Terraform Enterprise Settings API
Terraform Enterprise feature: The admin API is exclusive to Terraform Enterprise, and can only be used by the admins and operators who install and maintain their organization's Terraform Enterprise instance.
These API endpoints are available in Terraform Enterprise as of version 201807-1.
List General Settings
GET /api/v2/admin/general-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "general-settings" ) | Successfully listed General settings |
404 | JSON API error object | User unauthorized to perform action |
Sample Request
Sample Response
Update General Settings
PATCH /api/v2/admin/general-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "general-settings" ) | Successfully updated the General settings |
404 | JSON API error object | User unauthorized to perform action |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
Key path | Type | Default | Description |
---|---|---|---|
data.attributes.allow-speculative-plans-on-pull-requests-from-forks | bool | false | When set to false , speculative plans are not run on pull requests from forks of a repository. This setting is available in Terraform Enterprise versions v202005-1 or later. It is currently supported for the following VCS providers: GitHub.com, GitHub.com (OAuth), GitHub Enterprise, Bitbucket Cloud, Azure DevOps Server, Azure DevOps Services. To learn more about this setting, refer to the documentation |
data.attributes.api-rate-limit | integer | 30 | The number of allowable API requests per second for any client. This value cannot be less than 30. To learn more about API Rate Limiting, refer to the rate limiting documentation |
data.attributes.api-rate-limiting-enabled | bool | true | Whether or not rate limiting is enabled for API requests. To learn more about API Rate Limiting, refer to the rate limiting documentation |
data.attributes.default-remote-state-access | bool | true | Determines the default value for the global-remote-state attribute on new workspaces. For more details, refer to Administration: General Settings and Workspaces API: Create a Workspace. |
data.attributes.limit-user-organization-creation | bool | true | When set to true , limits the ability to create organizations to users with the site-admin permission only. |
data.attributes.send-passing-statuses-for-untriggered-speculative-plans | bool | false | When set to true , workspaces automatically send passing commit statuses for any pull requests that don't affect their tracked files. |
Sample Payload
Sample Request
Sample Response
List Cost Estimation Settings
GET /api/v2/admin/cost-estimation-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "cost-estimation-settings" ) | Successfully listed Cost Estimation settings |
404 | JSON API error object | User unauthorized to perform action |
Sample Request
Sample Response
Update Cost Estimation Settings
PATCH /api/v2/admin/cost-estimation-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "cost-estimation-settings" ) | Successfully updated Cost Estimation settings |
404 | JSON API error object | User unauthorized to perform action |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
If data.attributes.enabled
is set to true
, there must be at least one set of credentials populated with valid values. For example, either both aws-access-key-id
and aws-secret-key
must be set, or gcp-credentials
must be set.
See SAML Configuration for more details on attribute values.
Key path | Type | Default | Description |
---|---|---|---|
data.attributes.enabled | bool | false | Allows organizations to opt-in to the Cost Estimation feature. |
data.attributes.aws-access-key-id | string | An AWS Access Key ID that the Cost Estimation feature will use to authorize to AWS's Pricing API. | |
data.attributes.aws-secret-key | string | An AWS Secret Key that the Cost Estimation feature will use to authorize to AWS's Pricing API. | |
data.attributes.gcp-credentials | string | A JSON string containing GCP credentials that the Cost Estimation feature will use to authorize to the Google Cloud Platform's Pricing API. This must be the contents of a valid JSON key that is downloaded when creating a Service Account in GCP. | |
data.attributes.azure-client-id | string | An Azure Client ID that the Cost Estimation feature will use to authorize to Azure's RateCard API. | |
data.attributes.azure-client-secret | string | An Azure Client Secret that the Cost Estimation feature will use to authorize to Azure's RateCard API. | |
data.attributes.azure-subscription-id | string | An Azure Subscription ID that the Cost Estimation feature will use to authorize to Azure's RateCard API. | |
data.attributes.azure-tenant-id | string | An Azure Tenant ID that the Cost Estimation feature will use to authorize to Azure's RateCard API. |
Sample Request
Sample Response
List SAML Settings
GET /api/v2/admin/saml-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "saml-settings" ) | Successfully listed SAML settings |
404 | JSON API error object | User unauthorized to perform action |
Sample Request
Sample Response
Update SAML Settings
PATCH /api/v2/admin/saml-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "saml-settings" ) | Successfully updated SAML settings |
404 | JSON API error object | User unauthorized to perform action |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
If data.attributes.enabled
is set to true
, all remaining attributes must have valid values. You can omit attributes if they have a default value, or if a value was set by a previous update. Omitted attributes keep their previous values.
See SAML Configuration for more details on attribute values.
Key path | Type | Default | Description |
---|---|---|---|
data.attributes.enabled | bool | false | Allows SAML to be used. If true, all remaining attributes must have valid values. |
data.attributes.debug | bool | false | Enables a SAML debug dialog that allows an admin to see the SAMLResponse XML and processed values during login. |
data.attributes.idp-cert | string | Identity Provider Certificate specifies the PEM encoded X.509 Certificate as provided by the IdP configuration. | |
data.attributes.slo-endpoint-url | string | Single Log Out URL specifies the HTTPS endpoint on your IdP for single logout requests. This value is provided by the IdP configuration. | |
data.attributes.sso-endpoint-url | string | Single Sign On URL specifies the HTTPS endpoint on your IdP for single sign-on requests. This value is provided by the IdP configuration. | |
data.attributes.attr-username | string | "Username" | Username Attribute Name specifies the name of the SAML attribute that determines the user's username. |
data.attributes.attr-groups | string | "MemberOf" | Team Attribute Name specifies the name of the SAML attribute that determines team membership. |
data.attributes.attr-site-admin | string | "SiteAdmin" | Specifies the role for site admin access. Overrides the "Site Admin Role" method. |
data.attributes.site-admin-role | string | "site-admins" | Specifies the role for site admin access, provided in the list of roles sent in the Team Attribute Name attribute. |
data.attributes.sso-api-token-session-timeout | integer | 1209600 | Specifies the Single Sign On session timeout in seconds. Defaults to 14 days. |
Sample Request
Sample Response
Revoke previous SAML IdP Certificate
POST /api/v2/admin/saml-settings/actions/revoke-old-certificate
When reconfiguring the IdP certificate, Terraform Enterprise will retain the old IdP certificate to allow for a rotation period. This PUT endpoint will revoke the older IdP certificate when the new IdP certificate is known to be functioning correctly.
See SAML Configuration for more details.
Sample Request
Sample Response
List SMTP Settings
GET /api/v2/admin/smtp-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "smtp-settings" ) | Successfully listed SMTP settings |
404 | JSON API error object | User unauthorized to perform action |
Sample Request
Sample Response
Update SMTP Settings
PATCH /api/v2/admin/smtp-settings
When a request to this endpoint is submitted, a test message will be sent to the specified test-email-address
. If the test message delivery fails, the API will return an error code indicating the reason for the failure.
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "smtp-settings" ) | Successfully updated the SMTP settings |
401 | JSON API error object | SMTP user credentials are invalid |
404 | JSON API error object | User unauthorized to perform action |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
500 | JSON API error object | SMTP server returned a server error |
504 | JSON API error object | SMTP server timed out |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
If data.attributes.enabled
is set to true
, all remaining attributes must have valid values. You can omit attributes if they have a default value, or if a value was set by a previous update. Omitted attributes keep their previous values.
Key path | Type | Default | Description |
---|---|---|---|
data.attributes.enabled | bool | false | Allows SMTP to be used. If true, all remaining attributes must have valid values. |
data.attributes.host | string | The host address of the SMTP server. | |
data.attributes.port | integer | The port of the SMTP server. | |
data.attributes.sender | string | The desired sender address. | |
data.attributes.auth | string | "none" | The authentication type. Valid values are "none" , "plain" , and "login" . |
data.attributes.username | string | The username used to authenticate to the SMTP server. Only required if data.attributes.auth is set to "login" or "plain" . | |
data.attributes.password | string | The username used to authenticate to the SMTP server. Only required if data.attributes.auth is set to "login" or "plain" . | |
data.attributes.test-email-address | string | The email address to send a test message to. Not persisted and only used during testing. |
Sample Payload
Sample Request
Sample Response
List Twilio Settings
GET /api/v2/admin/twilio-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "twilio-settings" ) | Successfully listed Twilio settings |
404 | JSON API error object | User unauthorized to perform action |
Sample Request
Sample Response
Update Twilio Settings
PATCH /api/v2/admin/twilio-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "twilio-settings" ) | Successfully listed Twilio settings |
404 | JSON API error object | User unauthorized to perform action |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
If data.attributes.enabled
is set to true
, all remaining attributes must have valid values. You can omit attributes if they have a default value, or if a value was set by a previous update. Omitted attributes keep their previous values.
Key path | Type | Default | Description |
---|---|---|---|
data.attributes.enabled | bool | false | Allows Twilio to be used. If true, all remaining attributes must have valid values. |
data.attributes.account-sid | string | The Twilio account id. | |
data.attributes.auth-token | string | The Twilio authentication token. | |
data.attributes.from-number | string | The Twilio registered phone number that will be used to send the message. |
Sample Request
Sample Response
Verify Twilio Settings
POST /api/v2/admin/twilio-settings/verify
Uses the test-number
attribute to send a test SMS when Twilio is enabled.
Status | Response | Reason |
---|---|---|
200 | none | Twilio test message sent successfully |
400 | JSON API error object | Verification settings invalid (missing test number, Twilio disabled, etc.) |
404 | JSON API error object | User unauthorized to perform action |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Key path | Type | Default | Description |
---|---|---|---|
data.attributes.test-number | string | The target phone number for the test SMS. Not persisted and only used during testing. |
Sample Request
List Customization Settings
GET /api/v2/admin/customization-settings
This API endpoint is available in Terraform Enterprise as of version 202003-1.
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "customization-settings" ) | Successfully listed Customization settings |
404 | JSON API error object | User unauthorized to perform action |
Sample Request
Sample Response
Update Customization Settings
PATCH /api/v2/admin/customization-settings
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "customization-settings" ) | Successfully updated the Customization settings |
404 | JSON API error object | User unauthorized to perform action |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
Key path | Type | Default | Description |
---|---|---|---|
data.attributes.support-email-address | string | "support@hashicorp.com" | The support address for outgoing emails. |
data.attributes.login-help | string | "" | The login help text presented to users on the login page. |
data.attributes.footer | string | "" | Custom footer content that is added to the application. |
data.attributes.error | string | "" | Error instruction content that is presented to users upon unexpected errors. |
data.attributes.new-user | string | "" | New user instructions that is presented when the user is not yet attached to an organization. |
Sample Payload
Sample Request
Sample Response