Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Timers Transfer Globus Connect Server Compute Helper Pages
  • Applications
    Globus Connect Personal Globus Connect Server Premium Storage Connectors Compute Command Line Interface Python SDK JavaScript SDK
  • Guides
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Globus Connect Server Manager API
  5. Collections

Collections

Collections

The collection management API allows globus users to manage guest collections and administrators to manage mapped collections.

A mapped collection is a collection that maps the Globus Auth identity of the user accessing the collection to a local account in the Storage Gateway’s user space. Mapped collections can only be created by those with an administrator role on the Endpoint.

A guest collection is a collection that uses the collection creator’s credentials to access the Storage Gateway data interface. Permissions may be added to a Guest Collection by using the Globus Transfer API.

Operations on Mapped Collections require an administrator role.

Collections Overview

Method API Path Description

POST

/​api/​collections/​batch_delete

Delete multiple guest collections

GET

/​api/​collections/​check

Check the collections on this endpoint

GET

/​api/​collections

List the collections on this endpoint

POST

/​api/​collections

Create a collection

PUT

/​api/​collections/​{collection_id}/​subscription_admin_verified

Set the subscription_admin_verified property for a collection

PUT

/​api/​collections/​{collection_id}/​owner_string

Set advertised owner of collection

DELETE

/​api/​collections/​{collection_id}/​owner_string

Reset advertised owner of collection

GET

/​api/​collections/​{collection_id}/​check

Check a collection for configuration problems

PUT

/​api/​collections/​{collection_id}/​owner

Set collection owner

GET

/​api/​collections/​{collection_id}

Get information about a collection

PATCH

/​api/​collections/​{collection_id}

Update a collection

PUT

/​api/​collections/​{collection_id}

Update a collection

DELETE

/​api/​collections/​{collection_id}

Delete a collection

Details

Delete multiple guest collections

POST /api/collections/batch_delete

Initiate the deletion of multiple guest collections. The input document contains a list of the IDs of collections to delete.

If any of the collections have collection_type of "mapped", then this operation returns an error indicating which ones were not valid or this operation.

If any of the collections do not exist or are already deleted, then they are silently ignored.

Deletion does not happen immediately; it is handled in the background by the GCS Manager Assistant process.

On success, this operation returns a message body containing the list of collections from the input that this GCS manager node will delete.

Authorization

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Request body

Content-Type: application/json

The Batch data type is used to specify multiple objects to operate on via a single REST API call.

Name

Type

Description

DATA_TYPE

string batch#1.0.0

Type of this document

ids

array of string <uuid>

List of object IDs to operate on

Example
{
  "DATA_TYPE": "batch#1.0.0",
  "ids": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

Responses

202 - Delete multiple collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "batch#1.0.0",
      "ids": [
        "497f6eca-6276-4993-bfeb-53cbbbba6f08"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

One of the following schemas:

Name

Type

Description

code

string permission_denied

http_response_code

any type 403

detail

string or MissingRequiredRole

Name

Type

Description

code

string permission_denied

http_response_code

any type 403

detail

string or Batch

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Check the collections on this endpoint

GET /api/collections/check

Authorization

  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:{collection_id}

    • collection:activity_manager:{collection_id}

    • collection:activity_monitor:{collection_id}

    • collection:access_manager:{collection_id}

    • collection:administrator:{mapped_collection_id}

    • collection:activity_manager:{mapped_collection_id}

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Query Parameters

Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

filter

array of string ^\s*(mapped_collections|guest_collections|managed_by_me|created_by_me|created_at\s*([<>]=?|=)\s*(\d{4}-\d{2}-\d{2})|last_access\s*([<>]=?|=)\s*(\d{4}-\d{2}-\d{2}))\s*$

Filter to apply to the return set

storage_gateway_id

string <uuid>

Filter collections which were created using this storage_gateway_id

mapped_collection_id

string <uuid>

Filter collections which were created using this mapped_collection_id

Responses

200 - Check collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "check_result#1.0.0",
      "error": {},
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "message": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Details

List the collections on this endpoint

GET /api/collections

This operation requires either the endpoint to have the public property set to true or the caller to have a role that allows viewing this Collection.

The result of this can be limited by using the filter query parameter to choose which of the visible collections to return. This is a comma-separated list of filters to apply to the result set:

mapped_collections
Only collections with collection_type equal to mapped.
guest_collections
Only collections with collection_type equal to guest.
managed_by_me
Only collections where one of caller's identities (either directly or via a group role assignment) is granted a role on the collection.
created_by_me
Only collections where one of the caller's identities matches the `identity_id` property of the collection.
last_access < YYYY-MM-DD
last_access <= YYYY-MM-DD
last_access <= YYYY-MM-DD
last_access = YYYY-MM-DD
last_access >= YYYY-MM-DD
last_access < YYYY-MM-DD
Only collections accessed before or after the given date
created_at < YYYY-MM-DD
created_at <= YYYY-MM-DD
created_at <= YYYY-MM-DD
created_at = YYYY-MM-DD
created_at >= YYYY-MM-DD
created_at < YYYY-MM-DD
Only collections created before or after the given date

The result can also be limited by including the mapped_collection_id query parameter. This limits the response to guest collections which have been created using the specified mapped collection.

Normally, only public collection configuration policy data is included in the response. If the query parameter include=private_policies is passed to this API, and the caller has an administrator role on this collection, the response will include all private policies for the collection as well.

Authorization

  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:{collection_id}

    • collection:activity_manager:{collection_id}

    • collection:activity_monitor:{collection_id}

    • collection:access_manager:{collection_id}

    • collection:administrator:{mapped_collection_id}

    • collection:activity_manager:{mapped_collection_id}

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Query Parameters

Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

include

array of string private_policies

Document values to include

filter

array of string ^\s*(mapped_collections|guest_collections|managed_by_me|created_by_me|created_at\s*([<>]=?|=)\s*(\d{4}-\d{2}-\d{2})|last_access\s*([<>]=?|=)\s*(\d{4}-\d{2}-\d{2}))\s*$

Filter to apply to the return set

storage_gateway_id

string <uuid>

Filter collections which were created using this storage_gateway_id

mapped_collection_id

string <uuid>

Filter collections which were created using this mapped_collection_id

Responses

200 - List collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Create a collection

POST /api/collections

This is used to create either a mapped or a guest collection. When created, a "collection:administrator" role for that collection will be created using the caller’s identity.

The collection is assigned a unique DNS name. For guest collections, this DNS name begins with "g-". By default, for mapped collections this name begins with "m-", but a user with an "endpoint:administrator" role may assign a custom domain name for a mapped collection.

In order to create a guest collection, the caller must have an identity that matches the Storage Gateway policies.

In order to create a mapped collection, the caller must have an "endpoint:administrator" or "endpoint:owner" role.

Authorization

  • RoleAuthorizer:

    • endpoint:administrator

    • endpoint:owner

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Request body

Content-Type: application/json

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Version 1.15.0 adds the associated_flow_policy property to the collection.

One of the following schemas:

  • Collection_1_0_0

  • Collection_1_1_0

  • Collection_1_2_0

Name

Type

Description

DATA_TYPE

string collection#1.3.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.4.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.5.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.6.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.7.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.8.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.9.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.10.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA mapped collections and used by the guest collections attached to it. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.11.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.12.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.13.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.14.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.15.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

associated_flow_policy

null or FlowAssociation

Policy describing Globus flows to run when the collection is accessed.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

​

Example
{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

Responses

201 - Create collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
409 - Conflict
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Set the subscription_admin_verified property for a collection

PUT /api/collections/{collection_id}/subscription_admin_verified

Set the subscription_admin_verified property of the collection. This only be invoked if the endpoint is associated with a subscription and the caller is a subscription administrator for that subscription.

Path parameters

▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body

Content-Type: application/json

Subscription Admin Verified

Name

Type

Description

DATA_TYPE

string subscription_admin_verified#1.0.0

Type of this document

subscription_admin_verified

boolean

Value of the subscription_admin_verified property of a collection. This can be set or cleared by a subscription group administrator.

Example
{
  "DATA_TYPE": "subscription_admin_verified#1.0.0",
  "subscription_admin_verified": true
}

Responses

200 - Set collection subscription admin verified response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Details

Set advertised owner of collection

PUT /api/collections/{collection_id}/owner_string

Update the advertised owner string of the collection

Modify the collection’s advertised owner to match the username of one of the caller’s linked identities. The identity must have an administrator role on the collection.

Authorization

  • RoleAuthorizer:

    • endpoint:owner

    • collection:administrator:{collection_id}

Path parameters

▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body

Content-Type: application/json

Owner string document

Name

Type

Description

DATA_TYPE

string owner_string#1.0.0

Type of this document

identity_id

string <uuid>

Globus Auth Identity id

Example
{
  "DATA_TYPE": "owner_string#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

Responses

200 - Set collection owner string response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Reset advertised owner of collection

DELETE /api/collections/{collection_id}/owner_string

Reset the advertised owner string of the collection to the endpoint’s client_id.

Authorization

  • RoleAuthorizer:

    • collection:administrator:{collection_id}

    • endpoint:administrator

    • endpoint:owner

Path parameters

▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Responses

200 - Delete collection owner string response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Details

Check a collection for configuration problems

GET /api/collections/{collection_id}/check

Check the configuration of a collection for configuration problems. Returns a list of configuration error details.

This operation requires the caller to have an endpoint owner or administrator role, or a collection administrator role.

Authorization

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{mapped_collection_id}

Path parameters

▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Responses

200 - Check response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "check_result#1.0.0",
      "error": {},
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "message": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
404 - Not found

Details

Set collection owner

PUT /api/collections/{collection_id}/owner

Assign a new identity to act as the mapped collection owner. Caller must have an endpoint admin or owner role.

  • This is only allowed for mapped collections

  • Owner ID can not be the endpoint client ID

Authorization

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters

▷ collection_id

ID of the collection

Parameter Type Description

collection_id (required)

string <uuid>

ID of the collection

Request body

Content-Type: application/json

Schema for processing the collection_owner#1.0.0 data type

Name

Type

Description

DATA_TYPE

string collection_owner#1.0.0

Type of this document

identity_id

string <uuid>

Auth identity ID of the collection owner

Example
{
  "DATA_TYPE": "collection_owner#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

Responses

200 - Set collection owner response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Details

Get information about a collection

GET /api/collections/{collection_id}

This operation requires either the endpoint to have the public property set to true or the caller to have a role that allows viewing this Endpoint. Some property visibility is limited for users who do not have an administrator role.

Normally, only public collection configuration policy data is included in the response. If the query parameter include=private_policies is passed to this API, and the caller has an administrator role on this collection, the response will include all private policies for the collection as well.

Authorization

  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:{collection_id}

    • collection:activity_manager:{collection_id}

    • collection:activity_monitor:{collection_id}

    • collection:access_manager:{collection_id}

    • collection:administrator:{mapped_collection_id}

    • collection:activity_manager:{mapped_collection_id}

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Path parameters

▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Query Parameters

Parameter Type Description

include

array of string private_policies

Document values to include

Responses

200 - List collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
404 - Not found

Update a collection

PATCH /api/collections/{collection_id}

Updates a collection, changing only the properties included in the input document. It optionally returns a document containing the document after the change is applied. Items explicitly set to null in the input are removed from the collection document.

Authorization

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Path parameters

▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body

Content-Type: application/json

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Version 1.15.0 adds the associated_flow_policy property to the collection.

One of the following schemas:

  • Collection_1_0_0

  • Collection_1_1_0

  • Collection_1_2_0

Name

Type

Description

DATA_TYPE

string collection#1.3.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.4.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.5.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.6.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.7.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.8.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.9.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.10.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA mapped collections and used by the guest collections attached to it. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.11.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.12.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.13.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.14.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.15.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

associated_flow_policy

null or FlowAssociation

Policy describing Globus flows to run when the collection is accessed.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

​

Example
{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

Responses

200 - Update collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Update a collection

PUT /api/collections/{collection_id}

Update a collection, completely replacing its definition with the new document. It returns a document containing the collection after the update has been applied.

Authorization

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Path parameters

▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body

Content-Type: application/json

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Version 1.15.0 adds the associated_flow_policy property to the collection.

One of the following schemas:

  • Collection_1_0_0

  • Collection_1_1_0

  • Collection_1_2_0

Name

Type

Description

DATA_TYPE

string collection#1.3.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.4.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.5.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.6.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.7.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.8.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.9.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.10.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA mapped collections and used by the guest collections attached to it. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.11.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.12.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.13.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.14.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.15.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

associated_flow_policy

null or FlowAssociation

Policy describing Globus flows to run when the collection is accessed.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

​

Example
{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

Responses

200 - Update collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Delete a collection

DELETE /api/collections/{collection_id}

Deletes a collection owned by the caller or an endpoint administrator. If the collection has the delete_protection property set to true, the collection can not be deleted.

When a collection is deleted, all collection-specific roles and sharing_policies are also deleted.

If a mapped collection is deleted, then all guest collections and roles associated them are also deleted.

Authorization

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Path parameters

▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Responses

200 - Delete collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility