Just-in-time settings API

The JIT Access Settings API allows organizations to define how long temporary access should last—and under what conditions. Admins can configure standing and maximum access durations, create custom expiry presets, and enforce approval policies like requiring justifications or second-party approval. This makes it easy to align access privileges with least-privilege principles and audit requirements, without slowing teams down.

Add a custom expiry duration

post

Authorizations

Body

timenumberRequired

unitstring · enumRequiredPossible values:

Responses

204

Custom expiry added

400

Bad request

401

Unauthorized

post

POST /o/demo-org/settings/expiry-options HTTP/1.1
Host: api.p0.app
Authorization: Bearer API Key
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "time": 2,
  "unit": "h"
}

No content

Remove a custom expiry duration

delete

Authorizations

Path parameters

keystringRequired

Responses

204

Custom expiry removed

400

Bad request

401

Unauthorized

delete

DELETE /o/demo-org/settings/expiry-options/{key} HTTP/1.1
Host: api.p0.app
Authorization: Bearer API Key
Accept: */*

No content

Reset custom expiry durations

post

Authorizations

Responses

200

Reset expiry options

application/json

400

Bad request

401

Unauthorized

post

POST /o/demo-org/settings/expiry-options/_reset HTTP/1.1
Host: api.p0.app
Authorization: Bearer API Key
Accept: */*

{
  "options": [
    {
      "time": 5,
      "unit": "m",
      "value": "5 minutes"
    },
    {
      "time": 1,
      "unit": "h",
      "value": "1 hour"
    },
    {
      "time": 24,
      "unit": "h",
      "value": "1 day"
    },
    {
      "time": 168,
      "unit": "h",
      "value": "1 week"
    },
    {
      "time": 720,
      "unit": "h",
      "value": "30 days"
    }
  ]
}

Update approval settings

put

Authorizations

Body

allowOnePartybooleanOptional

requireReasonbooleanOptional

Responses

204

Settings updated

400

Bad request

401

Unauthorized

put

PUT /o/demo-org/settings/default-approvals HTTP/1.1
Host: api.p0.app
Authorization: Bearer API Key
Content-Type: application/json
Accept: */*
Content-Length: 43

{
  "allowOneParty": true,
  "requireReason": true
}

No content

Set custom standing access duration

put

Authorizations

Body

timenumberRequired

unitstring · enumRequiredPossible values:

Responses

200

Standing access configured

application/json

400

Bad request

401

Unauthorized

put

PUT /o/demo-org/settings/standing-access-duration HTTP/1.1
Host: api.p0.app
Authorization: Bearer API Key
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "time": 2,
  "unit": "h"
}

{
  "ok": true,
  "standingAccessDuration": {
    "time": 2,
    "unit": "h",
    "value": "2 hours"
  }
}

Set custom maximum access duration

put

Authorizations

Body

timenumberRequired

unitstring · enumRequiredPossible values:

Responses

200

Max access configured

application/json

400

Bad request

401

Unauthorized

put

PUT /o/demo-org/settings/max-access-duration HTTP/1.1
Host: api.p0.app
Authorization: Bearer API Key
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "time": 2,
  "unit": "h"
}

{
  "ok": true,
  "maxAccessDuration": {
    "time": 2,
    "unit": "h",
    "value": "2 hours"
  }
}

PreviousRole Management API NextInstalling p0 CLI

Last updated 2 months ago