Skip to main content

Add object

post
/api/pvlt/1.0/data/collections/{collection}/objects

Adds an object to a collection. The request must include all the non-nullable properties, as defined by the collection schema.

When adding an object from an external system that uses UUID IDs, you can include the object ID in the request to set the ID in Vault. For example, "id","463a83d0-a816-4902-abba-2486e0c0a0bb". Vault normalizes the ID to lowercase.

If the object to add is exported from an external system or Vault:

  • set import to true to import values for the built-in properties _creation_time, _modification_time, and _expiration_time.
  • if the data is encrypted, to decrypt the data provide the encryption key in export_key.

The role performing this operation must have both of the following:

  • The CapDataWriter or the CapDataCreator capability.
  • At least one allowing policy and no denying policies for the write operation for each of the collection properties provided in the call.

See identity and access management for more information about how capabilities are used to control access to operations and policies are used to control access to data.

Request

Header parameters

  • X-Tenant-Id - array of strings

    List of tenant IDs to enforce on the request.

Path parameters

  • collection - string required*

    The name of a collection.

Query parameters

  • adhoc_reason - string

    An ad-hoc reason for accessing the Vault data. Required when reason is set to Other.

  • reason - string required*

    Details of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.

  • custom_audit - string

    Custom audit information to be included in the audit log.

  • reload_cache - boolean

    Reloads the cache before the action.

  • expiration_secs - string

    Object expiration time in seconds, cannot be set to 0. If not set, the default value is used. See the PVAULT_EXPIRATION_ASSOCIATED_OBJECTS and PVAULT_EXPIRATION_UNASSOCIATED_OBJECTS environment variables. If set to an empty value, the token will be marked to not expire.

  • import - boolean

    Whether to write built-in property values.

  • export_key - string

    The encrypted copy of the key used to encrypt exported data. The key is encrypted using the export KMS key defined by the PVAULT_KMS_EXPORT_URI or PVAULT_KMS_EXPORT_SEED environment variables. When importing data, the key is decrypted by the KMS, then used to decrypt the data. This parameter is not intended to be used manually, but through the CLI command pvault import.

Request body

The object details.

object required*

A list of maps of object properties and their values.

Example
{
"date_of_birth": "1993-02-22",
"email": "patfar@example.com",
"first_name": "Pat",
"last_name": "Far",
"phone_number": "+11011010101"
}
Example
{
"date_of_birth": "1993-02-22",
"email": "patfar@example.com",
"first_name": "Pat",
"last_name": "Far",
"phone_number": "+11011010101"
}

Possible responses

The request is successful.

object required*
  • id - string required*
Example
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}

Try the API

Authorization

Path parameters

Query parameters

Headers

Request body

Navigate to the docs of your local Vault installation to try the API directly from there.

Code examples

Example