# FloQast External API The FloQast v2 External API provides programmatic access to core platform resources including users, roles, entities, GL groups, and workflows. Version: 2.0.0 License: Proprietary ## Servers US Region ``` https://apix.floqast.app/v2/ ``` EU Region ``` https://apix.eu.floqast.app/v2/ ``` AU Region ``` https://apix.au.floqast.app/v2/ ``` ## Security ### ApiKeyAuth API key for server-to-server access. Use `x-api-key: sk_live_...` header. Type: apiKey In: header Name: x-api-key ## Download OpenAPI description [FloQast External API](https://developer.floqast.app/_bundle/api-reference/@v2/openapi.yaml) ## Users User lifecycle management — list and retrieve users within a tenant. ### List users - [GET /core/users](https://developer.floqast.app/api-reference/openapi/users/listusers.md): Returns a paginated list of users in the authenticated tenant. ### Get a user - [GET /core/users/{id}](https://developer.floqast.app/api-reference/openapi/users/getuser.md): Retrieves a single user's full profile by their unique identifier. The user must belong to the authenticated tenant. ## Roles Role management — list roles, retrieve details, and query permissions and policy groups. ### List roles - [GET /core/roles](https://developer.floqast.app/api-reference/openapi/roles/listroles.md): Returns a paginated list of roles in the authenticated tenant. Use filter parameters to refine results by role type. ### Get a role - [GET /core/roles/{roleId}](https://developer.floqast.app/api-reference/openapi/roles/getrole.md): Retrieves a single role by its unique identifier. The role must belong to the authenticated tenant. ### List permission groups for a customized role - [GET /core/roles/{roleId}/permissions](https://developer.floqast.app/api-reference/openapi/roles/listrolepermissions.md): Returns the permission groups associated with a customized role. Each group contains permission controls with policy group IDs that can be used to customize the role. Required for permission matrix UI. This endpoint only works with customized roles (type=CUSTOMIZED). Attempting to use this endpoint with a default role (type=DEFAULT) will return a 400 Bad Request error. ### Get policy group delta for a customized role - [GET /core/roles/{roleId}/policy-groups](https://developer.floqast.app/api-reference/openapi/roles/getrolepolicygroups.md): Returns added/removed policy group IDs (delta from base role). This is NOT a resolved effective permission set. Use this for read→modify→write workflows: (1) GET this endpoint to read current delta, (2) modify the arrays locally, (3) PUT /roles/{roleId} to save changes. The arrays are functionally distinct: addedPolicyGroups grants permissions above base role; removedPolicyGroups restricts permissions below base role. This endpoint only works with customized roles (type=CUSTOMIZED). Attempting to use this endpoint with a default role (type=DEFAULT) will return a 400 Bad Request error. ## Entities Entity lifecycle management — list and retrieve entities within a tenant. ### List entities - [GET /core/entities](https://developer.floqast.app/api-reference/openapi/entities/listentities.md): Returns a paginated list of entities in the authenticated tenant. Supports filtering by name and sorting. ### Get a single entity - [GET /core/entities/{id}](https://developer.floqast.app/api-reference/openapi/entities/getentity.md): Returns a single entity by ID. Returns 404 if the entity does not exist or the caller does not have access to it. ## GL Groups GL group management — list GL groups (multi-ERP groupings) within a tenant. ### List GL groups - [GET /core/gl-groups](https://developer.floqast.app/api-reference/openapi/gl-groups/listglgroups.md): Returns a list of GL groups for the authenticated tenant. GL groups aggregate entities that share a GL provider configuration. ## Workflows Manage workflow containers and their workspace associations. ### List workflows - [GET /core/workflows](https://developer.floqast.app/api-reference/openapi/workflows/listworkflows.md): Returns a paginated list of workflows for the authenticated tenant. Supports offset-based pagination, sign-prefix sorting, and bracket-syntax filtering. Entity name enrichment: Each workflow includes an entities field. Depending on your account configuration, each entity may include a name alongside id; otherwise only id is returned. ### Create a workflow - [POST /core/workflows](https://developer.floqast.app/api-reference/openapi/workflows/createworkflow.md): Creates a new workflow for the authenticated tenant. Name rules: - Required, non-empty after trimming whitespace. - Maximum 32 grapheme clusters (not bytes or code points). - Must match the pattern ^[\p{L}\p{N}\p{P}\p{Z}]+$ — Unicode letters, numbers, punctuation, and spaces only. - Must be unique across all existing workflows for the tenant (case-sensitive, trimmed). Type rules: - Only user-creatable types are accepted: CLOSE, FP_AND_A, JEMOPS, OPERATIONS, PAYROLL_PROCESSING, REPORTING_MANAGEMENT, SEC_REPORTING, SOX. - COMPLIANCE_MANAGEMENT, CONSOLIDATION, and PROJECTS are system-managed types provisioned automatically by the platform — passing these types returns 400. - JEMOPS and REPORTING_MANAGEMENT are module-gated — meaningful only for tenants with the corresponding modules enabled. Returns the full created workflow resource. ### Get a workflow - [GET /core/workflows/{workflowId}](https://developer.floqast.app/api-reference/openapi/workflows/getworkflow.md): Returns a single workflow by ID. Returns 404 if the workflow does not exist or is not accessible to the authenticated tenant. Entity name enrichment: Depending on your account configuration, each item in entities may include a name alongside id; otherwise only id is returned. ### Update a workflow - [PATCH /core/workflows/{workflowId}](https://developer.floqast.app/api-reference/openapi/workflows/updateworkflow.md): Partially updates a workflow using JSON Merge Patch (RFC 7396). At least one of name or isActive must be provided. Name rules (when provided): - Non-empty after trimming whitespace. - Maximum 32 grapheme clusters. - Must match the pattern ^[\p{L}\p{N}\p{P}\p{Z}]+$. - Must be unique across all other workflows for the tenant. Deactivation rules: - Workflows of type COMPLIANCE_MANAGEMENT, PROJECTS, or CONSOLIDATION cannot be deactivated. Attempting to set isActive: false on these types returns 403 with code=workflow_type_cannot_be_deactivated. Returns the full updated workflow resource. ### Bulk-assign entities to a workflow - [POST /core/workflows/{workflowId}/bulk-assign](https://developer.floqast.app/api-reference/openapi/workflows/bulkassignentities.md): Reassigns one or more entities to the target workflow identified by workflowId. Entity records are also updated to reflect the new workflow assignment. entityIds must contain between 1 and 1000 IDs. Validation: - The target workflow must exist for the authenticated tenant. - All supplied entity IDs must be accessible to the authenticated user. - Reassigning to an inactive workflow is subject to additional validation. This is an action endpoint with side effects; it is POST (not PATCH) per FloQast API conventions.