P0 App Documentation
Sign up for FreeKnowledge Base
  • What Is P0?
    • πŸŽ›οΈIAM Dashboard
    • πŸ”ŽAccess Inventory
    • πŸͺ‘IAM Posture
    • ⏱️Just-In-Time Access
    • ♻️Service-Account Key Rotation
  • Getting Started
    • ⬇️Quick Start
    • 🎁Share P0 With Your Team
  • INVENTORY
    • πŸ—ΊοΈAccess Inventory
    • πŸ”¬Result Details
    • ❔Query Search
      • πŸ“–Search Reference
  • Posture
    • βš–οΈPosture Overview
  • Monitor Results
  • πŸ€”Finding Details
  • ORCHESTRATION
    • ⏰Just-in-time access
      • πŸ–οΈRequesting Access
        • πŸ‘‰For Another Party
      • 🏁Approving Access
        • Pre-approving Access
      • πŸ”€Request Routing
        • Google Cloud Filtering
        • AWS Filtering
      • πŸ—’οΈSession Recording
        • πŸ“¦AWS
      • πŸ”ŒJust-in-time API
        • Command API
        • Access Requests API
        • Routing Rules API
  • Environments
    • ☁️Creating an Environment
    • πŸ““Environment Terminology
    • βš™οΈSettings
  • Integrations
    • πŸ“žNotifier integrations
      • πŸ’¬Slack
      • πŸ‘¬Microsoft Teams
      • πŸ“£Custom Notifiers
        • AWS Lambda Notifier
    • πŸ”‘Resource integrations
      • ☁️Google Cloud
        • Security Perimeter
        • Requesting Access
        • Permissions Reference
          • Cloud Storage
          • Compute Engine
        • Function Caller
      • πŸ“¦AWS
        • Requesting Access
        • AWS Integration API
        • Function Caller
      • ☸️Kubernetes
        • Requesting Access
        • Advanced Requests
      • πŸ”‹PostgreSQL
        • Requesting Access
      • ❄️Snowflake
      • πŸ–₯️SSH
      • GitHub
        • Requesting Access
      • πŸ› οΈCustom Resource
        • Installing a Custom Resource Integration
    • πŸ‘₯Directory integrations
      • Microsoft Entra ID
        • Requesting Access
      • Google Workspace
      • Okta
    • βœ”οΈApproval integrations
      • πŸ””PagerDuty
    • ⚑SIEM Integrations
      • Splunk HEC Setup
  • πŸ“Tracker integrations
    • 🎟️Jira
  • P0 Management
    • 🎩Role-Based Access Control
    • πŸ”ŒManagement API
      • Role Management API
      • Just-in-time settings API
Powered by GitBook
On this page
  1. Integrations
  2. Resource integrations

Custom Resource

Integrate P0 with any internal system you own, or with systems that do not have a built-in integration yet.

The Custom Resource integration is designed to let you securely manage access to external or on-premise applications. Whenever a user is granted or revoked access through P0, your configured endpoint will be invoked automatically β€” giving you full control over how that access is provisioned or removed in your own systems.

The Custom Resource integration leverages AWS Lambda or Google Cloud Run to invoke your external applications securely and flexibly. This approach offers several key advantages:

  • No credentials to manage: Authentication is handled via IAM or identity tokens, so there's nothing to rotate or store.

  • Full control: You can filter, transform, or enrich the data before it reaches your downstream systems.

  • Easier debugging: Logs live in your cloud environment, making it easy to trace, monitor, and troubleshoot.

  • Zero infrastructure lock-in: Use any language or runtime your service supports β€” it's just a web endpoint.

  • Scales with your needs: Cloud-native scaling handles bursty workloads without pre-provisioning.

Both deployment methods will receive the same standardized event payload, as defined by our OpenAPI specification. This makes it easy to reuse the same logic across environments or switch providers later with minimal effort.

Set up Custom Resource Integration

Configuration Parameters

These parameters are configured by you during setup.

The examples use an integration that connects users to an internal application for customer administration at a multi-tenant B2B company.

Parameter
Description
Example Value

Application ID

The identifier of the system you are integrating*

customerAdminApp

Application Name

The name of the custom resource integration

Internal Customer Admin App

* Identifiers in P0 do not allow whitespace. By convention use camel-casing. Not visible to users.

OpenAPI Specification

This specification describes the API endpoint you must implement to create a custom resource integration in P0.

PreviousRequesting AccessNextInstalling a Custom Resource Integration

Last updated 6 days ago

πŸ”‘
πŸ› οΈ
  • Set up Custom Resource Integration
  • Configuration Parameters
  • OpenAPI Specification
  • POSTHandle access request event

Handle access request event

post

Grant a user access to a resource

Authorizations
Body
one ofOptional
or
or
Responses
200
Success
application/json
Responseone of
objectOptional
or
201
Success
application/json
202
Success
application/json
default
Error
application/json
post
POST / HTTP/1.1
Host: 
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 278

{
  "eventType": "grant",
  "data": {
    "requestId": "00iJ7cFPzE8rXb9bwto8",
    "type": "internalEnvironmentViewerApp",
    "principal": "access-receiver@example.com",
    "requestor": "access-initiator@example.com",
    "reason": "I need access to troubleshoot an issue",
    "permission": {
      "item": "my-customer-inc"
    }
  }
}
{}