ConductorOne API: The ConductorOne API is a HTTP API for managing ConductorOne resources.
Tip
To finish publishing your SDK to PyPI you must run your first generation action.
Note
Python version upgrade policy
Once a Python version reaches its official end of life date, a 3-month grace period is provided for users to upgrade. Following this grace period, the minimum python version supported in the SDK will be updated.
The SDK can be installed with uv, pip, or poetry package managers.
uv is a fast Python package installer and resolver, designed as a drop-in replacement for pip and pip-tools. It's recommended for its speed and modern Python tooling capabilities.
uv add git+https://github.com/ConductorOne/conductorone-sdk-python.gitPIP is the default package installer for Python, enabling easy installation and management of packages from PyPI via the command line.
pip install git+https://github.com/ConductorOne/conductorone-sdk-python.gitPoetry is a modern tool that simplifies dependency management and package publishing by using a single pyproject.toml file to handle project metadata and dependencies.
poetry add git+https://github.com/ConductorOne/conductorone-sdk-python.gitYou can use this SDK in a Python shell with uv and the uvx command that comes with it like so:
uvx --from sdk pythonIt's also possible to write a standalone Python script without needing to set up a whole project like so:
#!/usr/bin/env -S uv run --script
# /// script
# requires-python = ">=3.9"
# dependencies = [
# "sdk",
# ]
# ///
from sdk import SDK
sdk = SDK(
# SDK arguments
)
# Rest of script here...Once that is saved to a file, you can run it with uv run script.py where
script.py can be replaced with the actual file name.
import sdk
from sdk.models import shared
s = sdk.sdk_with_credentials("CLIENT_ID", "CLIENT_SECRET")
req = shared.AppEntitlementSearchServiceSearchRequest(
page_size=100,
)
res = s.app_entitlement_search.search(req)
if res.app_entitlement_search_service_search_response is not None:
# For more decoding options, see `https://pypi.org/project/dataclasses-json/`
res = res.app_entitlement_search_service_search_response.to_dict()Available methods
- create_monitor - Create Monitor
- delete_monitor - Delete Monitor
- get_monitor - Get Monitor
- update_monitor - Update Monitor
- test - Test
- cancel_app_access_requests_defaults - Cancel App Access Requests Defaults
- create_app_access_requests_defaults - Create App Access Requests Defaults
- get_app_access_requests_defaults - Get App Access Requests Defaults
- create_app_entitlement_monitor_binding - Create App Entitlement Monitor Binding
- delete_app_entitlement_monitor_binding - Delete App Entitlement Monitor Binding
- get_app_entitlement_monitor_binding - Get App Entitlement Monitor Binding
- search - Search
- search_app_entitlements_for_app_user - Search App Entitlements For App User
- search_app_entitlements_with_expired - Search App Entitlements With Expired
- search_grants - Search Grants
- list_app_users_for_identity_with_grant - List App Users For Identity With Grant
- remove_grant_duration - Remove Grant Duration
- search_grant_feed - Search Grant Feed
- search_past_grants - Search Past Grants
- update_grant_duration - Update Grant Duration
- add_automation_exclusion - Add Automation Exclusion
- add_manually_managed_members - Add Manually Managed Members
- create - Create
- create_automation - Create Automation
- delete - Delete
- delete_automation - Delete Automation
- get - Get
- get_automation - Get Automation
- list - List
- list_automation_exclusions - List Automation Exclusions
- list_for_app_resource - List For App Resource
- list_for_app_user - List For App User
list_users- List Users⚠️ Deprecated- remove_automation_exclusion - Remove Automation Exclusion
- remove_entitlement_membership - Remove Entitlement Membership
- update - Update
- update_automation - Update Automation
- list - List
- generate_report - Generate Report
- create_manually_managed_app_resource - Create Manually Managed App Resource
- delete_manually_managed_app_resource - Delete Manually Managed App Resource
- get - Get
- list - List
- update - Update
- search_app_resource_types - Search App Resource Types
- search_app_resources - Search App Resources
- create_manually_managed_resource_type - Create Manually Managed Resource Type
- delete_manually_managed_resource_type - Delete Manually Managed Resource Type
- get - Get
- list - List
- update_manually_managed_resource_type - Update Manually Managed Resource Type
- search - Search
- list - List
- list_app_user_credentials - List App User Credentials
- list_app_users_for_user - List App Users For User
- search - Search
- update - Update
- search_attribute_values - Search Attribute Values
- create_attribute_value - Create Attribute Value
- create_compliance_framework_attribute_value - Create Compliance Framework Attribute Value
- create_risk_level_attribute_value - Create Risk Level Attribute Value
- delete_attribute_value - Delete Attribute Value
- delete_compliance_framework_attribute_value - Delete Compliance Framework Attribute Value
- delete_risk_level_attribute_value - Delete Risk Level Attribute Value
- get_attribute_value - Get Attribute Value
- get_compliance_framework_attribute_value - Get Compliance Framework Attribute Value
- get_risk_level_attribute_value - Get Risk Level Attribute Value
- list_attribute_types - List Attribute Types
- list_attribute_values - List Attribute Values
- list_compliance_frameworks - List Compliance Frameworks
- list_risk_levels - List Risk Levels
- introspect - Introspect
- create_automation - Create Automation
- delete_automation - Delete Automation
- execute_automation - Execute Automation
- get_automation - Get Automation
- list_automations - List Automations
- update_automation - Update Automation
- get_automation_execution - Get Automation Execution
- list_automation_executions - List Automation Executions
- terminate_automation - Terminate Automation
- search_automation_executions - Search Automation Executions
- search_automation_template_versions - Search Automation Template Versions
- search_automations - Search Automations
- get - Get
- confirm_sync_valid - Confirm Sync Valid
- create - Create
- create_delegated - Create Delegated
- delete - Delete
- force_sync - Force Sync
- get - Get
- get_credentials - Get Credentials
- list - List
- pause_sync - Pause Sync
- resume_sync - Resume Sync
- revoke_credential - Revoke Credential
- rotate_credential - Rotate Credential
- update - Update
- update_delegated - Update Delegated
- validate_http_connector_config - Validate Http Connector Config
- configuration_schema - Configuration Schema
- search - Search
- commit - Commit
- create_function - Create Function
- create_tag - Create Tag
- delete_function - Delete Function
- get_commit - Get Commit
- get_function - Get Function
- invoke - Invoke
- list_commits - List Commits
- list_functions - List Functions
- list_tags - List Tags
- update_function - Update Function
- search - Search
- create - Create
- delete - Delete
- get - Get
- list - NOTE: Only shows personal clients for the current user.
- update - Update
- search - NOTE: Searches personal clients for all users
- search - Search
- validate_cel - Validate Cel
- add_access_entitlements - Add Access Entitlements
- add_app_entitlements - Add App Entitlements
- create - Create
- create_bundle_automation - Create Bundle Automation
- delete - Delete
- delete_bundle_automation - Delete Bundle Automation
- force_run_bundle_automation - Force Run Bundle Automation
- get - Get
- get_bundle_automation - Get Bundle Automation
- list - List
- list_all_entitlement_ids_per_app - List All Entitlement Ids Per App
- list_entitlements_for_access - List Entitlements For Access
- list_entitlements_per_catalog - List Entitlements Per Catalog
- remove_access_entitlements - Remove Access Entitlements
- remove_app_entitlements - Remove App Entitlements
- resume_paused_bundle_automation - Resume Paused Bundle Automation
- set_bundle_automation - Set Bundle Automation
- update - Update
- update_app_entitlements - Update App Entitlements
- search_entitlements - Search Entitlements
- create - Create
- create_entitlement_binding - Create Entitlement Binding
- delete - Delete
- find_binding_for_app_entitlement - Find Binding For App Entitlement
- get - Get
- remove_entitlement_binding - Remove Entitlement Binding
- update - Update
- get - Get
- test_source_ip - Test Source Ip
- update - Update
- create - Create
- delete - Delete
- get - Get
- list - List
- search - Search
- test - Test
- update - Update
- update_secret - Update Secret
- list_events - List Events
- create_grant_task - Create Grant Task
- create_offboarding_task - Create Offboarding Task
- create_revoke_task - Create Revoke Task
- get - Get
- approve - Approve
- approve_with_step_up - Approve With Step Up
- close - Close
- comment - Comment
- deny - Deny
- escalate_to_emergency_access - Escalate To Emergency Access
- hard_reset - Hard Reset
- process_now - Process Now
- reassign - Reassign
- restart - Restart
- skip_step - Skip Step
- update_grant_duration - Update Grant Duration
- update_request_data - Update Request Data
- list - List
- search - Search
- get - Get
- get_user_profile_types - Get User Profile Types
- list - List
- set_expiring_user_delegation_binding_by_admin - Set Expiring User Delegation Binding By Admin
- search - Search
- search - Search
SDKBaseError is the base class for all HTTP error responses. It has the following properties:
| Property | Type | Description |
|---|---|---|
err.message |
str |
Error message |
err.status_code |
int |
HTTP response status code eg 404 |
err.headers |
httpx.Headers |
HTTP response headers |
err.body |
str |
HTTP body. Can be empty string if no body is returned. |
err.raw_response |
httpx.Response |
Raw HTTP response |
from sdk import SDK
from sdk.models import errors, shared
with SDK(
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
res = None
try:
res = s_client.access_conflict.create_monitor()
assert res.conflict_monitor is not None
# Handle response
print(res.conflict_monitor)
except errors.SDKBaseError as e:
# The base class for HTTP error responses
print(e.message)
print(e.status_code)
print(e.body)
print(e.headers)
print(e.raw_response)Primary error:
SDKBaseError: The base class for HTTP error responses.
Less common errors (5)
Network errors:
httpx.RequestError: Base class for request errors.httpx.ConnectError: HTTP client was unable to make a request to a server.httpx.TimeoutException: HTTP request timed out.
Inherit from SDKBaseError:
ResponseValidationError: Type mismatch between the response data and the expected Pydantic model. Provides access to the Pydantic validation error via thecauseattribute.
The default server https://{tenantDomain}.conductor.one contains variables and is set to https://example.conductor.one by default. To override default values, the following parameters are available when initializing the SDK client instance:
| Variable | Parameter | Default | Description |
|---|---|---|---|
tenantDomain |
tenant_domain: str |
"example" |
The domain of the tenant to use for this request. |
from sdk import SDK
from sdk.models import shared
with SDK(
tenant_domain="<value>"
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
res = s_client.access_conflict.create_monitor()
assert res.conflict_monitor is not None
# Handle response
print(res.conflict_monitor)The default server can be overridden globally by passing a URL to the server_url: str optional parameter when initializing the SDK client instance. For example:
from sdk import SDK
from sdk.models import shared
with SDK(
server_url="https://example.conductor.one",
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
res = s_client.access_conflict.create_monitor()
assert res.conflict_monitor is not None
# Handle response
print(res.conflict_monitor)The Python SDK makes API calls using the httpx HTTP library. In order to provide a convenient way to configure timeouts, cookies, proxies, custom headers, and other low-level configuration, you can initialize the SDK client with your own HTTP client instance.
Depending on whether you are using the sync or async version of the SDK, you can pass an instance of HttpClient or AsyncHttpClient respectively, which are Protocol's ensuring that the client has the necessary methods to make API calls.
This allows you to wrap the client with your own custom logic, such as adding custom headers, logging, or error handling, or you can just pass an instance of httpx.Client or httpx.AsyncClient directly.
For example, you could specify a header for every request that this sdk makes as follows:
from sdk import SDK
import httpx
http_client = httpx.Client(headers={"x-custom-header": "someValue"})
s = SDK(client=http_client)or you could wrap the client with your own custom logic:
from sdk import SDK
from sdk.httpclient import AsyncHttpClient
import httpx
class CustomClient(AsyncHttpClient):
client: AsyncHttpClient
def __init__(self, client: AsyncHttpClient):
self.client = client
async def send(
self,
request: httpx.Request,
*,
stream: bool = False,
auth: Union[
httpx._types.AuthTypes, httpx._client.UseClientDefault, None
] = httpx.USE_CLIENT_DEFAULT,
follow_redirects: Union[
bool, httpx._client.UseClientDefault
] = httpx.USE_CLIENT_DEFAULT,
) -> httpx.Response:
request.headers["Client-Level-Header"] = "added by client"
return await self.client.send(
request, stream=stream, auth=auth, follow_redirects=follow_redirects
)
def build_request(
self,
method: str,
url: httpx._types.URLTypes,
*,
content: Optional[httpx._types.RequestContent] = None,
data: Optional[httpx._types.RequestData] = None,
files: Optional[httpx._types.RequestFiles] = None,
json: Optional[Any] = None,
params: Optional[httpx._types.QueryParamTypes] = None,
headers: Optional[httpx._types.HeaderTypes] = None,
cookies: Optional[httpx._types.CookieTypes] = None,
timeout: Union[
httpx._types.TimeoutTypes, httpx._client.UseClientDefault
] = httpx.USE_CLIENT_DEFAULT,
extensions: Optional[httpx._types.RequestExtensions] = None,
) -> httpx.Request:
return self.client.build_request(
method,
url,
content=content,
data=data,
files=files,
json=json,
params=params,
headers=headers,
cookies=cookies,
timeout=timeout,
extensions=extensions,
)
s = SDK(async_client=CustomClient(httpx.AsyncClient()))Generally, the SDK will work well with most IDEs out of the box. However, when using PyCharm, you can enjoy much better integration with Pydantic by installing an additional plugin.
This SDK supports the following security schemes globally:
| Name | Type | Scheme |
|---|---|---|
bearer_auth |
http | HTTP Bearer |
oauth |
oauth2 | OAuth2 token |
You can set the security parameters through the security optional parameter when initializing the SDK client instance. The selected scheme will be used by default to authenticate with the API for all operations that support it. For example:
from sdk import SDK
from sdk.models import shared
with SDK(
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
res = s_client.access_conflict.create_monitor()
assert res.conflict_monitor is not None
# Handle response
print(res.conflict_monitor)Some of the endpoints in this SDK support pagination. To use pagination, you make your SDK calls as usual, but the
returned response object will have a Next method that can be called to pull down the next group of results. If the
return value of Next is None, then there are no more pages to be fetched.
Here's an example of one such pagination call:
from sdk import SDK
from sdk.models import shared
with SDK(
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
res = s_client.app_entitlement_search.search()
while res is not None:
# Handle items
res = res.next()Some of the endpoints in this SDK support retries. If you use the SDK without any configuration, it will fall back to the default retry strategy provided by the API. However, the default retry strategy can be overridden on a per-operation basis, or across the entire SDK.
To change the default retry strategy for a single API call, simply provide a RetryConfig object to the call:
from sdk import SDK
from sdk.models import shared
from sdk.utils import BackoffStrategy, RetryConfig
with SDK(
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
res = s_client.access_conflict.create_monitor(,
RetryConfig("backoff", BackoffStrategy(1, 50, 1.1, 100), False))
assert res.conflict_monitor is not None
# Handle response
print(res.conflict_monitor)If you'd like to override the default retry strategy for all operations that support retries, you can use the retry_config optional parameter when initializing the SDK:
from sdk import SDK
from sdk.models import shared
from sdk.utils import BackoffStrategy, RetryConfig
with SDK(
retry_config=RetryConfig("backoff", BackoffStrategy(1, 50, 1.1, 100), False),
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
res = s_client.access_conflict.create_monitor()
assert res.conflict_monitor is not None
# Handle response
print(res.conflict_monitor)The SDK class implements the context manager protocol and registers a finalizer function to close the underlying sync and async HTTPX clients it uses under the hood. This will close HTTP connections, release memory and free up other resources held by the SDK. In short-lived Python programs and notebooks that make a few SDK method calls, resource management may not be a concern. However, in longer-lived programs, it is beneficial to create a single SDK instance via a context manager and reuse it across the application.
from sdk import SDK
from sdk.models import shared
def main():
with SDK(
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
# Rest of application here...
# Or when using async:
async def amain():
async with SDK(
security=shared.Security(
bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
oauth="<YOUR_OAUTH_HERE>",
),
) as s_client:
# Rest of application here...You can setup your SDK to emit debug logs for SDK requests and responses.
You can pass your own logger class directly into your SDK.
from sdk import SDK
import logging
logging.basicConfig(level=logging.DEBUG)
s = SDK(debug_logger=logging.getLogger("sdk"))This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
While we value open-source contributions to this SDK, this library is generated programmatically. Feel free to open a PR or a Github issue as a proof of concept and we'll do our best to include it in a future release!