Source: https://atomicwork-preview.docs-staging.pageloop.ai/api-reference/accessmanagement/postapi-v-1-iga-grants

# Create a grant for a user

POST `https://{tenant}.atomicwork.com/api/v1/iga/grants`

Create an identity grant directly without going through the IGA approval workflow. This is the primary endpoint for programmatic access provisioning — use it when an external system (HRMS, onboarding tool, compliance platform) needs to grant access to a user.

**Required fields:** `user_id` and `entitlement_id`. Call `GET /iga/apps` then `GET /iga/entitlements?app_id=\{id\}` to discover valid entitlement IDs.

**Optional fields:**

- `policy_id` or `policy_key` — link the grant to a specific access policy
- `granted_by` — record which user or system initiated the grant
- `granted_at` — backdate the grant timestamp (ISO 8601); defaults to now

The grant method (how provisioning happens) is automatically derived from the entitlement's provisioning configuration — Okta, Azure AD, JumpCloud, Google Workspace, or manual service request.

Returns the created grant with its `id`, resolved `status`, `entitlement`, `app`, and provisioning details.

## Authorization

#### X-Api-Key (header, string, required)

## Headers

#### X-Workspace-Id (header, string)

## Body

#### user\_id (body, integer, required)

The ID of the user who will receive the grant

#### entitlement\_id (body, integer, required)

The ID of the entitlement to grant

#### policy\_id (body, integer)

Optional policy ID to associate with the grant

#### policy\_key (body, string)

Optional policy key (alternative to policy\_id)

#### granted\_by (body, integer)

Optional user ID of who authorized this grant. Defaults to the API key owner.

#### granted\_at (body, string)

Optional timestamp of when the grant was authorized. Defaults to current time.

## Response

#### 200

Successful response

#### Request

```bash cURL
curl -X POST 'https://{tenant}.atomicwork.com/api/v1/iga/grants' \
  -H 'X-Api-Key: <api-key>' \
  -H 'Content-Type: application/json' \
  -d '{"user_id": 0, "entitlement_id": 0, "policy_id": 0, "policy_key": "string", "granted_by": 0, "granted_at": "date-time"}'
```

```javascript JavaScript
const res = await fetch('https://{tenant}.atomicwork.com/api/v1/iga/grants', {
  method: 'POST',
  headers: {
    'X-Api-Key': '<api-key>',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({"user_id": 0, "entitlement_id": 0, "policy_id": 0, "policy_key": "string", "granted_by": 0, "granted_at": "date-time"}),
});
const data = await res.json();
```

```python Python
import requests

res = requests.post(
    'https://{tenant}.atomicwork.com/api/v1/iga/grants',
    headers={'X-Api-Key': '<api-key>'},
    json={"user_id": 0, "entitlement_id": 0, "policy_id": 0, "policy_key": "string", "granted_by": 0, "granted_at": "date-time"}
)
data = res.json()
```
