service Accounts - Delete a service account

See: Deleting Resources.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier for the Service Account as defined by Tecton.

Responses

Response samples

204
401
403
404

Content type

application/json

{ }

Service Accounts - Replace a service account

Update a Service Account (i.e. update their name, description, active and/or roles). See: Replacing with PUT.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier the Service Account as defined by Tecton.

Request Body schema: application/json

schemas	Array of strings Expected to be `["urn:ietf:params:scim:schemas:core:2.0:ServiceAccount"]`.
	object (scimResourceMeta) A complex attribute containing resource metadata. This is optional on requests. See the specification.
name	string The Service Account's name. The name is unique. It is editable.
active	boolean Whether the Service Account is active or not. Setting a Service Account as inactive will preserve their group memberships and role assignments. Inactive Service Accounts can not call Tecton APIs. Inactive Service Accounts may be reactivated by setting active to true.
description	string Text to describe the Service Account, typically what the Service Account is used for.
	Array of objects (scimAttributeRole) The roles directly assigned to the service account. This property is editable.

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["string"
],
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"name": "string",
"active": true,
"description": "string",
"roles": [{"type": "string",
"value": "string"
}
]
}

Response samples

200
401
403
404

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"name": "string",
"active": true,
"description": "string",
"groups": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Users - Get all users

Implements Query Resources for users from the SCIM protocol specification. Note that role assignments and memberships are not returned for each user (call "Get a user" instead).

Authorizations:

Tecton-key/Admin

query Parameters

filter	string See filtering logic in SCIM specification. Tecton only supports "equality" filtering at this time, e.g. `username eq email@example.com`.
startIndex	integer <int64> This represents the 1-based index of the first query result. A value less than 1 SHALL be interpreted as 1. Default is 1. See here for information on pagination.
count	integer <int64> Specifies the desired maximum number of query results per page. Must be non-negative: negative numbers will be treated as 0. No default value.
sortBy	string Sorting is optional. See here for more information on this field.
sortOrder	string Allowed values are `ascending` and `descending`. Defaults to `ascending`.

Responses

Response samples

200
401
403

Content type

application/json

{"schemas": ["string"
],
"startIndex": 0,
"itemsPerPage": 0,
"totalResults": 0,
"Resources": [{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"userName": "string",
"name": {"familyName": "string",
"givenName": "string"
},
"active": true,
"emails": [{"type": "string",
"primary": true,
"value": "string"
}
]
}
]
}

Users - Create a user

Create a new user. Note that the userName must be an email and must be unique. Group memberships must be set after the user is created. See: Creating Resources.

Authorizations:

Tecton-key/Admin

Request Body schema: application/json

schemas	Array of strings Expected to be `["urn:ietf:params:scim:schemas:core:2.0:User"]`.
	object (scimResourceMeta) A complex attribute containing resource metadata. This is optional on requests. See the specification.
userName	string A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider. This attribute is required and is case-sensitive. In Tecton, this must be an email.
	object (scimUserName) The components of the user's name. See the specification.
active	boolean A Boolean value indicating the user's administrative status. True means the user is able to log in. Tecton does not have a concept of inactive users; instead, they will be deleted.
	Array of objects (scimAttributeEmail) The user's email. Only a single primary email is supported and others will be ignored.
	Array of objects (scimAttributeRole) The roles directly assigned to the user.

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["string"
],
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"userName": "string",
"name": {"familyName": "string",
"givenName": "string"
},
"active": true,
"emails": [{"type": "string",
"primary": true,
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Response samples

201
401
403
409

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"userName": "string",
"name": {"familyName": "string",
"givenName": "string"
},
"active": true,
"emails": [{"type": "string",
"primary": true,
"value": "string"
}
],
"groups": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Users - Get a user

Implements Retrieving a Known Resource from the SCIM protocol specification.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier for the User as defined by Tecton.

Responses

Response samples

200
401
403
404

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"userName": "string",
"name": {"familyName": "string",
"givenName": "string"
},
"active": true,
"emails": [{"type": "string",
"primary": true,
"value": "string"
}
],
"groups": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Users - Delete a user

See: Deleting Resources.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier for the User as defined by Tecton.

Responses

Response samples

204
401
403
404

Content type

application/json

{ }

Users - Replace a user

Update a user (i.e. update their roles). Note that setting a user to active: false will delete the user from Tecton and all of their role assignments and group memberships will be removed. See: Replacing with PUT.

Authorizations:

Tecton-key/Admin

path Parameters

id

required

string

A unique identifier for the User as defined by Tecton.

Request Body schema: application/json

schemas	Array of strings Expected to be `["urn:ietf:params:scim:schemas:core:2.0:User"]`.
	object (scimResourceMeta) A complex attribute containing resource metadata. This is optional on requests. See the specification.
userName	string A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider. This attribute is required and is case-sensitive. In Tecton, this must be an email.
	object (scimUserName) The components of the user's name. See the specification.
active	boolean A Boolean value indicating the user's administrative status. True means the user is able to log in. Tecton does not have a concept of inactive users; instead, they will be deleted.
	Array of objects (scimAttributeEmail) The user's email. Only a single primary email is supported and others will be ignored.
	Array of objects (scimAttributeRole) The roles directly assigned to the user.

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["string"
],
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"userName": "string",
"name": {"familyName": "string",
"givenName": "string"
},
"active": true,
"emails": [{"type": "string",
"primary": true,
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Response samples

200
401
403
404

Content type

application/json

{"schemas": ["string"
],
"id": "string",
"meta": {"resourceType": "string",
"created": "string",
"lastModified": "string"
},
"userName": "string",
"name": {"familyName": "string",
"givenName": "string"
},
"active": true,
"emails": [{"type": "string",
"primary": true,
"value": "string"
}
],
"groups": [{"type": "string",
"display": "string",
"value": "string"
}
],
"roles": [{"type": "string",
"value": "string"
}
]
}

Secrets Service

Tecton Secrets provides a way to store and retrieve secrets for use in your feature pipelines and data sources. This API allows you to securely store and delete secrets in Tecton, as well as create, list, and delete the scopes these secrets belong to.

💡 Private Preview

Note that this API is currently in private preview. To request access, please contact your Tecton representative.

Assign role(s) on secret scope(s)

Make one or more role assignments to grant principals roles on Secret Scopes. Grant a user, service account, or group a role to allow them to read or update secrets in the scope. Grant a workspace a role to apply objects and materialize features using secrets in the scope.

Authorizations:

Tecton-key

Request Body schema: application/json

Array of objects (authAssignment)

Array

resourceType	string (authResourceType) Value: "RESOURCE_TYPE_SECRET_SCOPE"
resourceId	string Secret scope name
role	string One of `"read_scope_role"`, `"write_scope_role"`, or `"manage_scope_role"`
principalType	string (authPrincipalType) Enum: "PRINCIPAL_TYPE_USER" "PRINCIPAL_TYPE_SERVICE_ACCOUNT" "PRINCIPAL_TYPE_GROUP" "PRINCIPAL_TYPE_WORKSPACE"
principalId	string User ID, Service Account ID, Group ID, or Workspace name

Responses

Request samples

Payload

Content type

application/json

{"assignments": [{"principal_type": "PRINCIPAL_TYPE_WORKSPACE",
"principal_id": "my-workspace",
"resource_type": "RESOURCE_TYPE_SECRET_SCOPE",
"resource_id": "my-secret-scope",
"role": "read_scope_role"
}
]
}

Response samples

200
401
403

Content type

application/json

{ }

View principals with access to a secret scope

View all principals and their role assignments on a particular secret scope

Authorizations:

Tecton-key

Request Body schema: application/json

resourceType	string (authResourceType) Value: "RESOURCE_TYPE_SECRET_SCOPE"
resourceId	string Secret scope name
roles	Array of strings (optional) Optional list containing a subset of `"read_scope_role"`, `"write_scope_role"`, or `"manage_scope_role"`
principalTypes	Array of strings (optional) Items Enum: "PRINCIPAL_TYPE_USER" "PRINCIPAL_TYPE_SERVICE_ACCOUNT" "PRINCIPAL_TYPE_GROUP" "PRINCIPAL_TYPE_WORKSPACE"

Responses

Request samples

Payload

Content type

application/json

{"resource_type": "RESOURCE_TYPE_SECRET_SCOPE",
"resource_id": "my-secret-scope",
"principal_types": ["PRINCIPAL_TYPE_SERVICE_ACCOUNT"
]
}

Response samples

200
401
403

Content type

application/json

{"assignments": [{"principal": {"service_account": {"id": "98be6e950d8c4b14aeb32f48b20a9245",
"name": "my-service-account",
"description": "desc",
"is_active": true,
"creator": {"principal_type": "PRINCIPAL_TYPE_USER",
"id": "user-id"
}
}
},
"role_assignments": [{"resource_type": "RESOURCE_TYPE_SECRET_SCOPE",
"resource_id": "my-secret-scope",
"roles_granted": [{"role": "read_scope_role",
"role_assignment_sources": [{"assignment_type": "ROLE_ASSIGNMENT_TYPE_DIRECT"
}
]
}
]
}
]
}
]
}

View a principal's role(s) on secret scope(s)

View roles granted to a particular User, Service Account, Principal Group, or Workspace on Secret Scopes.

Authorizations:

Tecton-key

Request Body schema: application/json

principalType	string (authPrincipalType) Enum: "PRINCIPAL_TYPE_USER" "PRINCIPAL_TYPE_SERVICE_ACCOUNT" "PRINCIPAL_TYPE_GROUP" "PRINCIPAL_TYPE_WORKSPACE"
principalId	string User ID, Service Account ID, Group ID, or Workspace name
resourceType	string (authResourceType) Value: "RESOURCE_TYPE_SECRET_SCOPE"
resourceIds	Array of strings (optional) Optional list of secret scope names
roles	Array of strings (optional) Optional list containing a subset of `"read_scope_role"`, `"write_scope_role"`, or `"manage_scope_role"`

Responses

Request samples

Payload

Content type

application/json

{"principal_type": "PRINCIPAL_TYPE_SERVICE_ACCOUNT",
"principal_id": "service-account-id",
"resource_type": "RESOURCE_TYPE_SECRET_SCOPE"
}

Response samples

200
401
403

Content type

application/json

{"assignments": [{"resource_type": "RESOURCE_TYPE_SECRET_SCOPE",
"resource_id": "my-secret-scope",
"roles_granted": [{"role": "write_scope_role",
"role_assignment_sources": [{"assignment_type": "ROLE_ASSIGNMENT_TYPE_DIRECT"
}
]
}
]
}
]
}

Unassign role(s) on secret scope(s)

Remove one or more role assignments to revoke principals' roles on Secret Scopes

Authorizations:

Tecton-key

Request Body schema: application/json

Array of objects (authAssignment)

Array

resourceType	string (authResourceType) Value: "RESOURCE_TYPE_SECRET_SCOPE"
resourceId	string Secret scope name
role	string One of `"read_scope_role"`, `"write_scope_role"`, or `"manage_scope_role"`
principalType	string (authPrincipalType) Enum: "PRINCIPAL_TYPE_USER" "PRINCIPAL_TYPE_SERVICE_ACCOUNT" "PRINCIPAL_TYPE_GROUP" "PRINCIPAL_TYPE_WORKSPACE"
principalId	string User ID, Service Account ID, Group ID, or Workspace name

Responses

Request samples

Payload

Content type

application/json

{"assignments": [{"principal_type": "PRINCIPAL_TYPE_WORKSPACE",
"principal_id": "my-workspace",
"resource_type": "RESOURCE_TYPE_SECRET_SCOPE",
"resource_id": "my-secret-scope",
"role": "read_scope_role"
}
]
}

Response samples

200
401
403

Content type

application/json

{ }

List all secret scopes

Returns a list of all secret scopes available in the cluster.

Authorizations:

Tecton-key

Responses

Response samples

200
401
403

Content type

application/json

{"scopes": [{"name": "my-secret-scope"
}
]
}

Delete a secret scope

Deletes a secret scope. Note that any secrets in the scope must first be deleted before this operation can be performed or this operation will fail.

Authorizations:

Tecton-key

path Parameters

scope

required

string

Responses

Response samples

200
401
403

Content type

application/json

{ }

Create a secret scope

Creates a new secret scope. The creator will be granted manager (full) access to the scope. This operation will fail if the scope already exists.

Authorizations:

Tecton-key

path Parameters

scope

required

string

Responses

Response samples

200
401
403

Content type

application/json

{ }

List secrets in a scope

Return a list of all secrets in a secret scope.

Authorizations:

Tecton-key

path Parameters

scope

required

string

Responses

Response samples

200
401
403

Content type

application/json

{"keys": [{"name": "sample-key"
}
]
}

Get a secret value

Gets the value of a secret given a secret scope and key.

Authorizations:

Tecton-key

path Parameters

scope required	string
key required	string

Responses

Response samples

200
401
403

Content type

application/json

{"value": "shhh"
}

Delete a secret

Deletes a secret key/value pair within a secret scope. This operation will immediately delete the secret key/value pair with no grace period.

Authorizations:

Tecton-key

path Parameters

scope required	string
key required	string

Responses

Response samples

200
401
403

Content type

application/json

{ }

Put a secret value

Puts a secret value in a secret scope with a given key and value. Note that this operation is idempotent: it will create the secret key/value pair if the key does not exist, and it will overwrite an existing value if the key does exist. It will not return an error if the key and value are already present.

Therefore, this operation can be called multiple times without error.

Authorizations:

Tecton-key

path Parameters

scope required	string
key required	string

Request Body schema: application/json

value

string

Responses

Request samples

Payload

Content type

application/json

{"value": "shhh"
}

Response samples

200
401
403

Content type

application/json

{ }