Permissions API

The Permissions API allows for the querying of Permissions in a Celonis Platform team (not including data level permissions) and then extract this data to provide detailed insights into access management in your team. Once the data is extracted, you can feed the information back into the Celonis Platform to create a data model using your data. This allows you to create your own views in Studio using the data pulled from the API.

To connect to the APIs and create an extractor, follow these procedures which are also the same for Audit logs.

Use Cases

The Permissions API can be used to:

• Connect external monitoring tools, such as SIEM tools, to capture and monitor platform admin and change events to access management.
• Export Permission events back into a Celonis Studio view or other tool for analysis or risk assessment needs.
• Export Permissions configurations back into Celonis Studio to complete a picture of user behaviour along with data from other API’s such as Platform Adoption, Team and Login history.

Authentication

This API supports multiple methods of authentication:

• (preferred method) Via OAuth 2.0 token with scope authorization.permissions:read , passed in an HTTP header like this: Authorization: Bearer TOKEN .
• Via Application keys, passed in an HTTP header like this: Authorization: AppKey APPLICATION_KEY .
• Via API keys, passed in an HTTP header like this: Authorization: Bearer API_KEY .

See this help page for more information about OAuth 2.0.