Project-based Tags

The Aurora API allows you to tag projects. You can use the tags to scope a restricted key's access to certain resources.

To create a project with tags, simply include the tags field in the request body of a Create Project or Update Project call while using a standard key, with any tags you'd like to add:

"project": {
  "tags": ["my_tag", "my_other_tag"]

Scoping Tagged Resources

Your tenant admin can limit the resources that a restricted key has access to. For example, you can allow a restricted key to only List or Retrieve projects with the tag "my_tag".

When creating a restricted key, enable any endpoints which you would like the key to have access to. For endpoints which support tagged access, you can optionally include any tags as a comma separated list. Not including tags will allow access to all resources for that endpoint. Endpoints that support tagged access are:

List ProjectsList DesignList Design Assets
Retrieve ProjectCreate DesignRetrieve Design Asset
Create ProjectDuplicate Design
Update ProjectRetrieve Design Summary
Delete ProjectRetrieve Roof Summary
Retrieve Web Proposal
Generate Web Proposal

Tag Inheritance

Tags defined on a project are inherited by design and asset resources that are created inside the project. To take advantage of an inherited tag, you will need to include the project's tag on each of the endpoints that you wish to scope down.

A Concrete Example

Take a Restricted Key named Key A with the following properties:

  • List Projects: "tag_a"
  • Retrieve Projects: "tag_a"
  • Retrieve Roof Summary: "tag_a"
  • List Assets: "tag_a
  • Retrieve Asset: "tag_a"

And a Restricted Key named Key B with the following properties

  • List Projects: "tag_b"
  • Retrieve Projects: "tag_b"

Then, when creating projects via API with your Standard Key , the following scenarios exist:

  • Create with "tags": ["tag_a"] -> only Key A will be able to see this project, and view the roof summary or assets of it.
  • Create with "tags": ["tag_b"]-> only Key B will be able to see this project. However it won't be able to retrieve assets because those endpoints were not added to the key.
  • Create with "tags": ["tag_a", "tag_b"] -> Both Key A and Key B will be able to see this project, but only Key A will be able to view the roof summary or assets of it.

This allows for fine grained access of your Aurora resources, both by API endpoint and by project.