🔌Just-in-time API

P0’s Just-In-Time APIs enable secure, automated access provisioning with fine-grained control. These APIs are purpose-built for modern DevOps and security teams who need to grant ephemeral access based on intent, not static policies.

Key API Groups:

• Command API – Submit actionable commands that trigger access workflows, such as requesting temporary AWS roles or starting pre-approved tasks. Ideal for CLI or bot-driven automation.

• Access Requests API – Programmatically approve, deny, or revoke access requests with full context. These APIs allow security teams and automated systems to control access lifecycles in real time.

• Routing Rules API – Define dynamic access logic that maps incoming requests to specific policies or destinations. This enables custom routing based on user, group, environment, or resource context.

All endpoints are protected with bearer tokens and designed for high-trust, auditable interactions.

JIT Settings in P0 Management

P0 Management provides a user-friendly interface to configure key Just-in-time (JIT) access settings: custom expiry, max access duration, and persistent access duration. These settings define the lifetime and conditions of temporary access for users. Admins can configure these parameters directly within the app, allowing for granular control over access privileges in line with least-privilege principles and audit requirements. By tailoring these durations in the UI, organizations can automate and standardize just-in-time access workflows without leaving the P0 platform.

Impact on User Access and Permissions

When set on the P0 Management page, these settings directly influence how users request and receive access within the app:

• Custom Expiry

  • Admins can define multiple custom expiry presets (e.g., 30 minutes, 2 hours, 1 day).

  • When users request access, these presets appear as selectable options in the access request UI, allowing requesters or approvers to choose the most appropriate duration for the use case.

  • This streamlines access requests, promotes consistency, and reduces the risk of over-permissioning.

• Max Access Duration

  • Sets the upper limit for how long any single access grant can last, regardless of the preset or custom request.

  • The UI enforces this limit, preventing users or approvers from granting access that exceeds the configured maximum.

  • This ensures no temporary access persists longer than governance policies allow.

• Persistent Access Duration

  • Defines the standard (default) duration for recurring or standing access (such as scheduled access windows).

  • Admins can configure these durations directly from the P0 Management page, supporting dynamic permissioning and minimizing standing privileges.

  • The UI will apply this default when users or automation processes request standing access, reducing manual errors.

These controls allow admins to tailor access durations directly in the app, streamlining workflows and supporting least-privilege principles. For more details, see JIT Settings API.