Just-in-time settings API

The JIT Access Settings API allows organizations to define how long temporary access should last—and under what conditions. Admins can configure standing and maximum access durations, create custom expiry presets, and enforce approval policies like requiring justifications or second-party approval. This makes it easy to align access privileges with least-privilege principles and audit requirements, without slowing teams down.

Add a custom expiry duration

post

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

timenumberRequired

unitstring · enumRequiredPossible values:

Responses

204

Custom expiry added

400

Bad request

401

Unauthorized

post

/expiry-options

POST /o/demo-org/settings/expiry-options HTTP/1.1
Host: api.p0.app
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "time": 2,
  "unit": "h"
}

No content

Remove a custom expiry duration

delete

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

keystringRequired

Responses

204

Custom expiry removed

400

Bad request

401

Unauthorized

delete

/expiry-options/{key}

DELETE /o/demo-org/settings/expiry-options/{key} HTTP/1.1
Host: api.p0.app
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Reset custom expiry durations

post

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Responses

200

Reset expiry options

application/json

400

Bad request

401

Unauthorized

post

/expiry-options/_reset

POST /o/demo-org/settings/expiry-options/_reset HTTP/1.1
Host: api.p0.app
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "options": [
    {
      "time": 5,
      "unit": "m",
      "value": "5 minutes"
    },
    {
      "time": 1,
      "unit": "h",
      "value": "1 hour"
    },
    {
      "time": 24,
      "unit": "h",
      "value": "1 day"
    },
    {
      "time": 168,
      "unit": "h",
      "value": "1 week"
    },
    {
      "time": 720,
      "unit": "h",
      "value": "30 days"
    }
  ]
}

Set custom standing access duration

put

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

timenumberRequired

unitstring · enumRequiredPossible values:

Responses

200

Standing access configured

application/json

okbooleanOptional

400

Bad request

401

Unauthorized

put

/standing-access-duration

PUT /o/demo-org/settings/standing-access-duration HTTP/1.1
Host: api.p0.app
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "time": 2,
  "unit": "h"
}

{
  "ok": true,
  "standingAccessDuration": {
    "time": 2,
    "unit": "h",
    "value": "2 hours"
  }
}

Set custom maximum access duration

put

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

timenumberRequired

unitstring · enumRequiredPossible values:

Responses

200

Max access configured

application/json

okbooleanOptional

400

Bad request

401

Unauthorized

put

/max-access-duration

PUT /o/demo-org/settings/max-access-duration HTTP/1.1
Host: api.p0.app
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "time": 2,
  "unit": "h"
}

{
  "ok": true,
  "maxAccessDuration": {
    "time": 2,
    "unit": "h",
    "value": "2 hours"
  }
}

PreviousRole Management API NextInstalling p0 CLI

Last updated 6 months ago

hashtagAdd a custom expiry duration

hashtagRemove a custom expiry duration

hashtagReset custom expiry durations

hashtagSet custom standing access duration

hashtagSet custom maximum access duration

Add a custom expiry duration

Remove a custom expiry duration

Reset custom expiry durations

Set custom standing access duration

Set custom maximum access duration