Role API
An Alexa Smart Properties for hospitality user must have an assigned role before they can access any Alexa Smart Properties for hospitality resources. The creator of a unit is assigned the administrator role for that unit automatically.
For more details about organizational roles, see About Managing Roles in Alexa Smart Properties for Hospitality.
API endpoint
The endpoint of the Role API is https://api.amazonalexa.com.
Authentication
Each API request must have an authorization header whose value is the access token retrieved from Login with Amazon (LWA).
Operations
The Role API includes the following operations.
| Operation | HTTP Method and URI |
|---|---|
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
List roles
Call GET /v1/roles?unitId={unitId}&roleName={roleName}&targetEntityId={targetEntityId}&maxResults={maxResults}&nextToken={nextToken} to get the list of roles defined for the specified unit or target entity that can be assigned to a user.
This operation is available in the following countries.
| Healthcare | Hospitality | Residential | Senior Living | Core |
|---|---|---|---|---|
|
US |
US, UK, FR, CA, IT, DE |
US, CA |
US, UK, FR, CA, IT, DE |
US |
Request format
Host to one of the following, depending on the region of your organization: api.amazonalexa.com or api.eu.amazonalexa.com.GET /v1/roles?unitId={unitId}&roleName={roleName}&targetEntityId={targetEntityId}&maxResults={maxResults}&nextToken={nextToken} HTTP/1.1
Host: api.amazonalexa.com
Accept: application/json
Authorization: Bearer {LWA Token}
Request body
None.
Request query parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
The unit ID, in the format |
String |
You must specify either a |
|
|
The ID for the target entity. |
String |
You must specify either a |
|
|
Role name filter in case the client is interested in the details of a particular role. |
String |
No |
|
|
Continuation token returned in the response object of the previous list-roles response. |
String |
No |
|
|
Maximum number of results to display. The value of this parameter must be between 1 and 10. The default value is 10. |
Integer |
No |
Response header
Host value is the same as the Host value in the request.Host: api.amazonalexa.com
X-Amzn-RequestId: {request-id}
Content-Type: application/json
| Field | Description | Type |
|---|---|---|
|
|
Unique identifier for the request. If a problem occurs, Amazon can use this value to troubleshoot the problem. |
String |
Response body example
{
"results": [
{
"roleId": "amzn1.alexa.role.did.example",
"roleName": "{roleName}",
"unitId": "amzn1.alexa.unit.did.example",
"targetEntityId": "example-target-entity-id"
}
],
"paginationContext": {
"nextToken": null
}
}
Response body parameters
unitId and targetEntityId fields. For target-entity-based roles, the response contains the targetEntityId field, and the unitId field is null or empty.| Field | Description | Type |
|---|---|---|
|
|
The role ID. |
String |
|
|
The role name. |
String |
|
|
The ID for the unit. |
String |
|
|
The ID for the target entity. |
String |
|
|
Token that you can use in the next request as the continuation token ( |
String |
Error response
{
"description": string
}
Error response parameters
| Field | Description | Type |
|---|---|---|
|
|
A description of the error, for example "HTTP/1.1 401 The request has a missing or an invalid access token." |
String |
HTTP response codes
| Status Code | Name | Description |
|---|---|---|
|
200 |
OK |
The request succeeded. |
|
400 |
Bad Request |
The request is malformed or is missing one or more required parameters. |
|
401 |
Unauthorized |
The access token is missing, expired, or invalid. |
|
403 |
Forbidden |
The user doesn't have permission to perform the operation. |
|
404 |
Not found |
The requested roles weren't found. |
|
429 |
Too many requests |
The request is throttled. |
|
500 |
Internal Server Error |
The request couldn't be handled because of an internal service error. |
|
503 |
Service Unavailable |
The server is temporarily unavailable. |
Assign a role
Call POST /v1/roles/{roleId}/assignments to assign a role to the specified principal. This API throws a 400 Bad Request Exception if you attempt to assign a role to a principal who is already assigned that particular role. For details about how to retrieve the user ID that you'll need for the principal, see Obtain Customer Profile Information.
This operation is available in the following countries.
| Healthcare | Hospitality | Residential | Senior Living | Core |
|---|---|---|---|---|
|
US |
US, UK, FR, CA, IT, DE |
US, CA |
US, UK, FR, CA, IT, DE |
US |
Request format
Host to one of the following, depending on the region of your organization: api.amazonalexa.com or api.eu.amazonalexa.com.POST /v1/roles/{roleId}/assignments HTTP/1.1
Host: api.amazonalexa.com
Accept: application/json
Authorization: Bearer {LWA Token}
Request body example
{
"principalId" : "amzn1.account.AHRZS727KGPWJQGQRPSGZRDDOV2A",
"propagate" : true
}
Request path parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
ID of the role to assign, in the Amazon Common Identifier (ACI) format |
String |
Yes |
Request body parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
User ID of the principal to whom to assign the role. |
String |
Yes |
|
|
Flag that indicates if propagation should be enabled. Propagation assigns the role to the entire unit hierarchy. Only the Amazon Business account's principal ID can propagate roles. |
Boolean |
No |
Response header
Host value is the same as the Host value in the request.Host: api.amazonalexa.com
X-Amzn-RequestId: {request-id}
Content-Type: application/json
| Field | Description | Type |
|---|---|---|
|
|
Unique identifier for the request. If a problem occurs, Amazon can use this value to troubleshoot the problem. |
String |
Response body
None.
Error response
{
"description": string
}
Error response parameters
| Field | Description | Type |
|---|---|---|
|
|
A description of the error, for example "HTTP/1.1 401 The request has a missing or an invalid access token." |
String |
HTTP response codes
| Status Code | Name | Description |
|---|---|---|
|
202 |
Accepted |
The role assignment propagation request for the principal is accepted. |
|
204 |
No content |
The request succeeded. This response code only occurs if the request didn't set the propagation flag. |
|
400 |
Bad Request |
The request is malformed or is missing one or more required parameters. |
|
401 |
Unauthorized |
The access token is missing, expired, or invalid. |
|
403 |
Forbidden |
The user doesn't have permission to perform the operation. |
|
404 |
Not found |
The requested roles weren't found. |
|
429 |
Too many requests |
The request is throttled. |
|
500 |
Internal Server Error |
The request couldn't be handled because of an internal service error. |
|
503 |
Service Unavailable |
The server is temporarily unavailable. |
Batch assign a role
Call POST /v1/roles/{roleId}/assignments/batchAssign to assign a role to the specified principals. For details about how to retrieve the user IDs that you need for the principals, see Obtain Customer Profile Information.
After accepting the request, this operation performs synchronous validations and then returns a 202 (Accepted) response. Each principal is then assigned to the role asynchronously in the background.
In the case of invalid inputs, the entire batch operation fails. That is, either all the request items are processed or none.
If there's an existing role assignment for a given roleId and principalId with propagate set to false, a role assignment request for the same roleId and principalId with a propagation value of true updates the existing role assignment with propagation.
roleId and principalId with propagate set to true, you get an error if you try to make a role assignment request for the same roleId and principalId with a propagation value of false. To downgrade a propagated role assignment, you must first revoke the role assignment with Revoke a role assignment or Batch revoke a role assignment, and then reassign it.This operation is available in the following countries.
| Healthcare | Hospitality | Residential | Senior Living | Core |
|---|---|---|---|---|
|
US |
US, UK, FR, CA |
US, CA |
US, CA |
US |
Request format
Host to one of the following, depending on the region of your organization: api.amazonalexa.com or api.eu.amazonalexa.com.POST /v1/roles/{roleId}/assignments/batchAssign
Host: api.amazonalexa.com
Accept: application/json
Authorization: Bearer {LWA Token}
Request body example
{
"items": [
{
"itemId" : 0,
"principalId": "amzn1.alexa.user.example1",
"propagate": false
},
{
"itemId" : 1,
"principalId": "amzn1.alexa.user.example2",
"propagate": true
},
{
"itemId" : 2,
"principalId": "amzn1.alexa.user.example3",
"propagate": false
}
]
}
Request path parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
ID of the role to assign, in the Amazon Common Identifier (ACI) format |
String |
Yes |
Request body parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
Array of assign role request objects. The maximum number of request items in the batch request is 50. |
Array |
Yes |
|
|
Unique identifier for the request item. |
Integer |
Yes |
|
|
User ID of the principal to whom to assign the role. |
String |
Yes |
|
|
Flag that indicates if propagation should be enabled. Propagation assigns the role to the entire unit hierarchy. Only the Amazon Business account's principal ID can propagate roles. Default: false. |
Boolean |
No |
Response header
Host value is the same as the Host value in the request.Host: api.amazonalexa.com
X-Amzn-RequestId: {request-id}
Content-Type: application/json
| Field | Description | Type |
|---|---|---|
|
|
Unique identifier for the request. If a problem occurs, Amazon can use this value to troubleshoot the problem. |
String |
Response body
A successful response has no body.
Error response body example
{
"errors": [
{
"itemId": 0,
"status": 400,
"errorCode" : "INVALID_PRINCIPAL_ID",
"errorDescription": "Invalid principalId specified."
},
{
"itemId": 1,
"status": 400,
"errorCode" : "REQUEST_LIMIT_EXCEEDED",
"errorDescription": "The number of request items in the batch request exceeds the limit (50)."
}
]
}
Error response parameters
| Field | Description | Type |
|---|---|---|
|
|
Array of objects that contains descriptions of errors. For a list of possible error codes, see HTTP response codes. |
Array |
|
|
Unique identifier for the request item. |
Integer |
|
|
Error status. Example: |
String |
|
|
Error code. Example: |
String |
|
|
A description of the error. Example: |
String |
HTTP response codes
| Status Code | Name | Description |
|---|---|---|
|
202 |
ACCEPTED |
The request to assign a role for the list of principals is accepted. |
|
400 |
INVALID_PRINCIPAL_ID |
Invalid |
|
400 |
NO_UNIT_FOR_ROLE |
Role is not backed by a unit; propagation isn't supported. |
|
400 |
ROLE_ASSIGNMENT_NOT_SUPPORTED |
Downgrading an already propagated role assignment to a standalone assignment is not supported; the propagate flag should be true. |
|
400 |
DUPLICATE_REQUEST_ITEM_FOUND |
The request contains a duplicate request item. |
|
400 |
BAD_REQUEST |
The request is malformed or is missing any required parameters. |
|
400 |
INVALID_ROLE_ID |
Invalid |
|
400 |
REQUEST_LIMIT_EXCEEDED |
The request exceeded the limit on the number of principals for role assignment per one request. |
|
401 |
UNAUTHORIZED |
The access token is missing, expired, or invalid. |
|
403 |
FORBIDDEN |
The user doesn't have permission to perform the operation. |
|
404 |
ROLE_NOT_FOUND |
The requested roles weren't found. |
|
429 |
TOO_MANY_REQUESTS |
The request is throttled. |
|
500 |
INTERNAL_SERVER_ERROR |
The request couldn't be handled because of an internal service error. |
|
503 |
SERVICE_UNAVAILABLE |
The server is temporarily unavailable. |
Get a role
Call GET /v1/roles/{roleId} to get the details for the specified role.
This operation is available in the following countries.
| Healthcare | Hospitality | Residential | Senior Living | Core |
|---|---|---|---|---|
|
US |
US, UK, FR, CA, IT, DE |
US, CA |
US, UK, FR, CA, IT, DE |
US |
Request format
Host to one of the following, depending on the region of your organization: api.amazonalexa.com or api.eu.amazonalexa.com.GET /v1/roles/{roleId} HTTP/1.1
Host: api.amazonalexa.com
Accept: application/json
Authorization: Bearer {LWA Token}
Request path parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
The role ID, in the Amazon Common Identifier (ACI) format |
String |
Yes |
Response header
Host value is the same as the Host value in the request.Host: api.amazonalexa.com
X-Amzn-RequestId: {request-id}
Content-Type: application/json
| Field | Description | Type |
|---|---|---|
|
|
Unique identifier for the request. If a problem occurs, Amazon can use this value to troubleshoot the problem. |
String |
Response body example
{
"roleId": "amzn1.alexa.role.did.example",
"roleName": "Admin",
"unitId": "amzn1.alexa.unit.did.example",
"targetEntityId": "example-target-entity-id"
}
Response body parameters
unitId and targetEntityId fields. For target-entity-based roles, the response contains the targetEntityId field, and the unitId field is null or empty.| Field | Description | Type |
|---|---|---|
|
|
The role ID. |
String |
|
|
The role name. |
String |
|
|
The unit ID for the unit against which the role is defined. |
String |
|
|
The ID for the target entity against which the role is defined. |
String |
Error response
{
"description": string
}
Error response parameters
| Field | Description | Type |
|---|---|---|
|
|
A description of the error, for example "HTTP/1.1 401 The request has a missing or an invalid access token." |
String |
HTTP response codes
| Status Code | Name | Description |
|---|---|---|
|
201 |
OK |
The request succeeded. |
|
400 |
Bad Request |
The request is malformed or is missing one or more required parameters. |
|
401 |
Unauthorized |
The access token is missing, expired, or invalid. |
|
403 |
Forbidden |
The user doesn't have permission to perform the operation. |
|
429 |
Too many requests |
The request is throttled. |
|
500 |
Internal Server Error |
The request couldn't be handled because of an internal service error. |
|
503 |
Service Unavailable |
The server is temporarily unavailable. |
List role assignments for a principal
Call GET /v1/roles/assignments?principalId={principalId}&unitId={unitId}&targetEntityId={targetEntityId}&maxResults={maxResults}&nextToken={nextToken} to get the list of role assignments for the specified principal for the specified unit or target entity.
This operation is available in the following countries.
| Healthcare | Hospitality | Residential | Senior Living | Core |
|---|---|---|---|---|
|
US |
US, UK, FR, CA, IT, DE |
US, CA |
US, UK, FR, CA, IT, DE |
US |
Request format
Host to one of the following, depending on the region of your organization: api.amazonalexa.com or api.eu.amazonalexa.com.GET /v1/roles/assignments?principalId={principalId}&unitId={unitId}&targetEntityId={targetEntityId}&maxResults={maxResults}&nextToken={nextToken} HTTP/1.1
Host: api.amazonalexa.com
Accept: application/json
Authorization: Bearer {LWA Token}
Request path parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
The role ID, in the Amazon Common Identifier (ACI) format |
String |
Yes |
Request query parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
Principal ID, in the format |
String |
Yes |
|
|
Unit ID, in the Amazon Common Identifier (ACI) format |
String |
Yes |
|
|
Target entity ID. |
String |
Yes |
|
|
Token used for getting the next page of results. |
String |
No |
|
|
Maximum number of results to display. The value of this parameter must between 1 and 10. Default is 10. |
Integer |
No |
Response header
Host value is the same as the Host value in the request.Host: api.amazonalexa.com
X-Amzn-RequestId: {request-id}
Content-Type: application/json
| Field | Description | Type |
|---|---|---|
|
|
Unique identifier for the request. If a problem occurs, Amazon can use this value to troubleshoot the problem. |
String |
Response body example
{
"results" : [
{
"roleId" : "amzn1.alexa.role.did.AGUUQ4CBCDQUIRJZIZY4V3KMLSICW5MEQ2NR25XL5MQHCEFPYZFBQPDAOGVSMDU2SLO4A4PIDFNBMGX2T2LFLYQLTFLGMDSZIANNOPUJ",
"principalId" : "amzn1.account.AHRZS727KGPWJQGQRPSGZRDDOV2A"
}
],
"paginationContext": {
"nextToken": null
}
}
Response body parameters
| Field | Description | Type |
|---|---|---|
|
|
List of results (role assignments). |
List |
|
|
Role ID. |
String |
|
|
Principal ID. |
String |
|
|
Object containing pagination information. If present, the response contains incomplete results. If omitted, all results were already returned. For details, see Handling Pagination in Query Results. |
Object |
|
|
Token that you can use in the next request as the continuation token ( |
String |
Error response
{
"description": string
}
Error response parameters
| Field | Description | Type |
|---|---|---|
|
|
A description of the error, for example "HTTP/1.1 401 The request has a missing or an invalid access token." |
String |
HTTP response codes
| Status Code | Name | Description |
|---|---|---|
|
200 |
OK |
The request succeeded. |
|
400 |
Bad Request |
The request is malformed or is missing one or more required parameters. |
|
401 |
Unauthorized |
The access token is missing, expired, or invalid. |
|
403 |
Forbidden |
The user doesn't have permission to perform the operation. |
|
429 |
Too many requests |
The request is throttled. |
|
500 |
Internal Server Error |
The request couldn't be handled because of an internal service error. |
|
503 |
Service Unavailable |
The server is temporarily unavailable. |
List principal assignments for a role
Call GET /v1/roles/{roleId}/assignments?maxResults={maxResults}&nextToken={nextToken} to get the list of principal assignments for the specified role.
This operation is available in the following countries.
| Healthcare | Hospitality | Residential | Senior Living | Core |
|---|---|---|---|---|
|
US |
US, UK, FR, CA, IT, DE |
US, CA |
US, UK, FR, CA, IT, DE |
US |
Request format
Host to one of the following, depending on the region of your organization: api.amazonalexa.com or api.eu.amazonalexa.com.GET /v1/roles/{roleId}/assignments?maxResults={maxResults}&nextToken={nextToken} HTTP/1.1
Host: api.amazonalexa.com
Accept: application/json
Authorization: Bearer {LWA Token}
Request path parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
Role ID, in the Amazon Common Identifier (ACI) format |
String |
Yes |
Request query parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
Token used for getting the next page of results. |
String |
No |
|
|
Maximum number of results to display. The value of this parameter must between 1 and 10. Default is 10. |
Integer |
No |
Response header
Host value is the same as the Host value in the request.Host: api.amazonalexa.com
X-Amzn-RequestId: {request-id}
Content-Type: application/json
| Field | Description | Type |
|---|---|---|
|
|
Unique identifier for the request. If a problem occurs, Amazon can use this value to troubleshoot the problem. |
String |
Response body example
{
"results": [
{
"roleId": "amzn1.alexa.role.did.AGUUQ4CBCDQUIRJZIZY4V3KMLSICW5MEQ2NR25XL5MQHCEFPYZFBQPDAOGVSMDU2SLO4A4PIDFNBMGX2T2LFLYQLTFLGMDSZIANNOPUJ",
"principalId" : "amzn1.account.AHRZS727KGPWJQGQRPSGZRDDOV2A"
}
],
"paginationContext": {
"nextToken": null
}
}
Response body parameters
| Field | Description | Type |
|---|---|---|
|
|
List of results (role assignments). |
List |
|
|
Role ID. |
String |
|
|
Principal ID. |
String |
|
|
Object containing pagination information. If present, the response contains incomplete results. If omitted, all results were already returned. For details, see Handling Pagination in Query Results. |
Object |
|
|
Token that you can use in the next request as the continuation token ( |
String |
Error response
{
"description": string
}
Error response parameters
| Field | Description | Type |
|---|---|---|
|
|
A description of the error, for example "HTTP/1.1 401 The request has a missing or an invalid access token." |
String |
HTTP response codes
| Status Code | Name | Description |
|---|---|---|
|
200 |
OK |
The request succeeded. |
|
400 |
Bad Request |
The request is malformed or is missing one or more required parameters. |
|
401 |
Unauthorized |
The access token is missing, expired, or invalid. |
|
403 |
Forbidden |
The user doesn't have permission to perform the operation. |
|
404 |
Not found |
The requested roles weren't found. |
|
429 |
Too many requests |
The request is throttled. |
|
500 |
Internal Server Error |
The request couldn't be handled because of an internal service error. |
|
503 |
Service Unavailable |
The server is temporarily unavailable. |
Revoke a role assignment
Call DELETE /v1/roles/{roleId}/assignments to revoke a role for the specified principal.
This operation is available in the following countries.
| Healthcare | Hospitality | Residential | Senior Living | Core |
|---|---|---|---|---|
|
US |
US, UK, FR, CA, IT, DE |
US, CA |
US, UK, FR, CA, IT, DE |
US |
Request format
Host to one of the following, depending on the region of your organization: api.amazonalexa.com or api.eu.amazonalexa.com.DELETE /v1/roles/{roleId}/assignments HTTP/1.1
Host: api.amazonalexa.com
Accept: application/json
Authorization: Bearer {LWA Token}
Request and response example
DELETE /v1/roles/amzn1.alexa.role.did.AGUUQ4CBCDQUIRJZIZY4V3KMLSICW5MEQ2NR25XL5MQHCEFPYZFBQPDAOGVSMDU2SLO4A4PIDFNBMGX2T2LFLYQLTFLGMDSZIANNOPUJ/assignments?principalId=amzn1.account.AHRZS727KGPWJQGQRPSGZRDDOV2Ax&propagate=false
204 No Content
Request body
None.
Request path parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
Role ID for the role to be revoked. |
String |
Yes |
Request query parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
Principal ID for the principal whose role is to be revoked. |
String |
Yes |
|
|
Query parameter flag that indicates if propagation should be enabled. Propagation revokes the role from the entire unit hierarchy. Only the Amazon Business account's principal ID can propagate roles. |
Boolean |
No |
Response header
Host value is the same as the Host value in the request.Host: api.amazonalexa.com
X-Amzn-RequestId: {request-id}
Content-Type: application/json
| Field | Description | Type |
|---|---|---|
|
|
Unique identifier for the request. If a problem occurs, Amazon can use this value to troubleshoot the problem. |
String |
Response body
None.
Error response
{
"description": string
}
Error response parameters
| Field | Description | Type |
|---|---|---|
|
|
A description of the error, for example "HTTP/1.1 401 The request has a missing or an invalid access token." |
String |
HTTP response codes
| Status Code | Name | Description |
|---|---|---|
|
202 |
Accepted |
Role revocation propagation request for the principal is accepted. |
|
204 |
No content |
Role revoked for principal. This response code only occurs if the revocation request didn't set the propagation flag. |
|
400 |
Bad Request |
The request is malformed or is missing one or more required parameters. Example reasons include:
|
|
401 |
Unauthorized |
The access token is missing, expired, or invalid. |
|
403 |
Forbidden |
The user doesn't have permission to perform the operation. |
|
404 |
Not found |
The requested roles weren't found. |
|
429 |
Too many requests |
The request is throttled. |
|
500 |
Internal Server Error |
The request couldn't be handled because of an internal service error. |
|
503 |
Service Unavailable |
The server is temporarily unavailable. |
Batch revoke a role assignment
Call POST /v1/roles/{roleId}/assignments/batchRevoke to revoke a role for the specified principals. For details about how to retrieve the user IDs that you need for the principals, see Obtain Customer Profile Information.
After accepting the request, this operation performs perform synchronous validations and then returns a 202 (Accepted) response. Each principal is then revoked for the role asynchronously in the background.
In the case of invalid inputs, the entire batch operation fails. That is, either all the request items are processed or none.
propagate flag nor revoke a non-propagated role assignment with a propagate flag. That is, if there's an existing role assignment for a given roleId and principalId, you get an error if you try to make a role assignment request for the same roleId and principalId with the opposite propagate value.This operation is available in the following countries.
| Healthcare | Hospitality | Residential | Senior Living | Core |
|---|---|---|---|---|
|
US |
US, UK, FR, CA |
US, CA |
US, CA |
US |
Request format
Host to one of the following, depending on the region of your organization: api.amazonalexa.com or api.eu.amazonalexa.com.POST /v1/roles/{roleId}/assignments/batchRevoke
Host: api.amazonalexa.com
Accept: application/json
Authorization: Bearer {LWA Token}
Request body example
{
"items": [
{
"itemId" : 0,
"principalId": "amzn1.alexa.user.example1",
"propagate": false
},
{
"itemId" : 1,
"principalId": "amzn1.alexa.user.example2",
"propagate": true
},
{
"itemId" : 2,
"principalId": "amzn1.alexa.user.example3",
"propagate": false
}
]
}
Request path parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
ID of the role to revoke, in the Amazon Common Identifier (ACI) format |
String |
Yes |
Request body parameters
| Field | Description | Type | Required |
|---|---|---|---|
|
|
Array of assign role request objects. The maximum number of request items in the batch request is 50. |
Array |
Yes |
|
|
Unique identifier for the request item. |
Integer |
Yes |
|
|
User ID of the principal to whom to assign the role. |
String |
Yes |
|
|
Flag that indicates if propagation should be enabled. Propagation assigns the role to the entire unit hierarchy. Only the Amazon Business account's principal ID can propagate roles. The value of this flag must match the value of the associated flag for a given |
Boolean |
No |
Response header
Host value is the same as the Host value in the request.Host: api.amazonalexa.com
X-Amzn-RequestId: {request-id}
Content-Type: application/json
| Field | Description | Type |
|---|---|---|
|
|
Unique identifier for the request. If a problem occurs, Amazon can use this value to troubleshoot the problem. |
String |
Response body
A successful response has no body.
Error response body example
{
"errors": [
{
"itemId": 0,
"status": 400,
"errorCode" : "INVALID_PRINCIPAL_ID",
"errorDescription": "Invalid principalId specified."
},
{
"itemId": 1,
"status": 400,
"errorCode" : "REQUEST_LIMIT_EXCEEDED",
"errorDescription": "The number of request items in the batch request exceeds the limit (50)."
}
]
}
Error response parameters
| Field | Description | Type |
|---|---|---|
|
|
Array of objects that contains descriptions of errors. For a list of possible error codes, see HTTP response codes. |
Array |
|
|
Unique identifier for the request item. |
Integer |
|
|
Error status. Example: |
String |
|
|
Error code. Example: |
String |
|
|
A description of the error. Example: |
String |
HTTP response codes
| Status Code | Name | Description |
|---|---|---|
|
202 |
ACCEPTED |
The request to revoke a role assignment for the list of principals is accepted. |
|
400 |
INVALID_PRINCIPAL_ID |
Invalid |
|
400 |
PROPAGATED_FROM_ANOTHER_ROLE |
You attempted to revoke a propagated role assignment. Reinitiate revoke propagation at the source with the |
|
400 |
PRINCIPAL_IS_PROPAGATED |
The role revocation isn't supported for the principal. The current role assignment is the source of a propagation chain. You must pass in the |
|
400 |
PRINCIPAL_IS_NOT_PROPAGATED |
The role revocation isn't supported for the principal. The current role assignment is a non-propagated assignment. Either don't pass in the |
|
400 |
DUPLICATE_REQUEST_ITEM_FOUND |
The request contains a duplicate request item. |
|
400 |
BAD_REQUEST |
The request is malformed or is missing any required parameters. |
|
400 |
INVALID_ROLE_ID |
Invalid |
|
400 |
REQUEST_LIMIT_EXCEEDED |
The request exceeded the limit on the number of principals for role assignment per one request. |
|
401 |
UNAUTHORIZED |
The access token is missing, expired, or invalid. |
|
403 |
FORBIDDEN |
The user doesn't have permission to perform the operation. |
|
404 |
ROLE_NOT_FOUND |
The requested roles weren't found. |
|
429 |
TOO_MANY_REQUESTS |
The request is throttled. |
|
500 |
INTERNAL_SERVER_ERROR |
The request couldn't be handled because of an internal service error. |
|
503 |
SERVICE_UNAVAILABLE |
The server is temporarily unavailable. |
Last updated: Mar 30, 2022