Organizations are the top-level administrative unit in Spiral. They are used to configure single sign-on, billing, audit logging, and other settings that apply to all users within the organization.
Since resources belong to projects, and all projects must belong to an organization, each user must be a member of at least one organization in order to use Spiral.
| name | string Optional human-readable name for the organization |
{- "name": "string"
}{- "org": {
- "id": "string",
- "name": "string"
}
}Lists all organizations that the user belongs to, paginated. The user must be a member of at least one organization in order to use Spiral.
The user can be logged in to an exactly one organization at a time. Unlike this one, other organization APIs will operate on the currently logged in organization.
| page_token | string Token for pagination |
| page_size | integer <int32> Number of items per page |
{- "items": [
- {
- "user_id": "string",
- "org": {
- "id": "string",
- "name": "string"
}, - "role": "string"
}
], - "next_page_token": "string"
}| email required | string <email> |
| role required | string (OrganizationRole) Enum: "owner" "member" "guest" |
| expires_in_days | integer Default: 7 |
{- "email": "user@example.com",
- "role": "owner",
- "expires_in_days": 7
}{- "invite_id": "string"
}An organization owner can use this link to access the organization configuration portal.
The organization configuration portal is used to configure single sign-on, billing, audit logging, and other settings that apply to all users within the organization.
| intent required | string (PortalLinkIntent) Enum: "sso" "directory-sync" "audit-logs" "log-streams" "domain-verification" |
{- "intent": "sso"
}{- "url": "string"
}In Spiral, projects are the fundamental unit for structuring resources, access controls, and usage tracking.
The project will be created in the currently logged in organization.
| id_prefix | string Optional prefix for a random project ID, e.g. Project IDs are globally unique and discoverable. Do not include sensitive information in the prefix. |
| name | string Optional human-readable name for the project. Unlike project ID, name is only discoverable by the people within the same organization. |
{- "id_prefix": "string",
- "name": "string"
}{- "project": {
- "id": "string",
- "org_id": "string",
- "name": "string"
}
}Lists all projects in the currently logged in organization, paginated. Lists projects visible to the currently logged in user.
| page_token | string Token for pagination |
| page_size | integer <int32> Number of items per page |
{- "items": [
- {
- "id": "string",
- "org_id": "string",
- "name": "string"
}
], - "next_page_token": "string"
}| project_id required | string Unique identifier for a project |
| role_id required | string (RoleId) Unique identifier for a project role. |
required | Organization Role Principal Conditions (object) or Organization User Principal Conditions (object) or Workload Principal Conditions (object) or GitHub Principal Conditions (object) or Modal Principal Conditions (object) or GCP Principal Conditions (object) (PrincipalConditions) |
{- "role_id": "string",
- "principal": {
- "type": "org_role",
- "org_id": "string",
- "role": "owner"
}
}{- "grant": {
- "id": "string",
- "project_id": "string",
- "role_id": "string",
- "principal": "string",
- "conditions": {
- "property1": "string",
- "property2": "string"
}
}
}| project_id required | string Unique identifier for a project |
| page_token | string Token for pagination |
| page_size | integer <int32> Number of items per page |
| principal | string Identifier for a unit of access control. Project roles are granted to principals. A token, e.g. user token, can "include" multiple principals. |
{- "items": [
- {
- "id": "string",
- "project_id": "string",
- "role_id": "string",
- "principal": "string",
- "conditions": {
- "property1": "string",
- "property2": "string"
}
}
], - "next_page_token": "string"
}| grant_id required | string Unique identifier for a grant |
{- "id": "string",
- "project_id": "string",
- "role_id": "string",
- "principal": "string",
- "conditions": {
- "property1": "string",
- "property2": "string"
}
}Builtin providers are preconfigured and managed by Spiral. Resources that require access to a file system can use builtin providers to access the underlying object storage.
{- "providers": [
- "string"
]
}Update the default file system for a project. This operation will replace the existing file system with the new one. It is only possible to update the file system if there are no mounts associated with the current file system. File system can be updated to one of the builtin file systems or an external, e.g. your own S3 bucket.
| project_id required | string Unique identifier for a project |
required | object or object or object or object (FileSystem) |
object or object (FileSystemCredentials) |
{- "file_system": {
- "type": "builtin",
- "provider": "string"
}, - "credentials": {
- "type": "gcp-service-account",
- "service_account": "pa$$word"
}
}{- "file_system": {
- "type": "builtin",
- "provider": "string"
}
}Spiral File Systems provide a means to securely federate and accelerate access to underlying object storage. File Systems are scoped to a project. However, unlike many other resource types, each project may only have a single file system, called default file system. Project resources that require access to a file system will use the default file system, unless otherwise specified on resource creation—different different resources have different API for specifying file system. Note that a project always has a default file system—if it is not explicitly set, a default builtin provider is used.
| project_id required | string Unique identifier for a project |
{- "type": "builtin",
- "provider": "string"
}Mount grants permission to use a specific path within the file system to a Spiral resource. When resources that require a file system are created they configure a mount against a file system. This means human users cannot currently read or write to a Spiral File System.
| project_id required | string Unique identifier for a project |
| directory required | string (DirectoryPath) ^/(?!.*//)[^/].*/(?!/$)$ A path that is a directory. Must start and end with a slash. |
| mode required | string (Mode) Enum: "ro" "rw" Access mode for a mount. |
| principal required | string |
{- "directory": "string",
- "mode": "ro",
- "principal": "string"
}{- "mount": {
- "id": "string",
- "project_id": "string",
- "directory": "string",
- "mode": "ro",
- "principal": "string"
}
}Lists all mounts for a project's file system, paginated. Access to Spiral File Systems is limited to Spiral resources themselves. Note that file systems can only be reconfigured when they have zero mounts.
| project_id required | string Unique identifier for a project |
| page_token | string Token for pagination |
| page_size | integer <int32> Number of items per page |
{- "items": [
- {
- "id": "string",
- "project_id": "string",
- "directory": "string",
- "mode": "ro",
- "principal": "string"
}
], - "next_page_token": "string"
}Create an SPFS token for a given mount.
Token is used to authenticate with the Spiral File System. SPFS tokens are short-lived and scoped to a mount path within the file system.
| mount_id required | string Unique identifier for a mount |
| mode required | string (Mode) Enum: "ro" "rw" Access mode for a mount. |
required | FilePath (string) or DirectoryPath (string) Issues a mount token scoped to this path within the mount. In case of a file path, the token is only valid of spfsm:// |
{- "mode": "ro",
- "path": "string"
}{- "token": "string"
}Workloads are typically long-running services that need to access Spiral resources, yet cannot be authenticated using OIDC.
Workloads are principals and therefore can be granted roles in the same way as users.
| project_id required | string Unique identifier for a project |
| name | string Optional human-readable name for the workload |
{- "name": "string"
}{- "workload": {
- "id": "string",
- "project_id": "string",
- "name": "string"
}
}| project_id required | string Unique identifier for a project |
| page_token | string Token for pagination |
| page_size | integer <int32> Number of items per page |
{- "items": [
- {
- "id": "string",
- "project_id": "string",
- "name": "string"
}
], - "next_page_token": "string"
}Create workload credentials. Only the three most recent credentials are active at any given time.
Credentials can be exchanged for an access token using the OAuth2 token endpoint.
| workload_id required | string Unique identifier for a workload |
null{- "client_id": "string",
- "client_secret": "pa$$word",
- "revoked_client_id": "string"
}Create a new table.
| project_id required | string Unique identifier for a project |
| dataset required | string (DatasetName) Unique identifier for a dataset. |
| table required | string (TableName) Human-readable name for a table. |
| key_schema required | string Base64 encoded Arrow IPC Schema of the keys of this table. |
| root_uri | string The location where this table's data and metadata files are stored. If unspecified, the server will generate a fresh location in the Spiral File System. |
| exist_ok required | boolean If false, an error occurs if a table with the specified name already exists in the specified dataset. |
{- "dataset": "string",
- "table": "string",
- "key_schema": "string",
- "root_uri": "string",
- "exist_ok": true
}{- "table": {
- "id": "string",
- "project_id": "string",
- "dataset": "string",
- "table": "string",
- "root_uri": "string",
- "key_schema": "string"
}
}List all tables in the project.
| project_id required | string Unique identifier for a project |
| page_token | string Token for pagination |
| page_size | integer <int32> Number of items per page |
| dataset | string Name of the dataset to filter by |
| table | string Name of the table to filter by |
{- "items": [
- {
- "id": "string",
- "project_id": "string",
- "dataset": "string",
- "table": "string",
- "root_uri": "string",
- "key_schema": "string"
}
], - "next_page_token": "string"
}| table_id required | string Unique identifier for a table |
| file_type required | string (FileType) Enum: "fragment_file" "fragment_manifest" "reference_file" The type of table files. Fragment files contain data rows. Fragment manifest files contain lists of data files that comprise a snapshot of the table. Reference files contain out-of-band data referenced by fragment files. |
| file_format required | string (FileFormat) Enum: "pq" "pb" "bina" "vtx" A file format:
|
{- "file_type": "fragment_file",
- "file_format": "pq"
}{- "id": "string",
- "handle": {
- "uri": "string",
- "file_format": "pq",
- "spfs_token": "string"
}
}Exchange client credentials, authorization codes, or refresh tokens for access tokens.
| grant_type required | string |
| client_id required | string |
| client_secret required | string <password> |
{- "grant_type": "client_credentials",
- "client_id": "string",
- "client_secret": "pa$$word"
}{- "access_token": "string",
- "token_type": "bearer",
- "expires_in": 0,
- "refresh_token": "pa$$word"
}