x-cpod-domain: technology
Technology
The technology assets your org runs and who is entitled to them.
Try in explorer
client.technology · client.entitlementsTechnologyAsset
A piece of technology your org runs (SaaS, internal service, system).
REST path
/api/v1/technologyOperations
listgetcreateupdatedeleteSDK
// list — returns only your records; add filters/search:
await client.technology.technology.list()
// create:
await client.technology.technology.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
app_id: "example app_id",
created_by: "rec_01HXEXAMPLE",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| name | string | Short, machine-friendly name for the asset (no spaces, kebab-case recommended). Used in API paths and internal references. |
| display_name | string | Human-readable display name for the asset as shown in the UI. |
| description | string | Detailed description of this asset, its purpose, and its role in the enterprise technology stack. |
| type | string | Technology classification of this asset. |
| category | string | Business category of the asset (e.g. 'identity', 'productivity', 'security', 'cloud', 'devtools'). Used for grouping in dashboards. |
| vendor | string | Name of the vendor or publisher of this asset. |
| version | string | Current deployed version of the asset. Null for SaaS products where version is vendor-managed. |
| status | string | Lifecycle status of this asset. 'deprecated' assets are being phased out but still operational. 'decommissioned' assets are retired. |
| owner | json | The person and optionally a group responsible for this asset's governance, access approvals, and lifecycle decisions. |
| environment | string | Deployment environment. 'dr' is disaster recovery. |
| hosting | string | Where this asset is hosted. 'saas' indicates a fully vendor-managed product. |
| cloud_provider | string | Cloud provider when hosting is 'cloud' or 'hybrid'. Null otherwise. |
| region | string | Cloud or datacenter region where this asset is primarily hosted. |
| url | string | Primary URL for accessing this asset (e.g. the application URL, admin console, or API endpoint). |
| tags | json | Array of tag strings for grouping, filtering, and policy application. |
| criticality | string | Business criticality rating. 'critical' assets affect core business operations and require the strictest access controls. |
| data_classification | string | Highest data classification level processed or stored by this asset. Drives data handling and encryption requirements. |
| owner_id | uuid | User / person id of the primary owner of this asset. |
AccessEntitlement
A grant of access on a TechnologyAsset to a Person or Group.
REST path
/api/v1/entitlementsOperations
listgetcreateupdaterevokeSDK
// list — returns only your records; add filters/search:
await client.technology.entitlements.list()
// create:
await client.technology.entitlements.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
app_id: "example app_id",
created_by: "rec_01HXEXAMPLE",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| asset_id | uuid | UUID of the TechnologyAsset to which this entitlement grants access. |
| principal_id | uuid | UUID of the Person or Group that holds this entitlement. The type is determined by principalType. |
| principal_type | string | Discriminator indicating whether principalId refers to a Person or a Group. |
| entitlement_type | string | The specific permission role or access level granted. Values are asset-specific (e.g. 'admin', 'read_only', 'contributor', 'owner', 'billing_admin'). Free-form |
| granted_at | date-time | ISO 8601 timestamp when this entitlement was originally granted. |
| granted_by_id | uuid | UUID of the Person who approved or provisioned this entitlement. Null when auto-provisioned by a system without human approval. |
| expires_at | date-time | ISO 8601 timestamp when this entitlement is scheduled to expire. Null for non-expiring entitlements (not recommended for privileged access). |
| grant_source | enum | How the entitlement was created. Named grant_source to avoid colliding with the envelope's provenance source field.provisionedinheriteddirect |
| status | string | Current lifecycle status of this entitlement. 'pending_approval' entitlements are not yet active and must not be used for access decisions. |