Assign a role to an identity at a node

POST

/api/v1/assignments

Authentication

Bearer Token Authorization
JWT access token
API Key X-API-Key
API key for management-tier access

Request body

identity_idstring*
node_idstring*
role_idstring*
effective_fromstring
effective_tostring

Code samples

cURL

JavaScript

Python

curl -X POST "https://api.canopy.dev/api/v1/assignments" \
  -H "X-API-Key: $CANOPY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "identity_id": "string",
    "node_id": "string",
    "role_id": "string",
    "effective_from": "string",
    "effective_to": "string"
  }'

const response = await fetch("https://api.canopy.dev/api/v1/assignments", {
  method: "POST",
  headers: {
    "X-API-Key": "$CANOPY_API_KEY",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "identity_id": "string",
    "node_id": "string",
    "role_id": "string",
    "effective_from": "string",
    "effective_to": "string"
  }),
});

const data = await response.json();

import requests

response = requests.post(
    "https://api.canopy.dev/api/v1/assignments",
    headers={
    "X-API-Key": "$CANOPY_API_KEY",
    "Content-Type": "application/json"
    },
    json={
        "identity_id": "string",
        "node_id": "string",
        "role_id": "string",
        "effective_from": "string",
        "effective_to": "string",
    },
)

data = response.json()

package main

import (
	"bytes"
	"encoding/json"
	"net/http"
)

func main() {
	payload := map[string]interface{}{
		"identity_id": "string",
		"node_id": "string",
		"role_id": "string",
		"effective_from": "string",
		"effective_to": "string",
	}
	body, _ := json.Marshal(payload)

	req, _ := http.NewRequest("POST", "https://api.canopy.dev/api/v1/assignments", bytes.NewBuffer(body))
	req.Header.Set("X-API-Key", "$CANOPY_API_KEY")
	req.Header.Set("Content-Type", "application/json")

	resp, _ := http.DefaultClient.Do(req)
	defer resp.Body.Close()
}

Responses

201 Assignment created

{
  "id": "string",
  "identity_id": "string",
  "application_node_id": "string",
  "role_id": "string",
  "effective_from": "2026-04-20T12:00:00.000Z",
  "effective_to": "2026-04-20T12:00:00.000Z",
  "created_at": "2026-04-20T12:00:00.000Z",
  "updated_at": "2026-04-20T12:00:00.000Z"
}

application/json

idstring*
identity_idstring*
application_node_idstring*
role_idstring*
effective_fromstring (date-time)
effective_tostring (date-time)
created_atstring (date-time)*
updated_atstring (date-time)*

400 System roles cannot be assigned to identities — they are reserved for platform administration

401 Invalid or expired token

403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

409 Identity already has this role at this node

Returned object

The AssignmentResponseDto object View all properties on this resource

On this page

GETList all assignments across the Application
GETGet App-wide assignment summary
PATCHUpdate an assignment
DELETERemove an assignment
POSTBulk remove assignments
POSTBulk change role on assignments
POSTBulk-create role assignments. All-or-nothing: any failure rolls back the entire batch