> ## Documentation Index > Fetch the complete documentation index at: https://hoopdev-docs-improve-idp-sso-pages.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Creates a resource > Creates a resource for the organization. ## OpenAPI ````yaml https://use.hoop.dev/api/openapiv3.json post /resources openapi: 3.0.3 info: contact: email: help@hoop.dev name: Help url: https://help.hoop.dev description: >- Hoop.dev is an access gateway for databases and servers with an API for packet manipulation license: name: MIT url: https://opensource.org/license/mit termsOfService: https://hoop.dev/docs/legal/tos title: Hoop Api version: 1.49.10 servers: - url: https://use.hoop.dev/api security: [] tags: - description: > Hoop implements Oauth2 and OIDC protocol to authenticate users in the system. To obtain a valid access token users need to authenticate in their own identity provider which is generated as a JSON response to the endpoint `http(s)://use.hoop.dev/api/login`. The identity provider them redirects the user to the callback endpoint containing the access token. The recommended approach of obtaining an access token is by visiting the Webapp main's page or using the **Hoop command line**. Example: ```sh hoop config create --api-url https://use.hoop.dev # save the token after authenticating at $HOME/.hoop/config.toml hoop login # show token information hoop config view --raw ``` With an access token you could use any HTTP client to interact with the documented endpoints. The token must be sent through the `Authorization` header. Example: ```sh # obtain the current configuration of the server curl https://use.hoop.dev/api/serverinfo -H "Authorization: Bearer $ACCESS_TOKEN" ``` name: Authentication - description: > Users are active and assigned to the default organization when they signup. A user could be set to an inactive state preventing it from accessing the platform, however it’s recommended to manage the state of users in the identity provider. - The `sub` claim is used as the main identifier of the user in the platform. - The profile of the user is derived from the id_token claims `email` and `name`. When a user authenticates for the first time, it performs an automatic signup that persist the profile claims along with it’s unique identifier. ​ ### Groups Groups allows defining who may access or interact with certain resources. - For connection resources it’s possible to define which groups has access to a specific connection, this is enforced when the Access Control feature is enabled. - For review resources, it’s possible to define which groups are allowed to approve an execution, this is enforced when the Review feature is enabled. > This resource could be managed manually via Webapp or propagated by the identity provider via ID Token. In this mode, groups are sync when a user performs a login. ### Roles - The `admin` group is a special role that grants full access to all resources This role should be granted to users that are responsible for managing the Gateway. All other users are regular, meaning that they can access their own resources and interact with connections. name: User Management - description: Routes used to manage and obtain information about the runtime server. name: Server Management - description: Features available in the gateway. See also **Plugin** resources. name: Features - description: >- Proxy manager endpoints controls how clients connect via gRPC in the gateway. These endpoints are meant to be used when a client is initialized via `hoop proxy-manager`. name: Proxy Manager - name: Connections - name: Agents - name: Runbooks - name: Guard Rails - name: Reviews - name: Sessions - name: Organization Management - name: Reports paths: /resources: post: tags: - Resources summary: Creates a resource description: Creates a resource for the organization. requestBody: content: '*/*': schema: $ref: '#/components/schemas/openapi.ResourceRequest' description: The request body resource required: true x-originalParamName: request responses: '201': content: application/json: schema: $ref: '#/components/schemas/openapi.ResourceResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Forbidden '500': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Internal Server Error components: schemas: openapi.ResourceRequest: properties: agent_id: description: The agent associated with this resource example: 1837453e-01fc-46f3-9e4c-dcf22d395393 format: uuid type: string env_vars: additionalProperties: type: string description: The resource environment variables type: object name: description: The resource name example: my-resource type: string roles: description: The roles associated with this resource items: $ref: '#/components/schemas/openapi.ResourceRoleRequest' type: array subtype: description: The resource subtype example: mysql type: string type: description: The resource type example: database type: string required: - env_vars - name - subtype - type type: object openapi.ResourceResponse: properties: agent_id: description: The agent associated with this resource example: 1837453e-01fc-46f3-9e4c-dcf22d395393 format: uuid type: string created_at: description: The time the resource was created example: '2024-07-25T15:56:35.317601Z' readOnly: true type: string env_vars: additionalProperties: type: string description: The resource environment variables type: object id: description: The resource ID example: 15B5A2FD-0706-4A47-B1CF-B93CCFC5B3D7 format: uuid readOnly: true type: string name: description: The resource name example: my-resource type: string subtype: description: The resource subtype example: mysql type: string type: description: The resource type example: database type: string updated_at: description: The time the resource was updated example: '2024-07-25T15:56:35.317601Z' readOnly: true type: string required: - agent_id type: object openapi.HTTPError: properties: message: example: the error description type: string type: object openapi.ResourceRoleRequest: properties: agent_id: description: The agent associated with this connection example: 1837453e-01fc-46f3-9e4c-dcf22d395393 format: uuid type: string command: description: >- Is the shell command that is going to be executed when interacting with this connection. This value is required if the connection is going to be used from the Webapp. example: - /bin/bash items: type: string type: array name: description: Name of the connection. This attribute is immutable when updating it example: pgdemo type: string secret: additionalProperties: {} description: >- Secrets are environment variables that are going to be exposed in the runtime of the connection: * { envvar:[env-key]: [base64-val] } - Expose the value as environment variable * { filesystem:[env-key]: [base64-val] } - Expose the value as a temporary file path creating the value in the filesystem The value could also represent an integration with a external provider: * { envvar:[env-key]: _aws:[secret-name]:[secret-key] } - Obtain the value dynamically in the AWS secrets manager and expose as environment variable * { envvar:[env-key]: _envjson:[json-env-name]:[json-env-key] } - Obtain the value dynamically from a JSON env in the agent runtime. Example: MYENV={"KEY": "val"} type: object subtype: description: |- Sub Type is the underline implementation of the connection: * postgres - Implements Postgres protocol * mysql - Implements MySQL protocol * mongodb - Implements MongoDB Wire Protocol * mssql - Implements Microsoft SQL Server Protocol * oracledb - Implements Oracle Database Protocol * tcp - Forwards a TCP connection * ssh - Forwards a SSH connection * httpproxy - Forwards a HTTP connection * dynamodb - AWS DynamoDB experimental integration * cloudwatch - AWS CloudWatch experimental integration example: postgres type: string type: description: |- Type represents the main type of the connection: * database - Database protocols * application - Custom applications * custom - Shell applications enum: - database - application - custom example: database type: string required: - name - type type: object ````