Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Timers Transfer Globus Connect Server Compute Helper Pages
  • Applications
    Globus Connect Personal Globus Connect Server Premium Storage Connectors Compute Command Line Interface Python SDK JavaScript SDK
  • Guides
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Globus Connect Server Manager API
  5. Globus Connect Server Manager API

Globus Connect Server Manager API

The Globus Connect Server Manager API provides interfaces for configuring a GCS endpoint and managing storage gateways, user credentials, and collections.

The GCS API follows the REST design model, with resources representing storage gateways and their policies, user credentials, and collections.

All operations return a variation of the Result data type, defines the base message and response code, extended with operation-specific response data.

Changes

1.35.0

  • GCS 5.4.84 release

  • collection#1.15.0 adds the associated_flow_policy property to collections

1.34.0

  • GCS 5.4.83 release

  • collection#1.14.0 adds activity_notification_policy

  • Add support for subscription_admin_verified property for collections

    • New route: PUT /collections/<uuid>/subscription_admin_verified

1.33.0

  • GCS 5.4.82 release

  • collection#1.13.0 adds auto_delete_timeout and skip_auto_delete

1.32.0

  • GCS 5.4.80 release

  • Added support for consistency checks for collections

    • New routes: GET /collections/<uuid>/check, GET /collections/check

    • New data types: check_result#1.0.0

1.31.0

  • GCS 5.4.79 release

  • collection#1.12.0 adds restrict_transfers_to_high_assurance.

1.30.0

  • GCS 5.4.78 release

  • Added support for multiple S3 keys based on a pattern match to a bucket/object path prefix.

1.29.0

  • GCS 5.4.76 release

  • Added support for overriding the endpoint’s network use parameters to storage_gateway#1.3.0.

  • collection#1.11.0 adds acl_expiration_mins for high assurance guest collections

1.28.0

  • GCS 5.4.74 release

  • collection#1.10.0 adds acl_expiration_mins for high assurance mapped collections

1.27.0

  • GCS 5.4.73 release

  • result#1.1.0 adds optional authorization_parameters to result.

1.26.0

  • GCS 5.4.72 release

  • connector#1.1.0 adds is_ha and is_baa fields for high assurance subscriptions

1.25.0

  • GCS 5.4.71 release

  • Mapped collection owner can be changed on managed endpoints by using the new /collections/<uuid:collection_id>/owner API endpoint.

1.24.0

  • GCS 5.4.70 release

  • Add Dropbox connector

1.23.0

  • GCS 5.4.69 release

  • Mapped collections are delete protected on creation unless the document explicitly disables it. Existing collections are not changed.

1.22.0

  • GCS 5.4.67 release

  • Collection listing can now filter by storage gateway ID.

1.21.0

  • GCS 5.4.67 release

  • Mapped collection admins can view the roles of attached guest collections.

  • Collection schema collection#1.1.0 now accepts ~ in collection_base_path.

  • Sharing restrict paths and sharing policies allow $HOME and ~ when root_path is /.

1.20.0

  • GCS 5.4.66 release

  • Add read-only earliest_last_access property to the endpoint. This is the date when this endpoint started tracking last_access on collections. Clients can use this value to determine bounds on whether this collection was never accessed or not accessed since the endpoint started tracking that information.

  • Add login_name policy to the HPSS storage gateway.

1.19.0

  • GCS 5.4.65 release

  • Add allow_any_account to the storage gateway connector policies of connectors that use oauth2 user credentials: Azure Blob, Box, Google Cloud Storage, Google Drive, and OneDrive.

  • Google Cloud Storage collections are no longer required to be associated with a project.

1.18.0

  • GCS 5.4.60 release

  • Add the read-only created_at and last_access properties to the collection schema.

  • Add new filter query parameter value to GET /api/collections to allow filtering collections by created_at or last_access property values.

  • Add new API for deleting multiple guest collections in one request.

1.17.0

  • GCS 5.4.59 release

  • Add s3_requester_pays support to the S3 connector.

1.16.0

  • GCS 5.4.58 release

  • Allow users with an administrator role on a mapped collection to delete guest collections associated with that collection.

  • GET /storage_gateways no longer quietly ignores private_policies

1.15.0

  • GCS 5.4.57 release

  • Add guest_auth_policy_id for collections

  • Increase maxLength of user_message to 256

  • Clarify visibility of root_path on guest collections

  • Add delete_protected for collections

1.14.0

  • GCS 5.4.55 release

  • Add endpoint#1.1.0 document type to support setting GridFTP control port to something other than 443

1.13.0

  • GCS 5.4.51 release

  • Add include=all optional query parameter to GET /user_credentials.

1.12.0

  • GCS 5.4.49 release

  • Add admin_managed_credentials property to storage_gateway#1.2.0

1.11.0

  • GCS 5.4.43 release

  • Add API routes for endpoint and collection advertised owner_string.

  • Add HPSS connector

1.10.0

  • GCS 5.4.30 release

  • Add service_account_key to google_cloud_storage_policies#1.0.0

1.9.0

  • GCS 5.4.28 release

  • Add Azure Blob storage support

1.8.0

  • GCS 5.4.27 release

  • Added disable_anonymous_writes to collection#1.5.0

1.7.0

  • GCS 5.4.21 release

  • Added support for the multi-factor requirement to storage gateways

  • Added force_verify to collection#1.4.0

  • Add ActiveScale connector

1.6.0

  • GCS 5.4.18 release

  • Add OneDrive connector and related policy documents

  • Replace google-cloud-platform-connector module with a more correct oauth-credential-api module.

  • Add support for user sharing policies

1.5.0

  • GCS 5.4.15 release

  • Add node#1.1.0 document

1.4.0

  • GCS 5.4.13 release

  • Add custom domain APIs: the /endpoint/domain and /collections/{collection_id}/domain route and the custom_domain#1.0.0 document.

1.3.0

  • GCS 5.4.10 release

  • Add POSIX staging connector and related policy documents.

  • Add iRODS connector and related policy documents

1.2.0

  • GCS 5.4.8 release

  • Add sharing_users_allow, sharing_users_deny to the Collection document (collection#1.2.0)

  • Add sharing_groups_allow, sharing_groups_deny to the Posix Collection Policies document (posix_collection_policies#1.1.0)

1.1.0

  • GCS 5.4.5 release

  • Add enable_https, user_message, and user_message_link to Collection document (collection#1.1.0)

1.0.0

  • GCS 5.4.0 release

API Reference

Authorization

Authorization

API Authorization

The operations provided by this API may be authorized with the following authorization methods:

PublicAuthorizer

The PublicAuthorizer allows the operation if the endpoint document’s public property is true.

RoleAuthorizer

A Role authorizer parses the request and the roles assigned to the current user. If one of the roles is in the listed set, then the operation is authorized. Understood roles are:

endpoint:owner
Endpoint owner
endpoint:administrator
Endpoint administrator
endpoint:activity_manager
Endpoint activity_manager
endpoint:activity_monitor
Endpoint activity_monitor
collection:administrator:*
Collection administrator for any collection on this endpoint
collection:activity_manager:*
Collection activity_manager for any collection on this endpoint
collection:activity_monitor:*
Collection activity_monitor for any collection on this endpoint
collection:access_manager:*
Collection access_manager for any collection on this endpoint
collection:administrator:{collection_id}
Collection administrator for the collection being operated on
collection:activity_manager:{collection_id}
Collection activity_manager for the collection being operated on
collection:activity_monitor:{collection_id}
Collection activity_monitor for the collection being operated on
collection:access_manager:{collection_id}
Collection access_manager for the collection being operated on
collection:administrator:{mapped_collection_id}
Collection administrator for the mapped collection associated with the guest collection that is being being operated on
collection:activity_manager:{mapped_collection_id}
activity_manager for the mapped collection associated the guest collection that is being being operated on
collection:activity_monitor:{mapped_collection_id}
activity_monitor for the mapped collection associated the guest collection that is being being operated on
collection:access_manager:{mapped_collection_id}
access_manager for the mapped collection associated the guest collection that is being being operated on

StorageGatewayAuthorizer

The StorageGatewayAuthorizer allows the operation if the caller’s identity set is allowed by the policies of a storage gateway. The parameter to this authorizer is one of the following:

*
Any storage gateway
{storage_gateway_id}
Either the storage gateway that was passed in to this operation, or the storage gateway that the resource (either a user credential or collection) is associated with.

SubscriptionManagerAuthorizer

The SubscriptionManagerAuthorizer allows the operation if the caller’s identity set is a Globus subscription manager. This allows an endpoint to be set as managed without the subscription manager being the endpoint administrator.

UserCredentialOwnerAuthorizer

The UserCredentialOwnerAuthorizer allows the operation if the caller’s identity set owns a credential. The parameter to this authorizer is one of the following:

*
Any User Credential
{user_credential_id}
The user credential passed in to the operation

Versioning

Versioning

API Versioning

The GCS Manager API uses semantic versioning for its API versioning. The version of the API described in this document is 1.35.0.

Connectors

Each Connector providing access to a type of storage will have its own semantic version. This version describes the API specific to that connector, including its input and output document formats and any additional URL routes that it provides.

API Document Versions

Each document in the Globus Connect Server Manager API includes a DATA_TYPE property that indicates the type and version of the document. When a document with a given DATA_TYPE is used in a document, the document must validate against the schema defined for that document type. Note that extensions may be allowed based on the definition of that type.

Deprecations

When a part of the API is to be deprecated, the minor version of the API is increased. When a part of the API is removed, the major version of the API is incremented. When a deprecated API is used, the response message will include a deprecation warning.

Versioning Overview

Method API Path Description

GET

/​api/​info

Get GCS service information

Details

Get GCS service information

GET /api/info

Returns information about the GCS Manager service for this endpoint, as well as additional features such as connectors that it provides as extensions to the API defined in this document.

This operation can be performed without an Authorization header.

Query Parameters
Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

Responses
200 - Get info response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "connector#1.0.0",
      "display_name": "POSIX",
      "id": "string",
      "version": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

Endpoint

Endpoint

A GCS Endpoint is an entity that represents an access point to data storage. In GCSv5, this includes the following types of items:

  • One or more Storage Gateways which define policies to access specific data storage rooted in some sort of file system or object store. In this version of the specification, ActiveScale, Azure Blob Storage, BlackPearl, Box, Ceph, Google Drive, Google Cloud Storage, HPSS, iRODS, OneDrive, POSIX, and S3 Storage Gateways are supported.

  • One or more Collections, which may define either a set of data on a Storage Gateway that is shared with other Globus users or publicly, or a set of data on a Storage Gateway that Globus users access with their own local or cloud accounts.

  • One or more nodes which define physical servers providing access to the GCS endpoint resources.

Endpoint Overview

Method API Path Description

PUT

/​api/​endpoint/​subscription_id

Set the endpoint subscription id

PUT

/​api/​endpoint/​owner_string

Set endpoint owner string

DELETE

/​api/​endpoint/​owner_string

Reset advertised owner string

PUT

/​api/​endpoint/​owner

Set endpoint owner

GET

/​api/​endpoint

Get endpoint definition

PATCH

/​api/​endpoint

Update an endpoint

PUT

/​api/​endpoint

Update an endpoint

Details

Set the endpoint subscription id

PUT /api/endpoint/subscription_id

Change the subscription_id of this endpoint. Because subscription is enforcement is handled in a separate service than GCS and an organization’s subscription manager may not be the administrator of the endpoint, this API has allows for both role-based authorization and subscription manager based authorization.

The authorization allows the following:

Caller has a role but is not subscription manager
Remove an existing subscription from an endpoint, even if the caller is not a manager for that subscription.
Caller does not have a role but is a subscription manager
Set the subscription_id to a subscription they manage on a currently-unmanaged endpoint or remove the subscription_id from the endpoint if it is one that they managed.
Caller has a role and is a subscription manager
Set the subscription_id to a subscription they manage on an endpoint even if it is currently managed by a subscription that the caller is not a manager of.
Authorization
  • SubscriptionManagerAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Request body
Content-Type: application/json

Endpoint subscription

Name

Type

Description

DATA_TYPE

string endpoint_subscription#1.0.0

Type of this document

subscription_id

string

Either the id of a Globus subscription or the special value "DEFAULT" if the caller has only one subscription associated with their identity set.

Example
{
  "DATA_TYPE": "endpoint_subscription#1.0.0",
  "subscription_id": "string"
}
Responses
200 - Set endpoint owner response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
415 - Unsupported media type
422 - Unprocessable entity

Details

Set endpoint owner string

PUT /api/endpoint/owner_string

Modify the endpoint’s advertised owner to match the username of one of the caller’s linked identities. The identity must have an administrator role on the endpoint.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Request body
Content-Type: application/json

Owner string document

Name

Type

Description

DATA_TYPE

string owner_string#1.0.0

Type of this document

identity_id

string <uuid>

Globus Auth Identity id

Example
{
  "DATA_TYPE": "owner_string#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}
Responses
200 - Set endpoint owner string response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Reset advertised owner string

DELETE /api/endpoint/owner_string

Reset the endpoint’s advertised owner to the client_id of the endpoint.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Responses
200 - Reset advertised owner string response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Details

Set endpoint owner

PUT /api/endpoint/owner

Assign a new identity to act as the endpoint owner.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

Request body
Content-Type: application/json

Schema for processing the endpoint_owner#1.0.0 data type

Name

Type

Description

DATA_TYPE

string endpoint_owner#1.0.0

Type of this document

identity_id

string <uuid>

Auth identity ID of the endpoint owner

Example
{
  "DATA_TYPE": "endpoint_owner#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}
Responses
200 - Set endpoint owner response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Get endpoint definition

GET /api/endpoint

Get the endpoint.

Authorization
  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:*

    • collection:activity_manager:*

    • collection:activity_monitor:*

    • collection:access_manager:*

  • StorageGatewayAuthorizer

    • *

Responses
200 - Get endpoint response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "endpoint#1.0.0",
      "allow_udt": true,
      "contact_email": "string",
      "contact_info": "string",
      "department": "string",
      "description": "string",
      "display_name": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "gcs_manager_url": "string",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "max_concurrency": 1,
      "max_parallelism": 1,
      "network_use": "normal",
      "organization": "string",
      "preferred_concurrency": 1,
      "preferred_parallelism": 1,
      "public": true,
      "subscription_id": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized

Update an endpoint

PATCH /api/endpoint

Update the Endpoint document, changing only the properties included in the input. Items explicitly set to null in the input are removed from the endpoint document. This operation optionally returns the endpoint after applying the changes in the input if the include=endpoint query parameter is passed to this operation.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Query Parameters
Parameter Type Description

include

array of string endpoint

List of document types to include in the response

Request body
Content-Type: application/json

A Globus Connect Server endpoint is a deployment of Globus Connect Server version 5. A single endpoint may optionally include multiple data transfer nodes. The endpoint provides a link between a Globus Connect Server deployment and the Globus Transfer service. The endpoint describes services for accessing data via GridFTP and HTTPS and also for configuring and managing the policies associated with that access.

Version 1.1.0 of the endpoint includes support for customizing the TCP port that the GridFTP listens on.

Version 1.2.0 of the endpoint includes read-only earliest_last_access to put a limit on collections which are missing a last_access value.

One of the following schemas:

  • Endpoint_1_0_0

  • Endpoint_1_1_0

  • Endpoint_1_2_0

​

Example
{
  "DATA_TYPE": "endpoint#1.0.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}
Responses
200 - Update endpoint response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "endpoint#1.0.0",
      "allow_udt": true,
      "contact_email": "string",
      "contact_info": "string",
      "department": "string",
      "description": "string",
      "display_name": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "gcs_manager_url": "string",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "max_concurrency": 1,
      "max_parallelism": 1,
      "network_use": "normal",
      "organization": "string",
      "preferred_concurrency": 1,
      "preferred_parallelism": 1,
      "public": true,
      "subscription_id": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Update an endpoint

PUT /api/endpoint

Update the endpoint document, replacing all properties with those in the input. This operation optionally returns the Endpoint after the update if the include=endpoint query parameter is passed to this operation.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Query Parameters
Parameter Type Description

include

array of string endpoint

List of document types to include in the response

Request body
Content-Type: application/json

A Globus Connect Server endpoint is a deployment of Globus Connect Server version 5. A single endpoint may optionally include multiple data transfer nodes. The endpoint provides a link between a Globus Connect Server deployment and the Globus Transfer service. The endpoint describes services for accessing data via GridFTP and HTTPS and also for configuring and managing the policies associated with that access.

Version 1.1.0 of the endpoint includes support for customizing the TCP port that the GridFTP listens on.

Version 1.2.0 of the endpoint includes read-only earliest_last_access to put a limit on collections which are missing a last_access value.

One of the following schemas:

  • Endpoint_1_0_0

  • Endpoint_1_1_0

  • Endpoint_1_2_0

​

Example
{
  "DATA_TYPE": "endpoint#1.0.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}
Responses
200 - Update endpoint response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "endpoint#1.0.0",
      "allow_udt": true,
      "contact_email": "string",
      "contact_info": "string",
      "department": "string",
      "description": "string",
      "display_name": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "gcs_manager_url": "string",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "max_concurrency": 1,
      "max_parallelism": 1,
      "network_use": "normal",
      "organization": "string",
      "preferred_concurrency": 1,
      "preferred_parallelism": 1,
      "public": true,
      "subscription_id": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Roles

Roles

The client identity that created an Endpoint has full control over management aspects of the endpoint, including the properties, collections, the permission, and role assignments. Other roles enable other identities to act on various subsets of endpoint and collection management capabilities. See the endpoint roles and collection roles reference pages for information about the roles. All API endpoints below indicate which roles are required to perform the given operation.

Roles Overview

Method API Path Description

GET

/​api/​roles

List roles

POST

/​api/​roles

Create a role

DELETE

/​api/​roles/​{role_id}

Delete a role

GET

/​api/​roles/​{role_id}

Get a role

Details

List roles

GET /api/roles

Get the endpoint’s or a collection’s list of role associations.

If the collection_id query parameter is passed to this operation, then the roles related to that collection are returned. Otherwise, this operation returns endpoint roles.

The include parameter determines whether this operation returns all roles relevant to the resource or only those that the caller has.

To obtain information about all roles, the caller must pass the "all_roles" value as the value of the "include" parameter. This requires the "administrator" role for the endpoint Or Collection the role is associated with.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Query Parameters
Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

collection_id

string <uuid>

ID of the collection

include

array of string all_roles

Flag indicating whether to request all roles assignments for the endpoint or collection.

Responses
200 - List roles response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "role#1.0.0",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "principal": "string",
      "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
      "role": "owner"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Create a role

POST /api/roles

Assign a role to an identity or group for the endpoint or a collection.

See endpoint roles and collection roles for description of the available roles.

To assign a role to a collection, include the collection’s ID in the collection property of the input document.

When creating an endpoint role, the caller must have then endpoint:administrator role assigned to one of their identities.

When creating a collection role for a mapped collection, the caller must have either the endpoint:administrator role or the collection:administrator role assigned for that collection.

When creating a collection role for a guest collection, the caller must have a collection:administrator role on the collection.

On success returns a copy of the created role with the system generated id added.

Authorization
  • RoleAuthorizer:

    • endpoint:administrator

    • collection:administrator:{collection_id}

Request body
Content-Type: application/json

The "Role" document type represents the assignment of a role on an Endpoint or Collection to a Globus identity or group.

Name

Type

Description

DATA_TYPE

string role#1.0.0

Type of this document

id

string <uuid>

Unique id string for this role assignment. This is system generated and should not be included in create requests.

principal

string ^(urn:globus:auth:identity|urn:globus:groups:id):([a-f0-9-]*)$

Globus Auth identity or group id URN

collection

string <uuid>

Collection Id. This value is omitted when creating an endpoint role or when creating role definitions when creating "collections.

role

string owner, administrator, access_manager, activity_manager, activity_monitor, access_monitor

Role assigned to the principal

Example
{
  "DATA_TYPE": "role#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "principal": "string",
  "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
  "role": "owner"
}
Responses
200 - Create role response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "role#1.0.0",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "principal": "string",
      "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
      "role": "owner"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

One of the following schemas:

Name

Type

Description

code

string permission_denied

http_response_code

any type 403

detail

string or MissingRequiredRole

Name

Type

Description

code

string subscription_required

http_response_code

any type 403

detail

string or SubscriptionRequired

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
409 - Conflict
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Delete a role

DELETE /api/roles/{role_id}

Delete one of the endpoint or collection roles on this endpoint.

To delete an endpoint role, the caller must have an endpoint:administrator role.

To delete a mapped collection role, the caller must have one of endpoint:administrator or collection:administrator role for the collection.

To delete a guest collection role, the caller must have one of endpoint:administrator, collection:administrator role for the guest collection, or collection:administrator for the mapped collection the guest collection was created on.

The endpoint:owner, or the collection:administrator role for the creator of a collection may not be deleted using this API.

Authorization
  • RoleAuthorizer:

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Path parameters
▷ role_id

Id of the role

Parameter Type Description

role_id (required)

string <uuid>

Id of the role

Responses
200 - Delete role response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

One of the following schemas:

Name

Type

Description

code

string permission_denied

http_response_code

any type 403

detail

string or MissingRequiredRole

Name

Type

Description

code

string subscription_required

http_response_code

any type 403

detail

string or SubscriptionRequired

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
409 - Conflict
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Get a role

GET /api/roles/{role_id}

Get one of the role assignments on this endpoint.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Path parameters
▷ role_id

Id of the role

Parameter Type Description

role_id (required)

string <uuid>

Id of the role

Responses
200 - Get role response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "role#1.0.0",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "principal": "string",
      "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
      "role": "owner"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Nodes

Nodes

Services for GCS endpoints may be deployed on multiple different physical resources. The Nodes API allows an administrator to manage those nodes.

Nodes Overview

Method API Path Description

GET

/​api/​nodes

List endpoint nodes

POST

/​api/​nodes

Create a new node

GET

/​api/​nodes/​{node_id}

Get node

PUT

/​api/​nodes/​{node_id}

Update a node

PATCH

/​api/​nodes/​{node_id}

Update a node

DELETE

/​api/​nodes/​{node_id}

Delete a node

Details

List endpoint nodes

GET /api/nodes

Get the endpoint’s list of nodes.

This operation requires either the endpoint to have the public property set to true or the caller to have a role that allows viewing this endpoint or a collection on it.

Authorization
  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:*

    • collection:activity_manager:*

    • collection:activity_monitor:*

    • collection:access_manager:*

  • StorageGatewayAuthorizer

    • *

Query Parameters
Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

Responses
200 - List nodes response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "node#1.0.0",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "incoming_port_range": [
        65535,
        65535
      ],
      "ip_addresses": [
        "string"
      ],
      "outgoing_port_range": [
        65535,
        65535
      ],
      "status": "active"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized

Create a new node

POST /api/nodes

Create a new node to describe a host which is providing service for this endpoint. This adds the node’s IP address to the DNS record for this endpoint’s GCS Manager and for all collections.

On success returns a copy of the created Node with the system generated id added.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Request body
Content-Type: application/json

Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as data transfer nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.

Version 1.1.0 adds support for setting the data interface on a node.

Version 1.2.0 adds support for setting an IPv6 data interface on a node.

One of the following schemas:

  • Node_1_0_0

  • Node_1_1_0

  • Node_1_2_0

​

Example
{
  "DATA_TYPE": "node#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}
Responses
200 - Create node response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "node#1.0.0",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "incoming_port_range": [
        65535,
        65535
      ],
      "ip_addresses": [
        "string"
      ],
      "outgoing_port_range": [
        65535,
        65535
      ],
      "status": "active"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

One of the following schemas:

Name

Type

Description

code

string permission_denied

http_response_code

any type 403

detail

string or MissingRequiredRole

Name

Type

Description

code

string permission_denied

http_response_code

any type 403

detail

string or LimitExceeded

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Get node

GET /api/nodes/{node_id}

Get information about one of the endpoint’s node.

This operation requires either the endpoint to have the public property set to true or the caller to have a role that allows viewing this Endpoint or a Collection on it.

Authorization
  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:*

    • collection:activity_manager:*

    • collection:activity_monitor:*

    • collection:access_manager:*

  • StorageGatewayAuthorizer

    • *

Path parameters
▷ node_id

Id of the node

Parameter Type Description

node_id (required)

string <uuid>

Id of the node

Responses
200 - Get node response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "node#1.0.0",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "incoming_port_range": [
        65535,
        65535
      ],
      "ip_addresses": [
        "string"
      ],
      "outgoing_port_range": [
        65535,
        65535
      ],
      "status": "active"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
404 - Not found

Update a node

PUT /api/nodes/{node_id}

Update a node, replacing all properties with those in the input. This operation optionally returns the node’s definition after the update if the include=node query parameter is passed to this operation.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ node_id

Id of the node

Parameter Type Description

node_id (required)

string <uuid>

Id of the node

Query Parameters
Parameter Type Description

include

array of string node

Flag indicating whether to request all roles assignments for the endpoint or collection.

Request body
Content-Type: application/json

Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as data transfer nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.

Version 1.1.0 adds support for setting the data interface on a node.

Version 1.2.0 adds support for setting an IPv6 data interface on a node.

One of the following schemas:

  • Node_1_0_0

  • Node_1_1_0

  • Node_1_2_0

​

Example
{
  "DATA_TYPE": "node#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}
Responses
200 - Update node response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "node#1.0.0",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "incoming_port_range": [
        65535,
        65535
      ],
      "ip_addresses": [
        "string"
      ],
      "outgoing_port_range": [
        65535,
        65535
      ],
      "status": "active"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Update a node

PATCH /api/nodes/{node_id}

Update a node, changing only the properties included in the input document. Items explicitly set to null in the input are removed from the Node document. This operation optionally returns the node definition after applying the changes in the input if the include=node query parameter is passed to this operation.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ node_id

Id of the node

Parameter Type Description

node_id (required)

string <uuid>

Id of the node

Query Parameters
Parameter Type Description

include

array of string node

Flag indicating whether to request all roles assignments for the endpoint or collection.

Request body
Content-Type: application/json

Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as data transfer nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.

Version 1.1.0 adds support for setting the data interface on a node.

Version 1.2.0 adds support for setting an IPv6 data interface on a node.

One of the following schemas:

  • Node_1_0_0

  • Node_1_1_0

  • Node_1_2_0

​

Example
{
  "DATA_TYPE": "node#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}
Responses
200 - Update node response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "node#1.0.0",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "incoming_port_range": [
        65535,
        65535
      ],
      "ip_addresses": [
        "string"
      ],
      "outgoing_port_range": [
        65535,
        65535
      ],
      "status": "active"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Delete a node

DELETE /api/nodes/{node_id}

Delete the Node document for the given node.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ node_id

Id of the node

Parameter Type Description

node_id (required)

string <uuid>

Id of the node

Responses
200 - Delete node response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Storage Gateways

Storage Gateways

The Storage Gateway API allows administrators to manage storage gateways.

Each Storage Gateway contains information about the connector it interfaces with as well as policies that determine who may manage or access collections on the Storage Gateway as well as how that Storage Gateway interacts with the connector.

Operations which modify a storage gateway, or inspect private policies require an administrator role.

Storage Gateways Overview

Method API Path Description

GET

/​api/​storage_gateways

List storage gateways

POST

/​api/​storage_gateways

Create a storage gateway

GET

/​api/​storage_gateways/​{storage_gateway_id}

Get a storage gateway

DELETE

/​api/​storage_gateways/​{storage_gateway_id}

Delete a storage gateway

PATCH

/​api/​storage_gateways/​{storage_gateway_id}

Update a storage gateway

PUT

/​api/​storage_gateways/​{storage_gateway_id}

Update a storage gateway

Details

List storage gateways

GET /api/storage_gateways

List the storage gateways on an endpoint.

The include query parameter controls what additional information is included in the Result document. This operation requires either the endpoint to have the public property set to true, the caller to have a role that allows viewing this Endpoint, the user to have an identity which is allowed by the individual Storage Gateway policies, or an identity which has a permission for a collection created on this Storage Gateway.

Authorization
  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:*

    • collection:activity_manager:*

    • collection:activity_monitor:*

    • collection:access_manager:*

  • StorageGatewayAuthorizer

    • *

Query Parameters
Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

include

array of string private_policies, accounts

Responses
200 - List storage gateways response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "storage_gateway#1.0.0",
      "allowed_domains": [
        "string"
      ],
      "authentication_assurance_timeout": 1,
      "authentication_timeout_mins": 1,
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "high_assurance": true,
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_mappings": [
        {
          "DATA_TYPE": "external_identity_mapping#1.0.0",
          "command": [
            "string"
          ]
        }
      ],
      "load_dsi_module": "string",
      "policies": {
        "DATA_TYPE": "s3_storage_policies#1.0.0",
        "s3_buckets": [
          "string"
        ],
        "s3_endpoint": "https://s3.amazonaws.com",
        "s3_user_credential_required": true
      },
      "process_user": "string",
      "require_high_assurance": true,
      "restrict_paths": {},
      "users_allow": [
        "string"
      ],
      "users_deny": [
        "string"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

Create a storage gateway

POST /api/storage_gateways

Create a storage gateway on an endpoint. On success, this operation returns a copy of the created storage gateway with the system generated id added.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Request body
Content-Type: application/json

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.

One of the following schemas:

  • StorageGateway_1_0_0

  • StorageGateway_1_1_0

  • StorageGateway_1_2_0

  • StorageGateway_1_3_0

​

Example
{
  "DATA_TYPE": "storage_gateway#1.0.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}
Responses
201 - Post storage gateways response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "storage_gateway#1.0.0",
      "allowed_domains": [
        "string"
      ],
      "authentication_assurance_timeout": 1,
      "authentication_timeout_mins": 1,
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "high_assurance": true,
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_mappings": [
        {
          "DATA_TYPE": "external_identity_mapping#1.0.0",
          "command": [
            "string"
          ]
        }
      ],
      "load_dsi_module": "string",
      "policies": {
        "DATA_TYPE": "s3_storage_policies#1.0.0",
        "s3_buckets": [
          "string"
        ],
        "s3_endpoint": "https://s3.amazonaws.com",
        "s3_user_credential_required": true
      },
      "process_user": "string",
      "require_high_assurance": true,
      "restrict_paths": {},
      "users_allow": [
        "string"
      ],
      "users_deny": [
        "string"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Get a storage gateway

GET /api/storage_gateways/{storage_gateway_id}

Get a storage gateway’s definition.

The include query parameter controls what additional information is included in the Result document. This operation requires either the endpoint to have the public property set to true, the caller to have a role that allows viewing this Endpoint, the user to have an identity which is allowed by the individual storage gateway policies, or an identity which has a permission for a collection created on this storage gateway.

Authorization
  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:*

    • collection:activity_manager:*

    • collection:activity_monitor:*

    • collection:access_manager:*

  • StorageGatewayAuthorizer

    • *

Path parameters
▷ storage_gateway_id

Id of the storage gateway

Parameter Type Description

storage_gateway_id (required)

string <uuid>

Id of the storage gateway

Query Parameters
Parameter Type Description

include

array of string private_policies, accounts

Responses
200 - Get storage gateways response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "storage_gateway#1.0.0",
      "allowed_domains": [
        "string"
      ],
      "authentication_assurance_timeout": 1,
      "authentication_timeout_mins": 1,
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "high_assurance": true,
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_mappings": [
        {
          "DATA_TYPE": "external_identity_mapping#1.0.0",
          "command": [
            "string"
          ]
        }
      ],
      "load_dsi_module": "string",
      "policies": {
        "DATA_TYPE": "s3_storage_policies#1.0.0",
        "s3_buckets": [
          "string"
        ],
        "s3_endpoint": "https://s3.amazonaws.com",
        "s3_user_credential_required": true
      },
      "process_user": "string",
      "require_high_assurance": true,
      "restrict_paths": {},
      "users_allow": [
        "string"
      ],
      "users_deny": [
        "string"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
404 - Not found

Delete a storage gateway

DELETE /api/storage_gateways/{storage_gateway_id}

Delete a storage gateway.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ storage_gateway_id

Id of the storage gateway

Parameter Type Description

storage_gateway_id (required)

string <uuid>

Id of the storage gateway

Responses
200 - Get storage gateways response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Update a storage gateway

PATCH /api/storage_gateways/{storage_gateway_id}

Update a storage gateway, change only the properties included in the input document. It returns a document containing the storage gateway after the changes have been applied. Items explicitly set to null in the input are removed from the storage gateway.

Some properties are immutable, in general, the id, connector_id, and high_assurance properties cannot be changed, though storage gateways may enforce additional restrictions.

This operation may return a Conflict error if any collections exist which would be not be consistent with the change in Storage Gateway policies.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ storage_gateway_id

Id of the storage gateway

Parameter Type Description

storage_gateway_id (required)

string <uuid>

Id of the storage gateway

Request body
Content-Type: application/json

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.

One of the following schemas:

  • StorageGateway_1_0_0

  • StorageGateway_1_1_0

  • StorageGateway_1_2_0

  • StorageGateway_1_3_0

​

Example
{
  "DATA_TYPE": "storage_gateway#1.0.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}
Responses
200 - Update storage gateway response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "storage_gateway#1.0.0",
      "allowed_domains": [
        "string"
      ],
      "authentication_assurance_timeout": 1,
      "authentication_timeout_mins": 1,
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "high_assurance": true,
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_mappings": [
        {
          "DATA_TYPE": "external_identity_mapping#1.0.0",
          "command": [
            "string"
          ]
        }
      ],
      "load_dsi_module": "string",
      "policies": {
        "DATA_TYPE": "s3_storage_policies#1.0.0",
        "s3_buckets": [
          "string"
        ],
        "s3_endpoint": "https://s3.amazonaws.com",
        "s3_user_credential_required": true
      },
      "process_user": "string",
      "require_high_assurance": true,
      "restrict_paths": {},
      "users_allow": [
        "string"
      ],
      "users_deny": [
        "string"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Update a storage gateway

PUT /api/storage_gateways/{storage_gateway_id}

Update a storage gateway, completely replacing its definition with the new document. It returns a document containing the storage gateway after the update has been applied.

This operation may return a Conflict error if any collections exist which would be not be consistent with the change in Storage Gateway policies.

The high_assurance property cannot be changed.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ storage_gateway_id

Id of the storage gateway

Parameter Type Description

storage_gateway_id (required)

string <uuid>

Id of the storage gateway

Request body
Content-Type: application/json

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.

One of the following schemas:

  • StorageGateway_1_0_0

  • StorageGateway_1_1_0

  • StorageGateway_1_2_0

  • StorageGateway_1_3_0

​

Example
{
  "DATA_TYPE": "storage_gateway#1.0.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}
Responses
200 - Update storage gateway response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "storage_gateway#1.0.0",
      "allowed_domains": [
        "string"
      ],
      "authentication_assurance_timeout": 1,
      "authentication_timeout_mins": 1,
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "high_assurance": true,
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_mappings": [
        {
          "DATA_TYPE": "external_identity_mapping#1.0.0",
          "command": [
            "string"
          ]
        }
      ],
      "load_dsi_module": "string",
      "policies": {
        "DATA_TYPE": "s3_storage_policies#1.0.0",
        "s3_buckets": [
          "string"
        ],
        "s3_endpoint": "https://s3.amazonaws.com",
        "s3_user_credential_required": true
      },
      "process_user": "string",
      "require_high_assurance": true,
      "restrict_paths": {},
      "users_allow": [
        "string"
      ],
      "users_deny": [
        "string"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Collections

Collections

The collection management API allows globus users to manage guest collections and administrators to manage mapped collections.

A mapped collection is a collection that maps the Globus Auth identity of the user accessing the collection to a local account in the Storage Gateway’s user space. Mapped collections can only be created by those with an administrator role on the Endpoint.

A guest collection is a collection that uses the collection creator’s credentials to access the Storage Gateway data interface. Permissions may be added to a Guest Collection by using the Globus Transfer API.

Operations on Mapped Collections require an administrator role.

Collections Overview

Method API Path Description

POST

/​api/​collections/​batch_delete

Delete multiple guest collections

GET

/​api/​collections/​check

Check the collections on this endpoint

GET

/​api/​collections

List the collections on this endpoint

POST

/​api/​collections

Create a collection

PUT

/​api/​collections/​{collection_id}/​subscription_admin_verified

Set the subscription_admin_verified property for a collection

PUT

/​api/​collections/​{collection_id}/​owner_string

Set advertised owner of collection

DELETE

/​api/​collections/​{collection_id}/​owner_string

Reset advertised owner of collection

GET

/​api/​collections/​{collection_id}/​check

Check a collection for configuration problems

PUT

/​api/​collections/​{collection_id}/​owner

Set collection owner

GET

/​api/​collections/​{collection_id}

Get information about a collection

PATCH

/​api/​collections/​{collection_id}

Update a collection

PUT

/​api/​collections/​{collection_id}

Update a collection

DELETE

/​api/​collections/​{collection_id}

Delete a collection

Details

Delete multiple guest collections

POST /api/collections/batch_delete

Initiate the deletion of multiple guest collections. The input document contains a list of the IDs of collections to delete.

If any of the collections have collection_type of "mapped", then this operation returns an error indicating which ones were not valid or this operation.

If any of the collections do not exist or are already deleted, then they are silently ignored.

Deletion does not happen immediately; it is handled in the background by the GCS Manager Assistant process.

On success, this operation returns a message body containing the list of collections from the input that this GCS manager node will delete.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Request body
Content-Type: application/json

The Batch data type is used to specify multiple objects to operate on via a single REST API call.

Name

Type

Description

DATA_TYPE

string batch#1.0.0

Type of this document

ids

array of string <uuid>

List of object IDs to operate on

Example
{
  "DATA_TYPE": "batch#1.0.0",
  "ids": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}
Responses
202 - Delete multiple collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "batch#1.0.0",
      "ids": [
        "497f6eca-6276-4993-bfeb-53cbbbba6f08"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

One of the following schemas:

Name

Type

Description

code

string permission_denied

http_response_code

any type 403

detail

string or MissingRequiredRole

Name

Type

Description

code

string permission_denied

http_response_code

any type 403

detail

string or Batch

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Check the collections on this endpoint

GET /api/collections/check

Authorization
  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:{collection_id}

    • collection:activity_manager:{collection_id}

    • collection:activity_monitor:{collection_id}

    • collection:access_manager:{collection_id}

    • collection:administrator:{mapped_collection_id}

    • collection:activity_manager:{mapped_collection_id}

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Query Parameters
Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

filter

array of string ^\s*(mapped_collections|guest_collections|managed_by_me|created_by_me|created_at\s*([<>]=?|=)\s*(\d{4}-\d{2}-\d{2})|last_access\s*([<>]=?|=)\s*(\d{4}-\d{2}-\d{2}))\s*$

Filter to apply to the return set

storage_gateway_id

string <uuid>

Filter collections which were created using this storage_gateway_id

mapped_collection_id

string <uuid>

Filter collections which were created using this mapped_collection_id

Responses
200 - Check collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "check_result#1.0.0",
      "error": {},
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "message": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Details

List the collections on this endpoint

GET /api/collections

This operation requires either the endpoint to have the public property set to true or the caller to have a role that allows viewing this Collection.

The result of this can be limited by using the filter query parameter to choose which of the visible collections to return. This is a comma-separated list of filters to apply to the result set:

mapped_collections
Only collections with collection_type equal to mapped.
guest_collections
Only collections with collection_type equal to guest.
managed_by_me
Only collections where one of caller's identities (either directly or via a group role assignment) is granted a role on the collection.
created_by_me
Only collections where one of the caller's identities matches the `identity_id` property of the collection.
last_access < YYYY-MM-DD
last_access <= YYYY-MM-DD
last_access <= YYYY-MM-DD
last_access = YYYY-MM-DD
last_access >= YYYY-MM-DD
last_access < YYYY-MM-DD
Only collections accessed before or after the given date
created_at < YYYY-MM-DD
created_at <= YYYY-MM-DD
created_at <= YYYY-MM-DD
created_at = YYYY-MM-DD
created_at >= YYYY-MM-DD
created_at < YYYY-MM-DD
Only collections created before or after the given date

The result can also be limited by including the mapped_collection_id query parameter. This limits the response to guest collections which have been created using the specified mapped collection.

Normally, only public collection configuration policy data is included in the response. If the query parameter include=private_policies is passed to this API, and the caller has an administrator role on this collection, the response will include all private policies for the collection as well.

Authorization
  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:{collection_id}

    • collection:activity_manager:{collection_id}

    • collection:activity_monitor:{collection_id}

    • collection:access_manager:{collection_id}

    • collection:administrator:{mapped_collection_id}

    • collection:activity_manager:{mapped_collection_id}

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Query Parameters
Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

include

array of string private_policies

Document values to include

filter

array of string ^\s*(mapped_collections|guest_collections|managed_by_me|created_by_me|created_at\s*([<>]=?|=)\s*(\d{4}-\d{2}-\d{2})|last_access\s*([<>]=?|=)\s*(\d{4}-\d{2}-\d{2}))\s*$

Filter to apply to the return set

storage_gateway_id

string <uuid>

Filter collections which were created using this storage_gateway_id

mapped_collection_id

string <uuid>

Filter collections which were created using this mapped_collection_id

Responses
200 - List collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Create a collection

POST /api/collections

This is used to create either a mapped or a guest collection. When created, a "collection:administrator" role for that collection will be created using the caller’s identity.

The collection is assigned a unique DNS name. For guest collections, this DNS name begins with "g-". By default, for mapped collections this name begins with "m-", but a user with an "endpoint:administrator" role may assign a custom domain name for a mapped collection.

In order to create a guest collection, the caller must have an identity that matches the Storage Gateway policies.

In order to create a mapped collection, the caller must have an "endpoint:administrator" or "endpoint:owner" role.

Authorization
  • RoleAuthorizer:

    • endpoint:administrator

    • endpoint:owner

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Request body
Content-Type: application/json

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Version 1.15.0 adds the associated_flow_policy property to the collection.

One of the following schemas:

  • Collection_1_0_0

  • Collection_1_1_0

  • Collection_1_2_0

Name

Type

Description

DATA_TYPE

string collection#1.3.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.4.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.5.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.6.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.7.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.8.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.9.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.10.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA mapped collections and used by the guest collections attached to it. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.11.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.12.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.13.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.14.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.15.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

associated_flow_policy

null or FlowAssociation

Policy describing Globus flows to run when the collection is accessed.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

​

Example
{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}
Responses
201 - Create collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
409 - Conflict
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Set the subscription_admin_verified property for a collection

PUT /api/collections/{collection_id}/subscription_admin_verified

Set the subscription_admin_verified property of the collection. This only be invoked if the endpoint is associated with a subscription and the caller is a subscription administrator for that subscription.

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body
Content-Type: application/json

Subscription Admin Verified

Name

Type

Description

DATA_TYPE

string subscription_admin_verified#1.0.0

Type of this document

subscription_admin_verified

boolean

Value of the subscription_admin_verified property of a collection. This can be set or cleared by a subscription group administrator.

Example
{
  "DATA_TYPE": "subscription_admin_verified#1.0.0",
  "subscription_admin_verified": true
}
Responses
200 - Set collection subscription admin verified response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Details

Set advertised owner of collection

PUT /api/collections/{collection_id}/owner_string

Update the advertised owner string of the collection

Modify the collection’s advertised owner to match the username of one of the caller’s linked identities. The identity must have an administrator role on the collection.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • collection:administrator:{collection_id}

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body
Content-Type: application/json

Owner string document

Name

Type

Description

DATA_TYPE

string owner_string#1.0.0

Type of this document

identity_id

string <uuid>

Globus Auth Identity id

Example
{
  "DATA_TYPE": "owner_string#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}
Responses
200 - Set collection owner string response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Reset advertised owner of collection

DELETE /api/collections/{collection_id}/owner_string

Reset the advertised owner string of the collection to the endpoint’s client_id.

Authorization
  • RoleAuthorizer:

    • collection:administrator:{collection_id}

    • endpoint:administrator

    • endpoint:owner

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Responses
200 - Delete collection owner string response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Details

Check a collection for configuration problems

GET /api/collections/{collection_id}/check

Check the configuration of a collection for configuration problems. Returns a list of configuration error details.

This operation requires the caller to have an endpoint owner or administrator role, or a collection administrator role.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{mapped_collection_id}

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Responses
200 - Check response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "check_result#1.0.0",
      "error": {},
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "message": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
404 - Not found

Details

Set collection owner

PUT /api/collections/{collection_id}/owner

Assign a new identity to act as the mapped collection owner. Caller must have an endpoint admin or owner role.

  • This is only allowed for mapped collections

  • Owner ID can not be the endpoint client ID

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ collection_id

ID of the collection

Parameter Type Description

collection_id (required)

string <uuid>

ID of the collection

Request body
Content-Type: application/json

Schema for processing the collection_owner#1.0.0 data type

Name

Type

Description

DATA_TYPE

string collection_owner#1.0.0

Type of this document

identity_id

string <uuid>

Auth identity ID of the collection owner

Example
{
  "DATA_TYPE": "collection_owner#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}
Responses
200 - Set collection owner response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Details

Get information about a collection

GET /api/collections/{collection_id}

This operation requires either the endpoint to have the public property set to true or the caller to have a role that allows viewing this Endpoint. Some property visibility is limited for users who do not have an administrator role.

Normally, only public collection configuration policy data is included in the response. If the query parameter include=private_policies is passed to this API, and the caller has an administrator role on this collection, the response will include all private policies for the collection as well.

Authorization
  • PublicAuthorizer

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • endpoint:activity_manager

    • endpoint:activity_monitor

    • collection:administrator:{collection_id}

    • collection:activity_manager:{collection_id}

    • collection:activity_monitor:{collection_id}

    • collection:access_manager:{collection_id}

    • collection:administrator:{mapped_collection_id}

    • collection:activity_manager:{mapped_collection_id}

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Query Parameters
Parameter Type Description

include

array of string private_policies

Document values to include

Responses
200 - List collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
404 - Not found

Update a collection

PATCH /api/collections/{collection_id}

Updates a collection, changing only the properties included in the input document. It optionally returns a document containing the document after the change is applied. Items explicitly set to null in the input are removed from the collection document.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body
Content-Type: application/json

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Version 1.15.0 adds the associated_flow_policy property to the collection.

One of the following schemas:

  • Collection_1_0_0

  • Collection_1_1_0

  • Collection_1_2_0

Name

Type

Description

DATA_TYPE

string collection#1.3.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.4.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.5.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.6.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.7.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.8.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.9.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.10.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA mapped collections and used by the guest collections attached to it. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.11.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.12.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.13.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.14.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.15.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

associated_flow_policy

null or FlowAssociation

Policy describing Globus flows to run when the collection is accessed.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

​

Example
{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}
Responses
200 - Update collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Update a collection

PUT /api/collections/{collection_id}

Update a collection, completely replacing its definition with the new document. It returns a document containing the collection after the update has been applied.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body
Content-Type: application/json

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Version 1.15.0 adds the associated_flow_policy property to the collection.

One of the following schemas:

  • Collection_1_0_0

  • Collection_1_1_0

  • Collection_1_2_0

Name

Type

Description

DATA_TYPE

string collection#1.3.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.4.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.5.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.6.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.7.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.8.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.9.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.10.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA mapped collections and used by the guest collections attached to it. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.11.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.12.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.13.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.14.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name

Type

Description

DATA_TYPE

string collection#1.15.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

associated_flow_policy

null or FlowAssociation

Policy describing Globus flows to run when the collection is accessed.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

​

Example
{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}
Responses
200 - Update collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Delete a collection

DELETE /api/collections/{collection_id}

Deletes a collection owned by the caller or an endpoint administrator. If the collection has the delete_protection property set to true, the collection can not be deleted.

When a collection is deleted, all collection-specific roles and sharing_policies are also deleted.

If a mapped collection is deleted, then all guest collections and roles associated them are also deleted.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

    • collection:administrator:{mapped_collection_id}

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Responses
200 - Delete collections response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

User Credentials

User Credentials

The User Credential API allows users to manage credentials needed to access storage gateways. The credentials may take different forms, based on the connector being used.

User Credentials Overview

Method API Path Description

GET

/​api/​user_credentials

List user credentials

POST

/​api/​user_credentials

Create a user credential

GET

/​api/​user_credentials/​{user_credential_id}

Get a user credential

PATCH

/​api/​user_credentials/​{user_credential_id}

Update a user credential

PUT

/​api/​user_credentials/​{user_credential_id}

Update a user credential

DELETE

/​api/​user_credentials/​{user_credential_id}

Delete a user credential

Details

List user credentials

GET /api/user_credentials

The caller may only retrieve User Credentials which were created by an identity in the caller’s identity set unless they are an administrator. If the endpoint is not public, returns ForbiddenError if the user has no credentials

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Query Parameters
Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

include

array of string all

Credentials to include. If set to all, then - credentials owned by other users are returned if the storage gateway allows admin_managed_credentials and the caller has an endpoint:administrator or endpoint:owner role.

storage_gateway

string <uuid>

ID of the Storage Gateway

Responses
200 - List user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

Create a user credential

POST /api/user_credentials

Create a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.

The caller is authorized based on the StorageGateway identity policies, so users with no assigned roles on the endpoint may be permitted to access this operation.

Request body
Content-Type: application/json

Credential information for an identity on a particular storage gateway and its related collections.

Name

Type

Description

DATA_TYPE

string user_credential#1.0.0

Type of this document

connector_id

string <uuid>

Id of the connector type used by this credential

deleted

boolean

Flag indicating that this credential has been deleted

display_name

string

Display name of the credential

id

string <uuid>

Unique id for this user credential

identity_id

string <uuid>

Globus Auth identity id that this credential is associated with

invalid

boolean

Flag indicating that this credential is no longer valid

policies

S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or S3UserCredentialPolicies_1_2_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0

Connector-specific user credential policies

provisioned

boolean

Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential.

storage_gateway_id

string <uuid>

Storage Gateway this credential is associated with

username

string

Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id.

Example
{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "s3_user_credential_policies#1.0.0",
    "s3_key_id": "string",
    "s3_secret_key": "string"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}
Responses
201 - Create user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
415 - Unsupported media type
422 - Unprocessable entity

Details

Get a user credential

GET /api/user_credentials/{user_credential_id}

Get a user credential.

The caller must have the identity_id of the user credential in its identity set.

Authorization
  • UserCredentialOwnerAuthorizer

    • {user_credential_id}

Path parameters
▷ user_credential_id

Id of the user credential

Parameter Type Description

user_credential_id (required)

string <uuid>

Id of the user credential

Responses
200 - Get user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Update a user credential

PATCH /api/user_credentials/{user_credential_id}

Update a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.

The caller must have the identity_id of the user credential in its identity set.

Authorization
  • UserCredentialOwnerAuthorizer

    • {user_credential_id}

Path parameters
▷ user_credential_id

Id of the user credential

Parameter Type Description

user_credential_id (required)

string <uuid>

Id of the user credential

Request body
Content-Type: application/json

Credential information for an identity on a particular storage gateway and its related collections.

Name

Type

Description

DATA_TYPE

string user_credential#1.0.0

Type of this document

connector_id

string <uuid>

Id of the connector type used by this credential

deleted

boolean

Flag indicating that this credential has been deleted

display_name

string

Display name of the credential

id

string <uuid>

Unique id for this user credential

identity_id

string <uuid>

Globus Auth identity id that this credential is associated with

invalid

boolean

Flag indicating that this credential is no longer valid

policies

S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or S3UserCredentialPolicies_1_2_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0

Connector-specific user credential policies

provisioned

boolean

Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential.

storage_gateway_id

string <uuid>

Storage Gateway this credential is associated with

username

string

Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id.

Example
{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "s3_user_credential_policies#1.0.0",
    "s3_key_id": "string",
    "s3_secret_key": "string"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}
Responses
200 - Update user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Update a user credential

PUT /api/user_credentials/{user_credential_id}

Update a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.

The caller must have the identity_id of the user credential in its identity set.

Authorization
  • UserCredentialOwnerAuthorizer

    • {user_credential_id}

Path parameters
▷ user_credential_id

Id of the user credential

Parameter Type Description

user_credential_id (required)

string <uuid>

Id of the user credential

Request body
Content-Type: application/json

Credential information for an identity on a particular storage gateway and its related collections.

Name

Type

Description

DATA_TYPE

string user_credential#1.0.0

Type of this document

connector_id

string <uuid>

Id of the connector type used by this credential

deleted

boolean

Flag indicating that this credential has been deleted

display_name

string

Display name of the credential

id

string <uuid>

Unique id for this user credential

identity_id

string <uuid>

Globus Auth identity id that this credential is associated with

invalid

boolean

Flag indicating that this credential is no longer valid

policies

S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or S3UserCredentialPolicies_1_2_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0

Connector-specific user credential policies

provisioned

boolean

Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential.

storage_gateway_id

string <uuid>

Storage Gateway this credential is associated with

username

string

Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id.

Example
{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "s3_user_credential_policies#1.0.0",
    "s3_key_id": "string",
    "s3_secret_key": "string"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}
Responses
200 - Update user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Delete a user credential

DELETE /api/user_credentials/{user_credential_id}

Delete a user credential.

The caller must have the identity_id of the user credential in its identity set.

Authorization
  • UserCredentialOwnerAuthorizer

    • {user_credential_id}

Path parameters
▷ user_credential_id

Id of the user credential

Parameter Type Description

user_credential_id (required)

string <uuid>

Id of the user credential

Responses
200 - Delete user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Domains

Domains

The Domains API describes the routes and data types used by the GCS Manager to provide support for custom domain and certificates for use with the GCS Manager and its collections.

Domains Overview

Method API Path Description

PUT

/​api/​collections/​{collection_id}/​domain

Set custom domain for a collection

DELETE

/​api/​collections/​{collection_id}/​domain

Delete custom domain for a collection

GET

/​api/​collections/​{collection_id}/​domain

Get custom domain for a collection

PUT

/​api/​endpoint/​domain

Set endpoint domain

DELETE

/​api/​endpoint/​domain

Delete endpoint domain

GET

/​api/​endpoint/​domain

Get endpoint domain

Details

Set custom domain for a collection

PUT /api/collections/{collection_id}/domain

Register a new custom domain and certificate to to be used to serve this collection.

The domain is used for the collection. If this is a mapped collection and the wildcard property is set to true, then all all guest collections associated with this collection that do not have a custom domain will be updated to use subdomains of that domain. Otherwise, only this collection will use that domain.

This requires an administrator role on the Endpoint

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Request body
Content-Type: application/json

Custom domain description

Name

Type

Description

DATA_TYPE

string domain#1.0.0

Type of this document

certificate

string ^(.* )?-----BEGIN CERTIFICATE-----.*

PEM-Encoded X.509 certificate for this domain

certificate_chain

string ^(.* )?-----BEGIN CERTIFICATE-----.*

PEM-Encoded X.509 certificate chain for this domain. Only needed if there are intermediate certificates that must also be sent to clients to allow them to verify the certificate. [Private]

certificate_chain_path

string ^/.*

Path to a file containing the X.509 certificate chain for this domain. This file path must contain a sequence of valid certificate and be present on each data transfer node. [Private]

certificate_path

string ^/.*

Path to a file containing the X.509 certificate for this domain. This file path must contain a valid certificate and be present on each data transfer node. [Private]

domain_name

string ^((?!-)[A-Za-z0-9-]{1,63}(?

Domain name

private_key

string ^(.* )?-----BEGIN PRIVATE KEY-----.*

PEM-Encoded private key for the certificate[Private]

private_key_path

string ^/.*

Path to a file containing the private key for this domain. This file path must contain a valid key and be present on each data transfer node. [Private]

wildcard

boolean

Flag indicating whether this is a wildcard domain or not.

When setting a custom domain for a mapped collection, the domain may optionally be a wildcard domain. If it is a wildcard domain, the guest collections will be created as subdomains of the mapped collection domain; if not, guest collections will be created as subdomains of the endpoint domain.

Example
{
  "DATA_TYPE": "domain#1.0.0",
  "certificate": "string",
  "certificate_chain": "string",
  "certificate_chain_path": "string",
  "certificate_path": "string",
  "domain_name": "string",
  "private_key": "string",
  "private_key_path": "string",
  "wildcard": true
}
Responses
200 - Set collection domain response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Delete custom domain for a collection

DELETE /api/collections/{collection_id}/domain

Delete the custom collection domain.

If this is a mapped collection, this will cause the collection to revert to a subdomain of the endpoint’s domain (if it is wildcard domain) or a subdomain of the endpoint’s data.globus.org domain. If this mapped collection has a wildcard domain when this is called, then all guest collections without custom domains will have their domains changed as well.

If this is a guest collection, and the mapped collection it was created from has a custom wildcard domain, then this collection will become a subdomain of that domain; otherwise it will revert to a subdomain of either the endpoint’s domain (if it is a wildcard domain) or a subdomain of the endpoint’s data.globus.org domain.

This requires an administrator role on the Endpoint.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Responses
200 - Delete collection domain response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Get custom domain for a collection

GET /api/collections/{collection_id}/domain

Get the custom domain document associated with this collection.

This requires an administrator role on the Endpoint

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Path parameters
▷ collection_id

Id of the collection

Parameter Type Description

collection_id (required)

string <uuid>

Id of the collection

Responses
200 - Get collection domain response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "domain#1.0.0",
      "certificate": "string",
      "certificate_chain": "string",
      "certificate_chain_path": "string",
      "certificate_path": "string",
      "domain_name": "string",
      "private_key": "string",
      "private_key_path": "string",
      "wildcard": true
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Details

Set endpoint domain

PUT /api/endpoint/domain

Register a new custom domain and certificate to to be used to serve the endpoint or collection.

The domain is used for the endpoint itself. If the wildcard property is set to true, then all all collections associated with that endpoint that do not have a custom domain will be updated to use subdomains of that domain. Otherwise, only the endpoint will use that domain.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Request body
Content-Type: application/json

Custom domain description

Name

Type

Description

DATA_TYPE

string domain#1.0.0

Type of this document

certificate

string ^(.* )?-----BEGIN CERTIFICATE-----.*

PEM-Encoded X.509 certificate for this domain

certificate_chain

string ^(.* )?-----BEGIN CERTIFICATE-----.*

PEM-Encoded X.509 certificate chain for this domain. Only needed if there are intermediate certificates that must also be sent to clients to allow them to verify the certificate. [Private]

certificate_chain_path

string ^/.*

Path to a file containing the X.509 certificate chain for this domain. This file path must contain a sequence of valid certificate and be present on each data transfer node. [Private]

certificate_path

string ^/.*

Path to a file containing the X.509 certificate for this domain. This file path must contain a valid certificate and be present on each data transfer node. [Private]

domain_name

string ^((?!-)[A-Za-z0-9-]{1,63}(?

Domain name

private_key

string ^(.* )?-----BEGIN PRIVATE KEY-----.*

PEM-Encoded private key for the certificate[Private]

private_key_path

string ^/.*

Path to a file containing the private key for this domain. This file path must contain a valid key and be present on each data transfer node. [Private]

wildcard

boolean

Flag indicating whether this is a wildcard domain or not.

When setting a custom domain for a mapped collection, the domain may optionally be a wildcard domain. If it is a wildcard domain, the guest collections will be created as subdomains of the mapped collection domain; if not, guest collections will be created as subdomains of the endpoint domain.

Example
{
  "DATA_TYPE": "domain#1.0.0",
  "certificate": "string",
  "certificate_chain": "string",
  "certificate_chain_path": "string",
  "certificate_path": "string",
  "domain_name": "string",
  "private_key": "string",
  "private_key_path": "string",
  "wildcard": true
}
Responses
200 - Set endpoint domain response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Delete endpoint domain

DELETE /api/endpoint/domain

Delete the custom endpoint domain. This will cause the endpoint to revert to using a data.globus.org domain for the GCS Manager and any collections which do not have custom domains associated with them.

This requires an administrator role on the Endpoint.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Responses
200 - Delete endpoint domain response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Get endpoint domain

GET /api/endpoint/domain

Get the custom domain document associated with this endpoint.

This requires an administrator role on the Endpoint.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

Responses
200 - Get endpoint domain response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
401 - Unauthorized
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Sharing Policies

Sharing Policies

The Sharing Restrictions Management API allows endpoint owners, endpoint administrators and collection administrators to manage sharing policies that contain information about both which users can share data and which paths in the connector’s virtual filesystem they may share. These restrictions can only be created on a mapped collection, but are enforced on guest collection creation and access.

Sharing Policies Overview

Method API Path Description

GET

/​api/​sharing_policies

List sharing policies

POST

/​api/​sharing_policies

Create a sharing policy

GET

/​api/​sharing_policies/​{sharing_policy_id}

Get a sharing policy

DELETE

/​api/​sharing_policies/​{sharing_policy_id}

Delete a sharing policy

Details

List sharing policies

GET /api/sharing_policies

List the sharing policies for a mapped collection. This may return a paginated result; the marker and page_size query parameters can be used to obtain the next page of response data for the query.

If the username query parameter is passed to this function then only the policies which are relevant to the given username are returned. This will include policies where the users property is null or contains the given username.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

Query Parameters
Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

username

string

Username to query information about

collection_id (required)

string <uuid>

ID of the collection

Responses
200 - List sharing policies response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "sharing_policy#1.0.0",
      "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "sharing_restrict_paths": {
        "DATA_TYPE": "path_restrictions#1.0.0",
        "none": [
          "string"
        ],
        "read": [
          "string"
        ],
        "read_write": [
          "string"
        ]
      },
      "users": [
        "string"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Create a sharing policy

POST /api/sharing_policies

Create a new sharing policy document for a mapped collection. This new document will be added to the set of sharing policy documents for this collection. The sharing policy documents which either have no user constraint, or match the guest collection owner are used to determine which paths are available to be shared.

This returns the policy document with the "id" field populated with the assigned ID of this policy.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

Request body
Content-Type: application/json

Sharing policies for a mapped collection.

This document type allows endpoint and collection administrators to optionally constrain sharing path policies for particular users. The sharing_restrict_paths property has a similar meaning to that of the sharing_restrict_paths in the collection document; however, it is in effect only for specific users.

If the users property is null, then the restriction applies to all users. If it is non-null, then this restriction applies only to accounts which have been mapped to the enumerated storage gateway user accounts.

Multiple sharing policies can be defined for a mapped collection. When a guest collection is created or accessed, only the policies relevant to the user which created the account are enforced.

Name

Type

Description

DATA_TYPE

string sharing_policy#1.0.0

Type of this document

collection_id

string <uuid>

Id of the mapped collection which this policy is associated with

id

string <uuid>

Unique id for this sharing policy

sharing_restrict_paths

PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. These paths are relative to the root_path property of the mapped collection.

users

array of string

List of local user accounts that this policy applies to. If omitted or null, this restriction applies to all local user accounts.

Example
{
  "DATA_TYPE": "sharing_policy#1.0.0",
  "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "sharing_restrict_paths": {
    "DATA_TYPE": "path_restrictions#1.0.0",
    "none": [
      "string"
    ],
    "read": [
      "string"
    ],
    "read_write": [
      "string"
    ]
  },
  "users": [
    "string"
  ]
}
Responses
201 - List sharing policies response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "sharing_policy#1.0.0",
      "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "sharing_restrict_paths": {
        "DATA_TYPE": "path_restrictions#1.0.0",
        "none": [
          "string"
        ],
        "read": [
          "string"
        ],
        "read_write": [
          "string"
        ]
      },
      "users": [
        "string"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
415 - Unsupported media type
422 - Unprocessable entity

Details

Get a sharing policy

GET /api/sharing_policies/{sharing_policy_id}

Get a sharing policy.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

Path parameters
▷ sharing_policy_id

Id of the sharing policy

Parameter Type Description

sharing_policy_id (required)

string <uuid>

Id of the sharing policy

Responses
200 - Get sharing policy response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "sharing_policy#1.0.0",
      "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "sharing_restrict_paths": {
        "DATA_TYPE": "path_restrictions#1.0.0",
        "none": [
          "string"
        ],
        "read": [
          "string"
        ],
        "read_write": [
          "string"
        ]
      },
      "users": [
        "string"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Delete a sharing policy

DELETE /api/sharing_policies/{sharing_policy_id}

Delete a sharing policy.

This may alter the behavior of existing guest collections, if the policies change the visible parts of the storage gateway’s virtual file system for the guest collection creator.

Authorization
  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

    • collection:administrator:{collection_id}

Path parameters
▷ sharing_policy_id

Id of the sharing policy

Parameter Type Description

sharing_policy_id (required)

string <uuid>

Id of the sharing policy

Responses
200 - Delete sharing policy response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Document Schemas

OAuthUserCredentialForm Document

Name

Type

Description

access_token

string

Unused

identity_id

string <uuid>

Globus Auth identity id that this credential is associated with

login_hint

string

Mapped account username on the storage gateway

redirect_uri

string

URL to redirect to once the credential registration flow is complete. This should be a maximum of 220 characters to avoid conflicts with connector state limits.

storage_gateway

string <uuid>

Storage gateway to associate the credential with

{
  "access_token": "string",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "login_hint": "string",
  "redirect_uri": "string",
  "storage_gateway": "84f68622-c2e1-4c80-acc9-d3be0dea5d29"
}

Account_1_0_0 Document

User account information for a particular Storage Gateway.

Name

Type

Description

DATA_TYPE

string account#1.0.0

Type of this document

identity_id

string <uuid>

Globus Auth identity which maps to this account

storage_gateway_id

string <uuid>

Storage Gateway for which this account is valid.

username

string

Connector-specific local username

{
  "DATA_TYPE": "account#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

Batch_1_0_0 Document

The Batch data type is used to specify multiple objects to operate on via a single REST API call.

Name

Type

Description

DATA_TYPE

string batch#1.0.0

Type of this document

ids

array of string <uuid>

List of object IDs to operate on

{
  "DATA_TYPE": "batch#1.0.0",
  "ids": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

AuthenticationTimeout_1_0_0 Document

Error details when a user must reauthenticate an identity in order to perform this operation.

Name

Type

Description

DATA_TYPE

string authentication_timeout#1.0.0

Type of this document

high_assurance

boolean

Boolean flag indicating whether the new authentication must be done within the same auth session as the application making the request.

identities

array of string <uuid>

List of identities that would have otherwise been authorized except that the authentication has timed out.

{
  "DATA_TYPE": "authentication_timeout#1.0.0",
  "high_assurance": true,
  "identities": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

AuthenticationTimeout_1_1_0 Document

Error details when a user must reauthenticate an identity in order to perform this operation.

Version 1.1.0 adds the require_mfa property.

Name

Type

Description

DATA_TYPE

string authentication_timeout#1.1.0

Type of this document

high_assurance

boolean

Boolean flag indicating whether the new authentication must be done within the same auth session as the application making the request.

identities

array of string <uuid>

List of identities that would have otherwise been authorized except that the authentication has timed out.

require_mfa

boolean

Flag indicating that multi-factor authentication is required. Only occurs on high assurance storage gateways.

{
  "DATA_TYPE": "authentication_timeout#1.1.0",
  "high_assurance": true,
  "identities": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ],
  "require_mfa": true
}

CheckResult_1_0_0 Document

Consistency check information

Name

Type

Description

DATA_TYPE

string check_result#1.0.0

Type of this document

error

object

Error details

id

string <uuid>

ID of the object that was checked

message

string

Message describing the error

{
  "DATA_TYPE": "check_result#1.0.0",
  "error": {},
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "message": "string"
}

Domain_1_0_0 Document

Custom domain description

Name

Type

Description

DATA_TYPE

string domain#1.0.0

Type of this document

certificate

string ^(.* )?-----BEGIN CERTIFICATE-----.*

PEM-Encoded X.509 certificate for this domain

certificate_chain

string ^(.* )?-----BEGIN CERTIFICATE-----.*

PEM-Encoded X.509 certificate chain for this domain. Only needed if there are intermediate certificates that must also be sent to clients to allow them to verify the certificate. [Private]

certificate_chain_path

string ^/.*

Path to a file containing the X.509 certificate chain for this domain. This file path must contain a sequence of valid certificate and be present on each data transfer node. [Private]

certificate_path

string ^/.*

Path to a file containing the X.509 certificate for this domain. This file path must contain a valid certificate and be present on each data transfer node. [Private]

domain_name

string ^((?!-)[A-Za-z0-9-]{1,63}(?

Domain name

private_key

string ^(.* )?-----BEGIN PRIVATE KEY-----.*

PEM-Encoded private key for the certificate[Private]

private_key_path

string ^/.*

Path to a file containing the private key for this domain. This file path must contain a valid key and be present on each data transfer node. [Private]

wildcard

boolean

Flag indicating whether this is a wildcard domain or not.

When setting a custom domain for a mapped collection, the domain may optionally be a wildcard domain. If it is a wildcard domain, the guest collections will be created as subdomains of the mapped collection domain; if not, guest collections will be created as subdomains of the endpoint domain.

{
  "DATA_TYPE": "domain#1.0.0",
  "certificate": "string",
  "certificate_chain": "string",
  "certificate_chain_path": "string",
  "certificate_path": "string",
  "domain_name": "string",
  "private_key": "string",
  "private_key_path": "string",
  "wildcard": true
}

PathRestrictions_1_0_0 Document

This object represents the path restrictions for a storage gateway or a sharing path restrictions for a mapped collection.

The values of each of the path lists in this object are interpreted using the POSIX pattern matching notation as described in fnmatch(3) with flags set to 0 with additional support for some special user-specific value interpolation:

~, $HOME

The user’s home directory if the storage gateway supports such a concept, / otherwise

$USER

The effective Storage Gateway-specific username that is being used for data access. For a Guest Collection, this is the username of the identity that created the Guest Collection.

These restrictions are evaluated at every data access. When evaluating restrictions, the user-specific interpolation is applied before the file name matching is evaluated.

Globus Connect Server evaluates its path restrictions from longest leading expression match to shortest. When pattern matching characters are present, they are considered as a lower priority match than a literal character, with more specific pattern characters given precedence. The precedence is thus literal character, bracket expression, ? (single-character wildcard), * (wildcard).

If multiple path restrictions apply, all matches are applied from longest to shortest, with the following rules for overriding values:

Path Restriction Override Precedence

longer restriction shorter restriction result
read_write
read
read_write
read_write
none
read_write
read
read_write
read_write
read
none
read
none
read_write
none
none
read
none

Name

Type

Description

DATA_TYPE

string path_restrictions#1.0.0

Type of this document

none

array of string ^[/~\$\*\?\[].*$

List of paths which are denied any access

read

array of string ^[/~\$\*\?\[].*$

List of paths which are allowed read-only access

read_write

array of string ^[/~\$\*\?\[].*$

List of paths which are allowed read-write access

{
  "DATA_TYPE": "path_restrictions#1.0.0",
  "none": [
    "string"
  ],
  "read": [
    "string"
  ],
  "read_write": [
    "string"
  ]
}

PathRestrictions Document

This object represents the path restrictions for a storage gateway or a sharing path restrictions for a mapped collection.

The values of each of the path lists in this object are interpreted using the POSIX pattern matching notation as described in fnmatch(3) with flags set to 0 with additional support for some special user-specific value interpolation:

~, $HOME

The user’s home directory if the storage gateway supports such a concept, / otherwise

$USER

The effective Storage Gateway-specific username that is being used for data access. For a Guest Collection, this is the username of the identity that created the Guest Collection.

These restrictions are evaluated at every data access. When evaluating restrictions, the user-specific interpolation is applied before the file name matching is evaluated.

Globus Connect Server evaluates its path restrictions from longest leading expression match to shortest. When pattern matching characters are present, they are considered as a lower priority match than a literal character, with more specific pattern characters given precedence. The precedence is thus literal character, bracket expression, ? (single-character wildcard), * (wildcard).

If multiple path restrictions apply, all matches are applied from longest to shortest, with the following rules for overriding values:

Path Restriction Override Precedence

longer restriction shorter restriction result
read_write
read
read_write
read_write
none
read_write
read
read_write
read_write
read
none
read
none
read_write
none
none
read
none

One of the following schemas:

  • PathRestrictions_1_0_0

​

{
  "DATA_TYPE": "path_restrictions#1.0.0",
  "none": [
    "string"
  ],
  "read": [
    "string"
  ],
  "read_write": [
    "string"
  ]
}

SharingPolicy_1_0_0 Document

Sharing policies for a mapped collection.

This document type allows endpoint and collection administrators to optionally constrain sharing path policies for particular users. The sharing_restrict_paths property has a similar meaning to that of the sharing_restrict_paths in the collection document; however, it is in effect only for specific users.

If the users property is null, then the restriction applies to all users. If it is non-null, then this restriction applies only to accounts which have been mapped to the enumerated storage gateway user accounts.

Multiple sharing policies can be defined for a mapped collection. When a guest collection is created or accessed, only the policies relevant to the user which created the account are enforced.

Name

Type

Description

DATA_TYPE

string sharing_policy#1.0.0

Type of this document

collection_id

string <uuid>

Id of the mapped collection which this policy is associated with

id

string <uuid>

Unique id for this sharing policy

sharing_restrict_paths

PathRestrictions PathRestrictions_1_0_0

Restrictions on which paths may be shared in guest collections related to this mapped collection. These paths are relative to the root_path property of the mapped collection.

users

array of string

List of local user accounts that this policy applies to. If omitted or null, this restriction applies to all local user accounts.

{
  "DATA_TYPE": "sharing_policy#1.0.0",
  "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "sharing_restrict_paths": {
    "DATA_TYPE": "path_restrictions#1.0.0",
    "none": [
      "string"
    ],
    "read": [
      "string"
    ],
    "read_write": [
      "string"
    ]
  },
  "users": [
    "string"
  ]
}

Collection_1_0_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Name

Type

Description

DATA_TYPE

string collection#1.0.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

Collection_1_1_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Name

Type

Description

DATA_TYPE

string collection#1.1.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.1.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_2_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Name

Type

Description

DATA_TYPE

string collection#1.2.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.2.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Domain Document

Custom domain description

One of the following schemas:

  • Domain_1_0_0

​

{
  "DATA_TYPE": "domain#1.0.0",
  "certificate": "string",
  "certificate_chain": "string",
  "certificate_chain_path": "string",
  "certificate_path": "string",
  "domain_name": "string",
  "private_key": "string",
  "private_key_path": "string",
  "wildcard": true
}

Collection_1_3_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Name

Type

Description

DATA_TYPE

string collection#1.3.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.3.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_4_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Name

Type

Description

DATA_TYPE

string collection#1.4.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.4.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_5_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Name

Type

Description

DATA_TYPE

string collection#1.5.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.5.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_6_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Name

Type

Description

DATA_TYPE

string collection#1.6.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.6.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_7_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Name

Type

Description

DATA_TYPE

string collection#1.7.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.7.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_8_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Name

Type

Description

DATA_TYPE

string collection#1.8.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.8.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_9_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Name

Type

Description

DATA_TYPE

string collection#1.9.0

Type of this document

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.9.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "created_at": "2019-08-24",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "last_access": "2019-08-24",
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_10_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Name

Type

Description

DATA_TYPE

string collection#1.10.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA mapped collections and used by the guest collections attached to it. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.10.0",
  "acl_expiration_mins": 0,
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "created_at": "2019-08-24",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "last_access": "2019-08-24",
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_11_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Name

Type

Description

DATA_TYPE

string collection#1.11.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.11.0",
  "acl_expiration_mins": 0,
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "created_at": "2019-08-24",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "last_access": "2019-08-24",
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_12_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Name

Type

Description

DATA_TYPE

string collection#1.12.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.12.0",
  "acl_expiration_mins": 0,
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "created_at": "2019-08-24",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "last_access": "2019-08-24",
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "restrict_transfers_to_high_assurance": "inbound",
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_13_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Name

Type

Description

DATA_TYPE

string collection#1.13.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.13.0",
  "acl_expiration_mins": 0,
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "auto_delete_timeout": 1,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "created_at": "2019-08-24",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "last_access": "2019-08-24",
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "restrict_transfers_to_high_assurance": "inbound",
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "skip_auto_delete": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

ActivityNotificationPolicy Document

Name

Type

Description

status

array of string

transfer_use

array of string

{
  "status": [
    "string"
  ],
  "transfer_use": [
    "string"
  ]
}

Collection_1_14_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Name

Type

Description

DATA_TYPE

string collection#1.14.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.14.0",
  "acl_expiration_mins": 0,
  "activity_notification_policy": {
    "status": [
      "string"
    ],
    "transfer_use": [
      "string"
    ]
  },
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "auto_delete_timeout": 1,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "created_at": "2019-08-24",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "last_access": "2019-08-24",
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "restrict_transfers_to_high_assurance": "inbound",
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "skip_auto_delete": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "subscription_admin_verified": true,
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

FlowAssociation Document

Name

Type

Description

transfer

null or FlowTransferAssociation

{
  "transfer": {}
}

FlowTransferAssociation Document

Name

Type

Description

destination

null or Flow

source

null or Flow

{
  "destination": {},
  "source": {}
}

Flow Document

Name

Type

Description

flow

string

{
  "flow": "string"
}

Collection_1_15_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Version 1.15.0 adds the associated_flow_policy property to the collection.

Name

Type

Description

DATA_TYPE

string collection#1.15.0

Type of this document

acl_expiration_mins

integer

Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.

activity_notification_policy

ActivityNotificationPolicy

allow_guest_collections

boolean

Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.

associated_flow_policy

null or FlowAssociation

Policy describing Globus flows to run when the collection is accessed.

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.

auto_delete_timeout

integer

Number of days before unused guest collections will be automatically deleted. Only settable on mapped collections. Values must be an integer greater than 0. Set to null to disable automatic guest collection deletion for the mapped collection. Defaults to disabled.

collection_base_path

string ^(/|\$HOME|~)

Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the root_path attribute on the mapped collection with the same Id as the mapped_collection_id property. This may not be changed once the collection is created.

Support for ~ was added in API version 1.21.0. [Private]

collection_type

string mapped, guest

Type of collection. A mapped collection requires an account on the system to access the administrator-defined collection. A guest collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.

connector_id

string <uuid>

Id of the connector type that is used by this collection.

contact_email

string

Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.

created_at

string <date>

Date on which this collection was created

default_directory

string ^(/|\$HOME|~)

Default directory when accessing the collection. This may include the special string $USER which is evaluated at access time to be the connector-specific username accessing the data.

If the collection is mapped collection with a collection_base_path value of /, this value can also begin with the values /~/ and $HOME, which are replaced by the user’s home directory, or / if the connector does not support the concept of a home directory. [Private]

delete_protected

boolean

If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.

deleted

boolean

Flag indicating that this collection has been deleted[Private]

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.

description

string

A description of the collection.

disable_anonymous_writes

boolean

Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.

disable_verify

boolean

Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.

display_name

string \S

Friendly name for the collection. Unicode string, max 128 characters, no new lines (\r or \n).

domain

Domain Domain_1_0_0

Custom domain description

domain_name

string

DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with m- or g-.

enable_https

boolean

Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to true on a guest collection if the value on the related mapped collection is false.

force_encryption

boolean

Flag indicating whether all data transfers to and from this collection are always encrypted.

New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.

force_verify

boolean

Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.

guest_auth_policy_id

string <uuid>

Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)

high_assurance

boolean

Flag indicating if this collection is created on a high assurance Storage Gateway.

https_url

string

HTTPS URL for the data on this collection.

id

string <uuid>

Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.

identity_id

string <uuid>

Globus Auth identity to who acts as the owner of this collection. This identity is an administrator on the collection.

info_link

string

Link to a web page with more information about the collection

keywords

array of string

List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.

last_access

string <date>

Date on which this collection was last accessed

manager_url

string

URL of the GCS Manager API service for the endpoint hosting this collection.

mapped_collection_id

string <uuid>

Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (allow_guest_collections, sharing_restrict_paths) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.

policies

S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0

Connector-specific collection policies

public

boolean

Flag indicating whether this collection is visible to other Globus users.

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.

restrict_transfers_to_high_assurance

string inbound, outbound, all

Flag indicating whether all data transfers to and from this collection require the remote collection be HA. This can only be assigned on high assurance mapped collections. High assurance guest collections inherit the restriction from their associated mapped collections. This may be set to null to disable this feature.

If a restriction is in place for a collection, then HTTPS access to it is disabled.

root_path

string

Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]

sharing_restrict_paths

null or PathRestrictions

Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]

sharing_users_allow

array of string

List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]

sharing_users_deny

array of string

List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]

skip_auto_delete

boolean

Flag indicating whether the guest collection is subject to automatic deletion if auto_delete_timeout is set on its mapped collection. Only settable on guest collections. Defaults to false.

storage_gateway_id

string <uuid>

Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.

subscription_admin_verified

boolean

Flag indicating whether the collection has been marked as verified by the administrator of the subscription associated with this endpoint.

tlsftp_url

string

TLSFTP URL for the data on this collection.

user_credential_id

string <uuid>

The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

user_message

string

A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.

user_message_link

string

Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.15.0",
  "acl_expiration_mins": 0,
  "activity_notification_policy": {
    "status": [
      "string"
    ],
    "transfer_use": [
      "string"
    ]
  },
  "allow_guest_collections": true,
  "associated_flow_policy": {},
  "authentication_timeout_mins": 0,
  "auto_delete_timeout": 1,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "created_at": "2019-08-24",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "last_access": "2019-08-24",
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "restrict_transfers_to_high_assurance": "inbound",
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "skip_auto_delete": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "subscription_admin_verified": true,
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

CollectionNotFound_1_0_0 Document

Error details when a mapped collection no longer exists when accessing a guest collection.

Name

Type

Description

DATA_TYPE

string collection_not_found#1.0.0

Type of this document

collection_id

string <uuid>

collection ID

{
  "DATA_TYPE": "collection_not_found#1.0.0",
  "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80"
}

CollectionOwner_1_0_0 Document

Schema for processing the collection_owner#1.0.0 data type

Name

Type

Description

DATA_TYPE

string collection_owner#1.0.0

Type of this document

identity_id

string <uuid>

Auth identity ID of the collection owner

{
  "DATA_TYPE": "collection_owner#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

Connector_1_0_0 Document

Connector information document

Name

Type

Description

DATA_TYPE

string connector#1.0.0

Type of this document

display_name

string

Friendly name of the connector

id

string

Unique id of this connector type

version

string ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(((0|[1-9]\d*|\d*[A-Z-a-z-][\dA-Za-z-]*))(\.(0|[1-9]\d*|\d*[A-Za-z-][\dA-Za-z-]*))*))?(\+([\dA-Za-z-]+(\.[\dA-Za-z-]*)*))?$

Semantic version of this connector implementation

{
  "DATA_TYPE": "connector#1.0.0",
  "display_name": "POSIX",
  "id": "string",
  "version": "string"
}

Connector_1_1_0 Document

Connector information document

Version 1.1.0 adds information about HA and BAA subscriptions.

Name

Type

Description

DATA_TYPE

string connector#1.1.0

Type of this document

display_name

string

Friendly name of the connector

id

string

Unique id of this connector type

is_baa

boolean

Subscription for this connector supports a BAA

is_ha

boolean

Subscription for this connector supports high assurance

version

string ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(((0|[1-9]\d*|\d*[A-Z-a-z-][\dA-Za-z-]*))(\.(0|[1-9]\d*|\d*[A-Za-z-][\dA-Za-z-]*))*))?(\+([\dA-Za-z-]+(\.[\dA-Za-z-]*)*))?$

Semantic version of this connector implementation

{
  "DATA_TYPE": "connector#1.1.0",
  "display_name": "POSIX",
  "id": "string",
  "is_baa": true,
  "is_ha": true,
  "version": "string"
}

Account Document

User account information for a particular Storage Gateway.

One of the following schemas:

  • Account_1_0_0

​

{
  "DATA_TYPE": "account#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

CredentialNotFound_1_0_0 Document

Error details when a user has attempted to use a credential when creating a collection or logging in, but there are multiple mapped identities and none of them have a valid credential.

Name

Type

Description

DATA_TYPE

string credential_not_found#1.0.0

Type of this document

accounts

array ( Account )

List of available accounts that do not have credentials registered.

{
  "DATA_TYPE": "credential_not_found#1.0.0",
  "accounts": [
    {
      "DATA_TYPE": "account#1.0.0",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ]
}

Endpoint_1_0_0 Document

A Globus Connect Server endpoint is a deployment of Globus Connect Server version 5. A single endpoint may optionally include multiple data transfer nodes. The endpoint provides a link between a Globus Connect Server deployment and the Globus Transfer service. The endpoint describes services for accessing data via GridFTP and HTTPS and also for configuring and managing the policies associated with that access.

Name

Type

Description

DATA_TYPE

string endpoint#1.0.0

Type of this document

allow_udt

boolean

Allow data transfer on this endpoint using the UDT protocol

contact_email

string

Email address of the support contact for this endpoint. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the endpoint, e.g. phone and mailing address. This is visible to end users for support.

department

string

Department within organization that runs the server(s). Searchable. Unicode string, max 1024 characters, no new lines.

description

string

A description of the endpoint

display_name

string

Friendly name for the endpoint, not unique. Unicode string, no new lines (\r or \n). Searchable.

id

string <uuid>

Unique identifier for this endpoint

gcs_manager_url

string

URL of the GCS Manager API service for this endpoint

info_link

string

Link to a web page with more information about the endpoint. The administrator is responsible for running a website at this URL and verifying that it is accepting public connections.

keywords

array of string

List of search keywords for the endpoint. Unicode string, max 1024 characters total across all strings.

max_concurrency

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

max_parallelism

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

network_use

string normal, minimal, aggressive, custom

Control how Globus interacts with this endpoint over the network.

Allowed values for network_use are:

  • normal

    • The default setting. Uses an average level of concurrency and parallelism. The levels depend on the number of physical servers in the endpoint.

  • minimal

    • Uses a minimal level of concurrency and parallelism.

  • aggressive

    • Uses a high level of concurrency and parallelism.

  • custom

    • Uses custom values of concurrency and parallelism set by the endpoint admin. When setting this level, you must also set the max_concurrency, preferred_concurrency, max_parallelism, and preferred_parallelism properties.

organization

string

Organization that runs the server(s) represented by the endpoint. Unicode string, max 1024 characters, no new lines.

preferred_concurrency

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

preferred_parallelism

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

public

boolean

Flag indicating whether this endpoint is visible to all other Globus users. If false, only users which have been granted a role on the endpoint or one of its collections, or belong to a domain allowed access to any of its storage gateways may view it.

subscription_id

string

The id of the subscription that is managing this endpoint. This may be the special value DEFAULT when using this as input to PATCH or PUT to use the caller’s default subscription id.

{
  "DATA_TYPE": "endpoint#1.0.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}

Endpoint_1_1_0 Document

A Globus Connect Server endpoint is a deployment of Globus Connect Server version 5. A single endpoint may optionally include multiple data transfer nodes. The endpoint provides a link between a Globus Connect Server deployment and the Globus Transfer service. The endpoint describes services for accessing data via GridFTP and HTTPS and also for configuring and managing the policies associated with that access.

Version 1.1.0 of the endpoint includes support for customizing the TCP port that the GridFTP listens on.

Name

Type

Description

DATA_TYPE

string endpoint#1.1.0

Type of this document

allow_udt

boolean

Allow data transfer on this endpoint using the UDT protocol

contact_email

string

Email address of the support contact for this endpoint. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the endpoint, e.g. phone and mailing address. This is visible to end users for support.

department

string

Department within organization that runs the server(s). Searchable. Unicode string, max 1024 characters, no new lines.

description

string

A description of the endpoint

display_name

string

Friendly name for the endpoint, not unique. Unicode string, no new lines (\r or \n). Searchable.

id

string <uuid>

Unique identifier for this endpoint

gcs_manager_url

string

URL of the GCS Manager API service for this endpoint

gridftp_control_channel_port

integer

TCP port for the Globus control channel to listen on. By default, the control channel is passed through 443 with an ALPN header containing the value "ftp".

info_link

string

Link to a web page with more information about the endpoint. The administrator is responsible for running a website at this URL and verifying that it is accepting public connections.

keywords

array of string

List of search keywords for the endpoint. Unicode string, max 1024 characters total across all strings.

max_concurrency

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

max_parallelism

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

network_use

string normal, minimal, aggressive, custom

Control how Globus interacts with this endpoint over the network.

Allowed values for network_use are:

  • normal

    • The default setting. Uses an average level of concurrency and parallelism. The levels depend on the number of physical servers in the endpoint.

  • minimal

    • Uses a minimal level of concurrency and parallelism.

  • aggressive

    • Uses a high level of concurrency and parallelism.

  • custom

    • Uses custom values of concurrency and parallelism set by the endpoint admin. When setting this level, you must also set the max_concurrency, preferred_concurrency, max_parallelism, and preferred_parallelism properties.

organization

string

Organization that runs the server(s) represented by the endpoint. Unicode string, max 1024 characters, no new lines.

preferred_concurrency

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

preferred_parallelism

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

public

boolean

Flag indicating whether this endpoint is visible to all other Globus users. If false, only users which have been granted a role on the endpoint or one of its collections, or belong to a domain allowed access to any of its storage gateways may view it.

subscription_id

string

The id of the subscription that is managing this endpoint. This may be the special value DEFAULT when using this as input to PATCH or PUT to use the caller’s default subscription id.

{
  "DATA_TYPE": "endpoint#1.1.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "gridftp_control_channel_port": 1,
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}

Endpoint_1_2_0 Document

A Globus Connect Server endpoint is a deployment of Globus Connect Server version 5. A single endpoint may optionally include multiple data transfer nodes. The endpoint provides a link between a Globus Connect Server deployment and the Globus Transfer service. The endpoint describes services for accessing data via GridFTP and HTTPS and also for configuring and managing the policies associated with that access.

Version 1.1.0 of the endpoint includes support for customizing the TCP port that the GridFTP listens on.

Version 1.2.0 of the endpoint includes read-only earliest_last_access to put a limit on collections which are missing a last_access value.

Name

Type

Description

DATA_TYPE

string endpoint#1.2.0

Type of this document

allow_udt

boolean

Allow data transfer on this endpoint using the UDT protocol

contact_email

string

Email address of the support contact for this endpoint. This is visible to end users so that they may contact your organization for support.

contact_info

string

Other non-email contact information for the endpoint, e.g. phone and mailing address. This is visible to end users for support.

department

string

Department within organization that runs the server(s). Searchable. Unicode string, max 1024 characters, no new lines.

description

string

A description of the endpoint

display_name

string

Friendly name for the endpoint, not unique. Unicode string, no new lines (\r or \n). Searchable.

earliest_last_access

string <date>

Earliest date when this endpoint began tracking last_access for collections

id

string <uuid>

Unique identifier for this endpoint

gcs_manager_url

string

URL of the GCS Manager API service for this endpoint

gridftp_control_channel_port

integer

TCP port for the Globus control channel to listen on. By default, the control channel is passed through 443 with an ALPN header containing the value "ftp".

info_link

string

Link to a web page with more information about the endpoint. The administrator is responsible for running a website at this URL and verifying that it is accepting public connections.

keywords

array of string

List of search keywords for the endpoint. Unicode string, max 1024 characters total across all strings.

max_concurrency

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

max_parallelism

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

network_use

string normal, minimal, aggressive, custom

Control how Globus interacts with this endpoint over the network.

Allowed values for network_use are:

  • normal

    • The default setting. Uses an average level of concurrency and parallelism. The levels depend on the number of physical servers in the endpoint.

  • minimal

    • Uses a minimal level of concurrency and parallelism.

  • aggressive

    • Uses a high level of concurrency and parallelism.

  • custom

    • Uses custom values of concurrency and parallelism set by the endpoint admin. When setting this level, you must also set the max_concurrency, preferred_concurrency, max_parallelism, and preferred_parallelism properties.

organization

string

Organization that runs the server(s) represented by the endpoint. Unicode string, max 1024 characters, no new lines.

preferred_concurrency

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

preferred_parallelism

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

public

boolean

Flag indicating whether this endpoint is visible to all other Globus users. If false, only users which have been granted a role on the endpoint or one of its collections, or belong to a domain allowed access to any of its storage gateways may view it.

subscription_id

string

The id of the subscription that is managing this endpoint. This may be the special value DEFAULT when using this as input to PATCH or PUT to use the caller’s default subscription id.

{
  "DATA_TYPE": "endpoint#1.2.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "earliest_last_access": "2019-08-24",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "gridftp_control_channel_port": 1,
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}

EndpointOwner_1_0_0 Document

Schema for processing the endpoint_owner#1.0.0 data type

Name

Type

Description

DATA_TYPE

string endpoint_owner#1.0.0

Type of this document

identity_id

string <uuid>

Auth identity ID of the endpoint owner

{
  "DATA_TYPE": "endpoint_owner#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

EndpointSubscription_1_0_0 Document

Endpoint subscription

Name

Type

Description

DATA_TYPE

string endpoint_subscription#1.0.0

Type of this document

subscription_id

string

Either the id of a Globus subscription or the special value "DEFAULT" if the caller has only one subscription associated with their identity set.

{
  "DATA_TYPE": "endpoint_subscription#1.0.0",
  "subscription_id": "string"
}

IdNotInIdentitySet_1_0_0 Document

Error details when a user has authenticated but has requested to act as an identity not in the current identity set.

Name

Type

Description

DATA_TYPE

string id_not_in_identity_set#1.0.0

Type of this document

id

string <uuid>

Requested identity ID

{
  "DATA_TYPE": "id_not_in_identity_set#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}

Info_1_0_0 Document

This document contains information about the Globus Connect Server, including its software and supported API version number.

Name

Type

Description

DATA_TYPE

string info#1.0.0

Type of this document

api_version

string ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(((0|[1-9]\d*|\d*[A-Z-a-z-][\dA-Za-z-]*))(\.(0|[1-9]\d*|\d*[A-Za-z-][\dA-Za-z-]*))*))?(\+([\dA-Za-z-]+(\.[\dA-Za-z-]*)*))?$

Semantic version of the Globus Connect Server API

client_id

string <uuid>

Client id that created the endpoint

domain_name

string

Domain name for the GCS Manager service

endpoint_id

string <uuid>

Transfer endpoint ID managed by this GCS Manager

manager_version

string ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(((0|[1-9]\d*|\d*[A-Z-a-z-][\dA-Za-z-]*))(\.(0|[1-9]\d*|\d*[A-Za-z-][\dA-Za-z-]*))*))?(\+([\dA-Za-z-]+(\.[\dA-Za-z-]*)*))?$

Globus Connect Server software version

{
  "DATA_TYPE": "info#1.0.0",
  "api_version": "string",
  "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  "domain_name": "string",
  "endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
  "manager_version": "string"
}

InvalidCredential_1_0_0 Document

Error details when the caller’s identity maps to an account with a user credential that is in an invalid state.

Name

Type

Description

DATA_TYPE

string invalid_credential#1.0.0

Type of this document

user_credential_id

string <uuid>

The ID of the user credential which needs to be fixed before this resource can be accessed.

{
  "DATA_TYPE": "invalid_credential#1.0.0",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

InvalidInputItem Document

Invalid input item details.

Name

Type

Description

property

string

Name of the property whose value contains the error, if known. May be unset depending on the error.

message

string

Error message describing the invalid input error

{
  "property": "string",
  "message": "string"
}

InvalidInput_1_0_0 Document

Error details when the caller has sent an invalid input document.

Name

Type

Description

DATA_TYPE

string invalid_input#1.0.0

Type of this document

errors

array ( InvalidInputItem )

Optional list of input schema violations, such as missing or unknown properties, or properties with invalid values.

{
  "DATA_TYPE": "invalid_input#1.0.0",
  "errors": [
    {
      "property": "string",
      "message": "string"
    }
  ]
}

InvalidUser_1_0_0 Document

Error details when the caller’s identity does not map to valid local account.

Name

Type

Description

DATA_TYPE

string invalid_user#1.0.0

Type of this document

usernames

array of string

List of connector-specific usernames

{
  "DATA_TYPE": "invalid_user#1.0.0",
  "usernames": [
    "string"
  ]
}

ExternalIdentityMapping_1_0_0 Document

The ExternalIdentityMapping defines the path and arguments of an external program to map an identity to a storage-gateway specific user account name. The specified command will be called to map Globus Auth identity data to a connector-specific list of account names.

Name

Type

Description

DATA_TYPE

string external_identity_mapping#1.0.0

Type of this document

command

array of string

The mapping command and its command-line arguments. In addition to these arguments, the following will also be passed to the program.

-c CONNECTOR_ID
The ID of the connector that the mapping is being done in the context of.
-s STORAGE_GATEWAY_ID
The ID of the storage gateway that the mapping is being done in the context of.
-a
This option is a flag that indicates that the GCS Manager wants to receive output containing all mappings for the given identity set. If not present, the program will receive exactly one object in the identities array and may only return a single mapping for that identity.
{
  "DATA_TYPE": "external_identity_mapping#1.0.0",
  "command": [
    "string"
  ]
}

MappingExpression Document

The MappingExpression document type contains information about a mapping expression, including the input, match, output, and flags used to process this expression.

Name

Type

Description

ignore_case

boolean

Flag indicating the match should be executed as a case insensitive comparison. If not present, this defaults to false.

literal

boolean

Flag indicating the match expression should be done as a literal match, ignoring any special regular characters. If not present, this defaults to false.

match

string

An expression which is applied to the output performing interpolation on source for determining if this mapping applies. This requires a full string match on the source.

output

string

A string representing the result of the mapping if the match succeeded. References to the original identity_set data can be interpolated as in the source property. References to match groups from the match property can be interpolated with numbers (indices starting with 0) surrounded by curly brackets {}.

source

string

A string comprised of text plus identity set data field names surrounded by curly brackets {} which are interpolated into the text.

{
  "ignore_case": true,
  "literal": true,
  "match": "string",
  "output": "string",
  "source": "string"
}

ExpressionIdentityMapping_1_0_0 Document

The ExpressionIdentityMapping defines a set of identity mapping expressions to map Globus Auth identity data to a connector-specific list of account names.

Name

Type

Description

DATA_TYPE

string expression_identity_mapping#1.0.0

Type of this document

mappings

array ( MappingExpression )

Array of expression-based identity mapping values

{
  "DATA_TYPE": "expression_identity_mapping#1.0.0",
  "mappings": [
    {
      "ignore_case": true,
      "literal": true,
      "match": "string",
      "output": "string",
      "source": "string"
    }
  ]
}

LimitExceeded_1_0_0 Document

Error details when a user would be authorized, but the endpoint has reached a hard resource limit on the type of object being created.

Name

Type

Description

DATA_TYPE

string limit_exceeded#1.0.0

Type of this document

{
  "DATA_TYPE": "limit_exceeded#1.0.0"
}

MissingRoleEntrySchema Document

Missing required role details.

Name

Type

Description

collection

string <uuid>

The collection which the role must apply to. If omitted, the role must apply to an endpoint.

role

string owner, administrator, access_manager, activity_manager, activity_monitor, access_monitor

{
  "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
  "role": "owner"
}

MissingRequiredRole_1_0_0 Document

Error details when a user has authenticated but lacks a role to be able to perform the requested operation.

Name

Type

Description

DATA_TYPE

string missing_required_role#1.0.0

Type of this document

roles

array ( MissingRoleEntrySchema )

List of roles authorized to perform this operation

{
  "DATA_TYPE": "missing_required_role#1.0.0",
  "roles": [
    {
      "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
      "role": "owner"
    }
  ]
}

MissingRequiredScopes_1_0_0 Document

Error details when a user has authenticated but lacks an OAuth scope to be able to perform the requested operation.

Name

Type

Description

DATA_TYPE

string missing_required_scopes#1.0.0

Type of this document

required_scopes

array of string

List of OAuth scope names

{
  "DATA_TYPE": "missing_required_scopes#1.0.0",
  "required_scopes": [
    "string"
  ]
}

Node_1_0_0 Document

Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as data transfer nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.

Name

Type

Description

DATA_TYPE

string node#1.0.0

Type of this document

id

string <uuid>

Unique id string this node. This is system generated and may not be included in create requests.

incoming_port_range

array of integer

Allowed port range for incoming TCP data connections

ip_addresses

array of string

List of IP addresses for this node

outgoing_port_range

array of integer

Port range used as the source for outgoing TCP data connections

status

string active, inactive

Current status of the Node. If a Node is marked inactive, it will be removed from the DNS entries for this endpoint and will return an error on any attempt to use the Manager API or attempt a Transfer using this node.

{
  "DATA_TYPE": "node#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}

Node_1_1_0 Document

Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as data transfer nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.

Version 1.1.0 adds support for setting the data interface on a node.

Name

Type

Description

DATA_TYPE

string node#1.1.0

Type of this document

data_interface

string

IP address on which this node listens for data transfers

id

string <uuid>

Unique id string this node. This is system generated and may not be included in create requests.

incoming_port_range

array of integer

Allowed port range for incoming TCP data connections

ip_addresses

array of string

List of IP addresses for this node

outgoing_port_range

array of integer

Port range used as the source for outgoing TCP data connections

status

string active, inactive

Current status of the Node. If a Node is marked inactive, it will be removed from the DNS entries for this endpoint and will return an error on any attempt to use the Manager API or attempt a Transfer using this node.

{
  "DATA_TYPE": "node#1.1.0",
  "data_interface": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}

Node_1_2_0 Document

Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as data transfer nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.

Version 1.1.0 adds support for setting the data interface on a node.

Version 1.2.0 adds support for setting an IPv6 data interface on a node.

Name

Type

Description

DATA_TYPE

string node#1.2.0

Type of this document

data_interface

string

IP address on which this node listens for data transfers

data_interface6

string

IPv6 address on which this node listens for data transfers

id

string <uuid>

Unique id string this node. This is system generated and may not be included in create requests.

incoming_port_range

array of integer

Allowed port range for incoming TCP data connections

ip_addresses

array of string

List of IP addresses for this node

outgoing_port_range

array of integer

Port range used as the source for outgoing TCP data connections

status

string active, inactive

Current status of the Node. If a Node is marked inactive, it will be removed from the DNS entries for this endpoint and will return an error on any attempt to use the Manager API or attempt a Transfer using this node.

{
  "DATA_TYPE": "node#1.2.0",
  "data_interface": "string",
  "data_interface6": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}

NotFromAllowedDomain_1_0_0 Document

Error details when a user has authenticated but does not have an identity from the required domain to perform the requested action.

Name

Type

Description

DATA_TYPE

string not_from_allowed_domain#1.0.0

Type of this document

allowed_domains

array of string

List of domains allowed by this resource

{
  "DATA_TYPE": "not_from_allowed_domain#1.0.0",
  "allowed_domains": [
    "string"
  ]
}

NotResourceOwner_1_0_0 Document

Error details when a user has authenticated but is not the owner of the resource being acted upon.

Name

Type

Description

DATA_TYPE

string not_resource_owner#1.0.0

Type of this document

id

string <uuid>

Identity ID of the owner of the resource

{
  "DATA_TYPE": "not_resource_owner#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}

SubscriptionAdminVerified_1_0_0 Document

Subscription Admin Verified

Name

Type

Description

DATA_TYPE

string subscription_admin_verified#1.0.0

Type of this document

subscription_admin_verified

boolean

Value of the subscription_admin_verified property of a collection. This can be set or cleared by a subscription group administrator.

{
  "DATA_TYPE": "subscription_admin_verified#1.0.0",
  "subscription_admin_verified": true
}

OwnerString_1_0_0 Document

Owner string document

Name

Type

Description

DATA_TYPE

string owner_string#1.0.0

Type of this document

identity_id

string <uuid>

Globus Auth Identity id

{
  "DATA_TYPE": "owner_string#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

Result_1_0_0 Document

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name

Type

Description

DATA_TYPE

string result#1.0.0

Type of this document

code

string

String response code

data

array of object

detail

any type

has_next_page

boolean

Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.

http_response_code

integer

Numeric HTTP response code

marker

string

Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has has_next_page set to true.

message

string

Message describing this result

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

Result_1_1_0 Document

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

Name

Type

Description

DATA_TYPE

string result#1.1.0

Type of this document

authorization_parameters

object

code

string

String response code

data

array of object

detail

any type

has_next_page

boolean

Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.

http_response_code

integer

Numeric HTTP response code

marker

string

Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has has_next_page set to true.

message

string

Message describing this result

{
  "DATA_TYPE": "result#1.1.0",
  "authorization_parameters": {
    "property1": null,
    "property2": null
  },
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

ResourceConflict_1_0_0 Document

Error details when the caller has attempted to update an object that results in a conflict with some other object.

Name

Type

Description

DATA_TYPE

string resource_conflict#1.0.0

Type of this document

resources

array of string <uuid>

List of other resources which conflict with this proposed change.

{
  "DATA_TYPE": "resource_conflict#1.0.0",
  "resources": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

Role_1_0_0 Document

The "Role" document type represents the assignment of a role on an Endpoint or Collection to a Globus identity or group.

Name

Type

Description

DATA_TYPE

string role#1.0.0

Type of this document

id

string <uuid>

Unique id string for this role assignment. This is system generated and should not be included in create requests.

principal

string ^(urn:globus:auth:identity|urn:globus:groups:id):([a-f0-9-]*)$

Globus Auth identity or group id URN

collection

string <uuid>

Collection Id. This value is omitted when creating an endpoint role or when creating role definitions when creating "collections.

role

string owner, administrator, access_manager, activity_manager, activity_monitor, access_monitor

Role assigned to the principal

{
  "DATA_TYPE": "role#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "principal": "string",
  "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
  "role": "owner"
}

IdentityMapping Document

Globus Connect Server provides two ways for you to implement a custom Globus identity to account mapping: expression-based and external program

With expression-based mapping you can write rules that extract data from fields in the Globus identity document to form storage gateway-specific usernames. If there is a regular relationship between most of your users' Identity information to their account names, this is probably the most direct way to accomplish the mapping.

With external program mappings you can use any mechanism you like (static mapping, ldap, database, etc) to look up account information and return the mapped account user name. If you have an account system that has usernames without a simple relationship to your users' Globus identities, or that requires interfacing with an accounting system, this may be necessary.

One of the following schemas:

  • ExternalIdentityMapping_1_0_0

  • ExpressionIdentityMapping_1_0_0

​

{
  "DATA_TYPE": "external_identity_mapping#1.0.0",
  "command": [
    "string"
  ]
}

StorageGateway_1_0_0 Document

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Name

Type

Description

DATA_TYPE

string storage_gateway#1.0.0

Type of this document

allowed_domains

array of string

List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.

authentication_assurance_timeout (deprecated)

integer

Alias for authentication_timeout_mins[Private]

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway.

For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.

connector_id

string <uuid>

Id of the connector type that this storage gateway interacts with.

deleted

boolean

Flag indicating that this storage gateway has been deleted[Private]

display_name

string

Name of the storage gateway

high_assurance

boolean

Flag indicating if the storage_gateway requires high assurance features.

id

string <uuid>

Unique id for this storage gateway

identity_mappings

array ( IdentityMapping )

List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]

load_dsi_module

string

Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]

policies

S3StoragePolicies_1_0_0 or S3StoragePolicies_1_1_0 or S3StoragePolicies_1_2_0 or AzureBlobStoragePolicies_1_0_0 or AzureBlobStoragePolicies_1_1_0 or BlackPearlStoragePolicies_1_0_0 or BoxStorage_1_0_0 or BoxStorage_1_1_0 or BoxStorage_1_2_0 or CephStoragePolicies_1_0_0 or DropboxStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_1_0 or GoogleDriveStoragePolicies_1_0_0 or GoogleDriveStoragePolicies_1_1_0 or HPSSStoragePolicies_1_0_0 or HPSSStoragePolicies_1_1_0 or IrodsStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_1_0 or PosixStoragePolicies_1_0_0 or PosixStagingStoragePolicies_1_0_0

Connector-specific storage policies

process_user

string

Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]

require_high_assurance (deprecated)

boolean

Alias for high_assurance

restrict_paths

null or PathRestrictions

Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]

users_allow

array of string

List of connector-specific usernames allowed to access this storage gateway. [Private]

users_deny

array of string

List of connector-specific usernames denied access to this storage gateway. [Private]

{
  "DATA_TYPE": "storage_gateway#1.0.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

StorageGateway_1_1_0 Document

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Name

Type

Description

DATA_TYPE

string storage_gateway#1.1.0

Type of this document

allowed_domains

array of string

List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.

authentication_assurance_timeout (deprecated)

integer

Alias for authentication_timeout_mins[Private]

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway.

For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.

connector_id

string <uuid>

Id of the connector type that this storage gateway interacts with.

deleted

boolean

Flag indicating that this storage gateway has been deleted[Private]

display_name

string

Name of the storage gateway

high_assurance

boolean

Flag indicating if the storage_gateway requires high assurance features.

id

string <uuid>

Unique id for this storage gateway

identity_mappings

array ( IdentityMapping )

List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]

load_dsi_module

string

Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]

policies

S3StoragePolicies_1_0_0 or S3StoragePolicies_1_1_0 or S3StoragePolicies_1_2_0 or AzureBlobStoragePolicies_1_0_0 or AzureBlobStoragePolicies_1_1_0 or BlackPearlStoragePolicies_1_0_0 or BoxStorage_1_0_0 or BoxStorage_1_1_0 or BoxStorage_1_2_0 or CephStoragePolicies_1_0_0 or DropboxStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_1_0 or GoogleDriveStoragePolicies_1_0_0 or GoogleDriveStoragePolicies_1_1_0 or HPSSStoragePolicies_1_0_0 or HPSSStoragePolicies_1_1_0 or IrodsStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_1_0 or PosixStoragePolicies_1_0_0 or PosixStagingStoragePolicies_1_0_0

Connector-specific storage policies

process_user

string

Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]

require_high_assurance (deprecated)

boolean

Alias for high_assurance

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only usable on high assurance storage gateways.

restrict_paths

null or PathRestrictions

Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]

users_allow

array of string

List of connector-specific usernames allowed to access this storage gateway. [Private]

users_deny

array of string

List of connector-specific usernames denied access to this storage gateway. [Private]

{
  "DATA_TYPE": "storage_gateway#1.1.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "require_mfa": false,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

StorageGateway_1_2_0 Document

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Name

Type

Description

DATA_TYPE

string storage_gateway#1.2.0

Type of this document

admin_managed_credentials

boolean

Flag indicating if the storage_gateway allows endpoint administrators to manage user credentials on behalf of other users.

allowed_domains

array of string

List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.

authentication_assurance_timeout (deprecated)

integer

Alias for authentication_timeout_mins[Private]

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway.

For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.

connector_id

string <uuid>

Id of the connector type that this storage gateway interacts with.

deleted

boolean

Flag indicating that this storage gateway has been deleted[Private]

display_name

string

Name of the storage gateway

high_assurance

boolean

Flag indicating if the storage_gateway requires high assurance features.

id

string <uuid>

Unique id for this storage gateway

identity_mappings

array ( IdentityMapping )

List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]

load_dsi_module

string

Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]

policies

S3StoragePolicies_1_0_0 or S3StoragePolicies_1_1_0 or S3StoragePolicies_1_2_0 or AzureBlobStoragePolicies_1_0_0 or AzureBlobStoragePolicies_1_1_0 or BlackPearlStoragePolicies_1_0_0 or BoxStorage_1_0_0 or BoxStorage_1_1_0 or BoxStorage_1_2_0 or CephStoragePolicies_1_0_0 or DropboxStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_1_0 or GoogleDriveStoragePolicies_1_0_0 or GoogleDriveStoragePolicies_1_1_0 or HPSSStoragePolicies_1_0_0 or HPSSStoragePolicies_1_1_0 or IrodsStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_1_0 or PosixStoragePolicies_1_0_0 or PosixStagingStoragePolicies_1_0_0

Connector-specific storage policies

process_user

string

Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]

require_high_assurance (deprecated)

boolean

Alias for high_assurance

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only usable on high assurance storage gateways.

restrict_paths

null or PathRestrictions

Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]

users_allow

array of string

List of connector-specific usernames allowed to access this storage gateway. [Private]

users_deny

array of string

List of connector-specific usernames denied access to this storage gateway. [Private]

{
  "DATA_TYPE": "storage_gateway#1.2.0",
  "admin_managed_credentials": false,
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "require_mfa": false,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

StorageGateway_1_3_0 Document

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.

Name

Type

Description

DATA_TYPE

string storage_gateway#1.3.0

Type of this document

admin_managed_credentials

boolean

Flag indicating if the storage_gateway allows endpoint administrators to manage user credentials on behalf of other users.

allowed_domains

array of string

List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.

authentication_assurance_timeout (deprecated)

integer

Alias for authentication_timeout_mins[Private]

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway.

For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.

connector_id

string <uuid>

Id of the connector type that this storage gateway interacts with.

deleted

boolean

Flag indicating that this storage gateway has been deleted[Private]

display_name

string

Name of the storage gateway

high_assurance

boolean

Flag indicating if the storage_gateway requires high assurance features.

id

string <uuid>

Unique id for this storage gateway

identity_mappings

array ( IdentityMapping )

List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]

load_dsi_module

string

Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]

max_concurrency

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

max_parallelism

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

network_use

string normal, minimal, aggressive, custom

Control how Globus interacts with this endpoint over the network.

Allowed values for network_use are:

  • normal

    • The default setting. Uses an average level of concurrency and parallelism. The levels depend on the number of physical servers in the endpoint.

  • minimal

    • Uses a minimal level of concurrency and parallelism.

  • aggressive

    • Uses a high level of concurrency and parallelism.

  • custom

    • Uses custom values of concurrency and parallelism set by the endpoint admin. When setting this level, you must also set the max_concurrency, preferred_concurrency, max_parallelism, and preferred_parallelism properties.

policies

S3StoragePolicies_1_0_0 or S3StoragePolicies_1_1_0 or S3StoragePolicies_1_2_0 or AzureBlobStoragePolicies_1_0_0 or AzureBlobStoragePolicies_1_1_0 or BlackPearlStoragePolicies_1_0_0 or BoxStorage_1_0_0 or BoxStorage_1_1_0 or BoxStorage_1_2_0 or CephStoragePolicies_1_0_0 or DropboxStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_1_0 or GoogleDriveStoragePolicies_1_0_0 or GoogleDriveStoragePolicies_1_1_0 or HPSSStoragePolicies_1_0_0 or HPSSStoragePolicies_1_1_0 or IrodsStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_1_0 or PosixStoragePolicies_1_0_0 or PosixStagingStoragePolicies_1_0_0

Connector-specific storage policies

preferred_concurrency

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

preferred_parallelism

integer

Admin-specified value when the network_use property’s value is custom; otherwise the preset value for the specified network_use.

process_user

string

Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]

require_high_assurance (deprecated)

boolean

Alias for high_assurance

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only usable on high assurance storage gateways.

restrict_paths

null or PathRestrictions

Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]

users_allow

array of string

List of connector-specific usernames allowed to access this storage gateway. [Private]

users_deny

array of string

List of connector-specific usernames denied access to this storage gateway. [Private]

{
  "DATA_TYPE": "storage_gateway#1.3.0",
  "admin_managed_credentials": false,
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "process_user": "string",
  "require_high_assurance": true,
  "require_mfa": false,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

StorageGatewayNotFound_1_0_0 Document

Error details when a storage gateway no longer exists when accessing a collection.

Name

Type

Description

DATA_TYPE

string storage_gateway_not_found#1.0.0

Type of this document

storage_gateway_id

string <uuid>

Storage gateway ID

{
  "DATA_TYPE": "storage_gateway_not_found#1.0.0",
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb"
}

SubscriptionRequired_1_0_0 Document

Error details when the caller has attempted to access a feature not supported by the endpoint’s subscription.

Name

Type

Description

DATA_TYPE

string subscription_required#1.0.0

Type of this document

add_ons

array of string

List of subscription add-ons required for this feature

subscription_level

string

Level of subscription required for this feature

{
  "DATA_TYPE": "subscription_required#1.0.0",
  "add_ons": [
    "string"
  ],
  "subscription_level": "string"
}

UserCredential_1_0_0 Document

Credential information for an identity on a particular storage gateway and its related collections.

Name

Type

Description

DATA_TYPE

string user_credential#1.0.0

Type of this document

connector_id

string <uuid>

Id of the connector type used by this credential

deleted

boolean

Flag indicating that this credential has been deleted

display_name

string

Display name of the credential

home_directory

string

The home directory of this account associated with this credential[Private]

id

string <uuid>

Unique id for this user credential

identity_id

string <uuid>

Globus Auth identity id that this credential is associated with

invalid

boolean

Flag indicating that this credential is no longer valid

policies

S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or S3UserCredentialPolicies_1_2_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0

Connector-specific user credential policies

provisioned

boolean

Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential.

storage_gateway_id

string <uuid>

Storage Gateway this credential is associated with

username

string

Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id.

{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "s3_user_credential_policies#1.0.0",
    "s3_key_id": "string",
    "s3_secret_key": "string"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

S3StoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the S3 connector

Name

Type

Description

DATA_TYPE

string s3_storage_policies#1.0.0

Type of this document

s3_buckets

array of string

List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this storage gateway.

s3_endpoint

string

URL of the S3 API endpoint

s3_user_credential_required

boolean

Flag indicating if a Globus User must register a user credential in order to create a guest collection on this storage gateway.

{
  "DATA_TYPE": "s3_storage_policies#1.0.0",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_user_credential_required": true
}

S3StoragePolicies_1_1_0 Document

Connector-specific storage gateway policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property

Name

Type

Description

DATA_TYPE

string s3_storage_policies#1.1.0

Type of this document

s3_buckets

array of string

List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this storage gateway.

s3_endpoint

string

URL of the S3 API endpoint

s3_requester_pays

boolean

Flag indicating that S3 operations will be charged to the account of the registered credentials. Credentials used with a storage gateway that has the s3_requester_pays property set to true are invalid unless they also have this property set to true as an acknowledgement.

s3_user_credential_required

boolean

Flag indicating if a Globus User must register a user credential in order to create a guest collection on this storage gateway.

{
  "DATA_TYPE": "s3_storage_policies#1.1.0",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_requester_pays": true,
  "s3_user_credential_required": true
}

S3StoragePolicies_1_2_0 Document

Connector-specific storage gateway policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property

Version 1.2.0 adds support for the s3_allow_multi_keys property

Name

Type

Description

DATA_TYPE

string s3_storage_policies#1.2.0

Type of this document

s3_allow_multi_keys

boolean

Allow users of this gateway to add multiple s3 IAM keys to their credentials

s3_buckets

array of string

List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this storage gateway.

s3_endpoint

string

URL of the S3 API endpoint

s3_requester_pays

boolean

Flag indicating that S3 operations will be charged to the account of the registered credentials. Credentials used with a storage gateway that has the s3_requester_pays property set to true are invalid unless they also have this property set to true as an acknowledgement.

s3_user_credential_required

boolean

Flag indicating if a Globus User must register a user credential in order to create a guest collection on this storage gateway.

{
  "DATA_TYPE": "s3_storage_policies#1.2.0",
  "s3_allow_multi_keys": true,
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_requester_pays": true,
  "s3_user_credential_required": true
}

S3CollectionPolicies_1_0_0 Document

Connector-specific collection policies for the S3 connector

Name

Type

Description

DATA_TYPE

string s3_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "s3_collection_policies#1.0.0"
}

S3UserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the S3 connector

Name

Type

Description

DATA_TYPE

string s3_user_credential_policies#1.0.0

Type of this document

s3_key_id

string

Access Key ID to use with the S3 API to access your buckets and objects.

s3_secret_key

string

Secret key to use with the S3 API to access your buckets and objects. [Private]

{
  "DATA_TYPE": "s3_user_credential_policies#1.0.0",
  "s3_key_id": "string",
  "s3_secret_key": "string"
}

S3UserCredentialPolicies_1_1_0 Document

Connector-specific user credential policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property.

Name

Type

Description

DATA_TYPE

string s3_user_credential_policies#1.1.0

Type of this document

s3_key_id

string

Access Key ID to use with the S3 API to access your buckets and objects.

s3_requester_pays

boolean

Flag indicating the user acknowledges S3 operations will be charged to the account of this credential. If this flag is true in the storage gateway policy, this must also be true or the credential will be invalid.

s3_secret_key

string

Secret key to use with the S3 API to access your buckets and objects. [Private]

{
  "DATA_TYPE": "s3_user_credential_policies#1.1.0",
  "s3_key_id": "string",
  "s3_requester_pays": true,
  "s3_secret_key": "string"
}

S3KeysPrefixPaths_1_0_0 Document

Name

Type

Description

path_prefixes

array of string

A list of matching prefix strings. When a S3 object is being accessed its virtual path <bucket>/<object> is matched against each string in this list. If the virtual path starts with a value in this list then the s3 keys in this object will be used.

s3_key_id

string

Access Key ID to use with the S3 API to access your buckets and objects.

s3_secret_key

string

Secret key to use with the S3 API to access your buckets and objects. If set to null when calling PATCH it indicates that this entry should be deleted. [Private]

{
  "path_prefixes": [
    "string"
  ],
  "s3_key_id": "string",
  "s3_secret_key": "string"
}

S3UserCredentialPolicies_1_2_0 Document

Connector-specific user credential policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property.

Version 1.2.0 adds support for the s3_multi_keys property list.

Name

Type

Description

DATA_TYPE

string s3_user_credential_policies#1.2.0

Type of this document

s3_key_id

string

Access Key ID to use with the S3 API to access your buckets and objects.

s3_multi_keys

array ( S3KeysPrefixPaths_1_0_0 )

A list of path prefixes and S3 key pairs to use with them.

s3_requester_pays

boolean

Flag indicating the user acknowledges S3 operations will be charged to the account of this credential. If this flag is true in the storage gateway policy, this must also be true or the credential will be invalid.

s3_secret_key

string

Secret key to use with the S3 API to access your buckets and objects. [Private]

{
  "DATA_TYPE": "s3_user_credential_policies#1.2.0",
  "s3_key_id": "string",
  "s3_multi_keys": [
    {
      "path_prefixes": [
        "string"
      ],
      "s3_key_id": "string",
      "s3_secret_key": "string"
    }
  ],
  "s3_requester_pays": true,
  "s3_secret_key": "string"
}

AzureBlobStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the AzureBlob connector

Name

Type

Description

DATA_TYPE

string azure_blob_storage_policies#1.0.0

Type of this document

account

string

Azure Storage account to access with this storage gateway[Private]

adls

boolean

Flag indicating the Azure storage account has enabled Azure Data Lake Gen2 hierarchical namespace support. [Private]

auth_callback

string

URL of the auth callback that must be registered on the Microsoft API console for the application client_id in order to process Microsoft credentials.

auth_type

string

The method of authentication to Azure. "user" prompts the user to log in to their Microsoft account via an oauth2 flow. "service_principal" uses the configured client_id and client_secret values to authenticate as an Azure service principal.

client_id

string

Client ID registered with the Azure console to access Azure Blob. [Private]

secret

string

Secret created in the Azure console to access Azure Blob with the client_id in this policy. [Private]

tenant

string

Tenant id of the Microsoft organization[Private]

user_credential_required

boolean

Flag indicating whether users must register a credential. If true (or if this property is missing), this storage gateway is configured for OAuth2 user authentication. If false, authentication is configured by the admin.

{
  "DATA_TYPE": "azure_blob_storage_policies#1.0.0",
  "account": "string",
  "adls": true,
  "auth_callback": "string",
  "auth_type": "string",
  "client_id": "string",
  "secret": "string",
  "tenant": "string",
  "user_credential_required": true
}

AzureBlobStoragePolicies_1_1_0 Document

Connector-specific storage gateway policies for the AzureBlob connector

Name

Type

Description

DATA_TYPE

string azure_blob_storage_policies#1.1.0

Type of this document

account

string

Azure Storage account to access with this storage gateway[Private]

adls

boolean

Flag indicating the Azure storage account has enabled Azure Data Lake Gen2 hierarchical namespace support. [Private]

allow_any_account

boolean

If true, allow users to access personal or external Microsoft accounts. If false (the default), users must use the Microsoft account which matches the username their Globus credential maps to.

auth_callback

string

URL of the auth callback that must be registered on the Microsoft API console for the application client_id in order to process Microsoft credentials.

auth_type

string

The method of authentication to Azure. "user" prompts the user to log in to their Microsoft account via an oauth2 flow. "service_principal" uses the configured client_id and client_secret values to authenticate as an Azure service principal.

client_id

string

Client ID registered with the Azure console to access Azure Blob. [Private]

secret

string

Secret created in the Azure console to access Azure Blob with the client_id in this policy. [Private]

tenant

string

Tenant id of the Microsoft organization[Private]

user_credential_required

boolean

Flag indicating whether users must register a credential. If true (or if this property is missing), this storage gateway is configured for OAuth2 user authentication. If false, authentication is configured by the admin.

{
  "DATA_TYPE": "azure_blob_storage_policies#1.1.0",
  "account": "string",
  "adls": true,
  "allow_any_account": true,
  "auth_callback": "string",
  "auth_type": "string",
  "client_id": "string",
  "secret": "string",
  "tenant": "string",
  "user_credential_required": true
}

AzureBlobCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the AzureBlob connector

Name

Type

Description

DATA_TYPE

string azure_blob_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
}

AzureBlobUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the AzureBlob connector

Name

Type

Description

DATA_TYPE

string azure_blob_user_credential_policies#1.0.0

Type of this document

access_token

string

OAuth access token[Private]

email

string

OAuth email claim

refresh_token

string

OAuth refresh_token token[Private]

scopes

array of string

OAuth scopes associated with this access token

sub

string

OAuth subject identifier claim

tid

string

Tenant id

token_expiry

string <date-time>

OAuth access token expiration time

{
  "DATA_TYPE": "azure_blob_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "string"
  ],
  "sub": "string",
  "tid": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

BlackPearlStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the Blackpearl connector

Name

Type

Description

DATA_TYPE

string blackpearl_storage_policies#1.0.0

Type of this document

bp_access_id_file

string

Path to the file which provides mappings from usernames within the configured identity domain to the ID and secret associated with the user’s BlackPearl account [Private]

s3_endpoint

string

The URL of the S3 endpoint of the BlackPearl appliance to use to access collections on this Storage Gateway.

{
  "DATA_TYPE": "blackpearl_storage_policies#1.0.0",
  "bp_access_id_file": "string",
  "s3_endpoint": "string"
}

BlackPearlCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the BlackPearl connector

Name

Type

Description

DATA_TYPE

string blackpearl_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "blackpearl_collection_policies#1.0.0"
}

BlackPearlUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the Blackpearl connector

Name

Type

Description

DATA_TYPE

string blackpearl_user_credential_policies#1.0.0

Type of this document

access_id

string

BlackPearl access id

secret_key

string

BlackPearl secret key[Private]

{
  "DATA_TYPE": "blackpearl_user_credential_policies#1.0.0",
  "access_id": "string",
  "secret_key": "string"
}

BoxAppSettings Document

Values from the Box JWT client configuration that the storage gateway uses to identify and authenticate with the Box API. This is only set when configuring the storage gateway for Box enterprise authentication.

Name

Type

Description

appAuth

BoxAppAuth

Box application keys

clientID

string

Application client ID

clientSecret

string

Application client secret

{
  "appAuth": {
    "passphrase": "string",
    "privateKey": "string",
    "publicKeyID": "string"
  },
  "clientID": "string",
  "clientSecret": "string"
}

BoxAppAuth Document

Key information used to perform JWT grants for using the Box API

Name

Type

Description

passphrase

string

Passphrase to decrypt the private key

privateKey

string

Private key

publicKeyID

string

ID of the public key

{
  "passphrase": "string",
  "privateKey": "string",
  "publicKeyID": "string"
}

BoxStorage_1_0_0 Document

Connector-specific storage gateway policies for the Box connector.

Name

Type

Description

DATA_TYPE

string box_storage_policies#1.0.0

Type of this document

boxAppSettings

BoxAppSettings

Box Application settings[Private]

enterpriseID

string

Identifies which Box Enterprise this storage gateway is authorized access to. This is only set when configuring the storage gateway for Box enterprise authentication. [Private]

{
  "DATA_TYPE": "box_storage_policies#1.0.0",
  "boxAppSettings": {
    "appAuth": {
      "passphrase": "string",
      "privateKey": "string",
      "publicKeyID": "string"
    },
    "clientID": "string",
    "clientSecret": "string"
  },
  "enterpriseID": "string"
}

BoxStorage_1_1_0 Document

Connector-specific storage gateway policies for the Box connector.

Name

Type

Description

DATA_TYPE

string box_storage_policies#1.1.0

Type of this document

auth_callback

string

URL of the auth callback that must be set on the Box developer console for the Box application of client_id.

boxAppSettings

BoxAppSettings

Values from the Box JWT client configuration that the storage gateway uses to identify and authenticate with the Box API. This is only set when configuring the storage gateway for Box enterprise authentication.

client_id

string

Client ID of the Box OAuth2 application registered on the Box developer console. This is only set when configuring the storage gateway for OAuth2 user authentication. [Private]

enterpriseID

string

Identifies which Box Enterprise this storage gateway is authorized access to. This is only set when configuring the storage gateway for Box enterprise authentication. [Private]

secret

string

Secret associated with the client_id set in this policy. This is only set when configuring the storage gateway for OAuth2 user authentication. [Private]

user_api_rate_limit

integer

User API Rate Limit associated with this client ID in operations per second per user. [Private]

user_credential_required

boolean

Flag indicating whether users must register a credential. If true, this storage gateway is configured for OAuth2 user authentication. If false (and for older DATA_TYPE where this property is missing), this storage gateway is configured for enterprise authentication.

{
  "DATA_TYPE": "box_storage_policies#1.1.0",
  "auth_callback": "string",
  "boxAppSettings": {
    "appAuth": {
      "passphrase": "string",
      "privateKey": "string",
      "publicKeyID": "string"
    },
    "clientID": "string",
    "clientSecret": "string"
  },
  "client_id": "string",
  "enterpriseID": "string",
  "secret": "string",
  "user_api_rate_limit": 0,
  "user_credential_required": true
}

BoxStorage_1_2_0 Document

Connector-specific storage gateway policies for the Box connector.

Name

Type

Description

DATA_TYPE

string box_storage_policies#1.2.0

Type of this document

allow_any_account

boolean

If true, allow users to access personal or external Box accounts. If false (the default), users must use the Box account which matches the username their Globus credential maps to.

auth_callback

string

URL of the auth callback that must be set on the Box developer console for the Box application of client_id.

boxAppSettings

BoxAppSettings

Values from the Box JWT client configuration that the storage gateway uses to identify and authenticate with the Box API. This is only set when configuring the storage gateway for Box enterprise authentication.

client_id

string

Client ID of the Box OAuth2 application registered on the Box developer console. This is only set when configuring the storage gateway for OAuth2 user authentication. [Private]

enterpriseID

string

Identifies which Box Enterprise this storage gateway is authorized access to. This is only set when configuring the storage gateway for Box enterprise authentication. [Private]

secret

string

Secret associated with the client_id set in this policy. This is only set when configuring the storage gateway for OAuth2 user authentication. [Private]

user_api_rate_limit

integer

User API Rate Limit associated with this client ID in operations per second per user. [Private]

user_credential_required

boolean

Flag indicating whether users must register a credential. If true, this storage gateway is configured for OAuth2 user authentication. If false (and for older DATA_TYPE where this property is missing), this storage gateway is configured for enterprise authentication.

{
  "DATA_TYPE": "box_storage_policies#1.2.0",
  "allow_any_account": true,
  "auth_callback": "string",
  "boxAppSettings": {
    "appAuth": {
      "passphrase": "string",
      "privateKey": "string",
      "publicKeyID": "string"
    },
    "clientID": "string",
    "clientSecret": "string"
  },
  "client_id": "string",
  "enterpriseID": "string",
  "secret": "string",
  "user_api_rate_limit": 0,
  "user_credential_required": true
}

BoxCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the Box connector

Name

Type

Description

DATA_TYPE

string box_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "box_collection_policies#1.0.0"
}

BoxUserCredential_1_0_0 Document

Connector-specific user credential policies for the Box connector

Name

Type

Description

DATA_TYPE

string box_user_credential_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "box_user_credential_policies#1.0.0"
}

BoxUserCredential_1_1_0 Document

Connector-specific user credential policies for the Box connector

Name

Type

Description

DATA_TYPE

string box_user_credential_policies#1.1.0

Type of this document

access_token

string

OAuth access token[Private]

email

string

OAuth email identifier claim

max_upload

integer

[Private]

refresh_token

string

OAuth refresh token[Private]

scopes

array of string

OAuth scopes associated with this access token

sub

string

OAuth subject identifier claim

token_expiry

string <date-time>

OAuth access token expiration time

{
  "DATA_TYPE": "box_user_credential_policies#1.1.0",
  "access_token": "string",
  "email": "string",
  "max_upload": 0,
  "refresh_token": "string",
  "scopes": [
    "box_readwrite"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

CephStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the Ceph connector

Name

Type

Description

DATA_TYPE

string ceph_storage_policies#1.0.0

Type of this document

ceph_admin_key_id

string

Administrator key id used to authenticate with the ceph admin service to obtain user credentials. [Private]

ceph_admin_secret_key

string

Administrator secret key used to authenticate with the ceph admin service to obtain user credentials. [Private]

s3_buckets

array of string

List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this Storage Gateway.

s3_endpoint

string

URL of the Ceph RADOS Gateway S3 API

{
  "DATA_TYPE": "ceph_storage_policies#1.0.0",
  "ceph_admin_key_id": "string",
  "ceph_admin_secret_key": "string",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "string"
}

CephCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the Ceph connector

Name

Type

Description

DATA_TYPE

string ceph_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "ceph_collection_policies#1.0.0"
}

CephUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the Ceph connector

Name

Type

Description

DATA_TYPE

string ceph_user_credential_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "ceph_user_credential_policies#1.0.0"
}

DropboxStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the Dropbox connector

Name

Type

Description

DATA_TYPE

string dropbox_storage_policies#1.0.0

Type of this document

allow_any_account

boolean

If true, allow users to access personal or external Dropbox accounts. If false (the default), users must use the Dropbox account which matches the username their Globus credential maps to.

auth_callback

string

URL of the auth callback that must be registered on the Dropbox App Console for the associated client_id in order to process Dropbox credentials.

client_id

string

Client ID (App key) of the app created in the Dropbox App Console [Private]

secret

string

App secret of the app from the Dropbox App Console policy. [Private]

user_api_rate_limit

integer

User API Rate Limit associated with this client ID in operations per second per user. [Private]

{
  "DATA_TYPE": "dropbox_storage_policies#1.0.0",
  "allow_any_account": true,
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "user_api_rate_limit": 0
}

DropboxCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the Dropbox connector

Name

Type

Description

DATA_TYPE

string dropbox_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "dropbox_collection_policies#1.0.0"
}

DropboxUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the Dropbox connector

Name

Type

Description

DATA_TYPE

string dropbox_user_credential_policies#1.0.0

Type of this document

access_token

string

OAuth access token[Private]

email

string

OAuth email claim

refresh_token

string

OAuth refresh token[Private]

root_info

Root path namespace for Dropbox API requests[Private]

scopes

array of string

OAuth scopes associated with this access token

sub

string

OAuth subject identifier claim

token_expiry

string <date-time>

OAuth access token expiration time

{
  "DATA_TYPE": "dropbox_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "root_info": {},
  "scopes": [
    "profile",
    "openid",
    "email",
    "account_info.read",
    "files.metadata.read",
    "files.content.write",
    "files.content.read"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

GoogleCloudStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the Google Cloud Storage connector

Name

Type

Description

DATA_TYPE

string google_cloud_storage_policies#1.0.0

Type of this document

auth_callback

string

URL of the auth callback that must be registered on the Google API console for the application client_id in order to process " Google credentials.

buckets

array of string

The list of Google Cloud Storage buckets which the Storage Gateway is allowed to access, as well as the list of buckets that will be shown in root level directory listings. If this list is unset, bucket access is unrestricted and all non public credential accessible buckets will be shown in root level directory listings. The value is a list of bucket names.

client_id

string

Client ID registered with the Google Application console to access Google Cloud Storage. [Private]

projects

array of string

The list of Google Cloud Storage project ids which the Storage Gateway is allowed to access. If this list is unset, project access is unrestricted. The value is a list of project id strings.

secret

string

Secret created to access access Google Cloud Storage with the client_id in this policy. [Private]

service_account_key

object

Service account key to use when authenticating all storage access[Private]

user_credential_required

boolean

Flag indicating whether users must register a credential. If true (or if this property is missing), this storage gateway is configured for OAuth2 user authentication. If false, authentication is configured by the admin.

{
  "DATA_TYPE": "google_cloud_storage_policies#1.0.0",
  "auth_callback": "string",
  "buckets": [
    "string"
  ],
  "client_id": "string",
  "projects": [
    "string"
  ],
  "secret": "string",
  "service_account_key": {},
  "user_credential_required": true
}

GoogleCloudStoragePolicies_1_1_0 Document

Connector-specific storage gateway policies for the Google Cloud Storage connector

Name

Type

Description

DATA_TYPE

string google_cloud_storage_policies#1.1.0

Type of this document

allow_any_account

boolean

If true, allow users to access personal or external Google accounts. If false (the default), users must use the Google account which matches the username their Globus credential maps to.

auth_callback

string

URL of the auth callback that must be registered on the Google API console for the application client_id in order to process " Google credentials.

buckets

array of string

The list of Google Cloud Storage buckets which the Storage Gateway is allowed to access, as well as the list of buckets that will be shown in root level directory listings. If this list is unset, bucket access is unrestricted and all non public credential accessible buckets will be shown in root level directory listings. The value is a list of bucket names.

client_id

string

Client ID registered with the Google Application console to access Google Cloud Storage. [Private]

projects

array of string

The list of Google Cloud Storage project ids which the Storage Gateway is allowed to access. If this list is unset, project access is unrestricted. The value is a list of project id strings.

secret

string

Secret created to access access Google Cloud Storage with the client_id in this policy. [Private]

service_account_key

object

Service account key to use when authenticating all storage access[Private]

user_credential_required

boolean

Flag indicating whether users must register a credential. If true (or if this property is missing), this storage gateway is configured for OAuth2 user authentication. If false, authentication is configured by the admin.

{
  "DATA_TYPE": "google_cloud_storage_policies#1.1.0",
  "allow_any_account": true,
  "auth_callback": "string",
  "buckets": [
    "string"
  ],
  "client_id": "string",
  "projects": [
    "string"
  ],
  "secret": "string",
  "service_account_key": {},
  "user_credential_required": true
}

GoogleCloudStorageCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the Google Cloud Storage connector

Name

Type

Description

DATA_TYPE

string google_cloud_storage_collection_policies#1.0.0

Type of this document

project

string

Google Cloud Platform project ID value that is associated with this collection. If set, users must be a member of this project to access the collection. If the storage gateway 'projects' property is set to exactly one project, that will be the default value for this property.

{
  "DATA_TYPE": "google_cloud_storage_collection_policies#1.0.0",
  "project": "string"
}

GoogleCloudStorageProject Document

A Google Cloud Platform project resource

Name

Type

Description

name

string

The name of the project

projectId

string

Google-issued id of a Google Cloud Platform project

{
  "name": "string",
  "projectId": "string"
}

GoogleCloudStorageUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the Google Cloud Storage connector

Name

Type

Description

DATA_TYPE

string google_cloud_storage_user_credential_policies#1.0.0

Type of this document

access_token

string

Access token to interact with the Google Cloud Storage API[Private]

email

string

OpenID Connect email property of this credential

projects

array ( GoogleCloudStorageProject )

List of Google Cloud Platform projects available for use with this credential.

refresh_token

string

Refresh token to generate new access tokens to use with the Google Cloud Storage API [Private]

scopes

array of string

List of OAuth2 scopes associated with the tokens in this credential

sub

string

OpenID Connect subject property of this credential

token_expiry

string <date-time>

Time when he access token expires

{
  "DATA_TYPE": "google_cloud_storage_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "projects": [
    {
      "name": "string",
      "projectId": "string"
    }
  ],
  "refresh_token": "string",
  "scopes": [
    "string"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

GoogleDriveStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the Google Drive connector

Name

Type

Description

DATA_TYPE

string google_drive_storage_policies#1.0.0

Type of this document

auth_callback

string

URL of the auth callback that must be registered on the Google API console for the application client_id in order to process Google credentials.

client_id

string

Client ID registered with the Google Application console to access Google Drive. [Private]

secret

string

Secret created to access access Google Drive with the client_id in this policy. [Private]

user_api_rate_quota

integer

User API Rate quota associated with this client ID[Private]

{
  "DATA_TYPE": "google_drive_storage_policies#1.0.0",
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "user_api_rate_quota": 0
}

GoogleDriveStoragePolicies_1_1_0 Document

Connector-specific storage gateway policies for the Google Drive connector

Name

Type

Description

DATA_TYPE

string google_drive_storage_policies#1.1.0

Type of this document

allow_any_account

boolean

If true, allow users to access personal or external Google accounts. If false (the default), users must use the Google account which matches the username their Globus credential maps to.

auth_callback

string

URL of the auth callback that must be registered on the Google API console for the application client_id in order to process Google credentials.

client_id

string

Client ID registered with the Google Application console to access Google Drive. [Private]

secret

string

Secret created to access access Google Drive with the client_id in this policy. [Private]

user_api_rate_quota

integer

User API Rate quota associated with this client ID[Private]

{
  "DATA_TYPE": "google_drive_storage_policies#1.1.0",
  "allow_any_account": true,
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "user_api_rate_quota": 0
}

GoogleDriveCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the Google Drive connector

Name

Type

Description

DATA_TYPE

string google_drive_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "google_drive_collection_policies#1.0.0"
}

GoogleDriveUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the Google Drive connector

Name

Type

Description

DATA_TYPE

string google_drive_user_credential_policies#1.0.0

Type of this document

access_token

string

OAuth access token[Private]

email

string

OAuth email claim

refresh_token

string

OAuth refresh token[Private]

scopes

array of string

OAuth scopes associated with this access token

sub

string

OAuth subject identifier claim

token_expiry

string <date-time>

OAuth access token expiration time

{
  "DATA_TYPE": "google_drive_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "email",
    "profile",
    "https://www.googleapis.com/auth/drive",
    "https://www.googleapis.com/auth/drive.appfolder"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

HPSSStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the HPSS connector

Name

Type

Description

DATA_TYPE

string hpss_storage_policies#1.0.0

Type of this document

authentication_mech

string krb5, unix

The type of authentication the connector will perform when logging into HPSS [Private]

authenticator

string ^(auth_keyfile|auth_keytab):/

Authenticator used with authentication mech to perform authentication to HPSS. Format is: "<auth_type>:<auth_file>" where <auth_type> is one of "auth_keytab" or "auth_keyfile". [Private]

uda_checksum

boolean

Flag that indicates if checksums should be stored within UDAs so that sync-by-checksum transfers can verify the file without staging the file from tape.

{
  "DATA_TYPE": "hpss_storage_policies#1.0.0",
  "authentication_mech": "krb5",
  "authenticator": "auth_keytab:/var/hpss/etc/gridftp.keytab",
  "uda_checksum": true
}

HPSSStoragePolicies_1_1_0 Document

Name

Type

Description

DATA_TYPE

string hpss_storage_policies#1.1.0

Type of this document

authentication_mech

string krb5, unix

The type of authentication the connector will perform when logging into HPSS [Private]

authenticator

string ^(auth_keyfile|auth_keytab):/

Authenticator used with authentication mech to perform authentication to HPSS. Format is: "<auth_type>:<auth_file>" where <auth_type> is one of "auth_keytab" or "auth_keyfile". [Private]

login_name

string

Name of the HPSS user in the keytab file that the GridFTP server will use to authenticate to HPSS. This user must have the ability to switch to another HPSS user. Defaults to 'hpssftp' which is also handled special by HPSS with regards to the gate keeper.

uda_checksum

boolean

Flag that indicates if checksums should be stored within UDAs so that sync-by-checksum transfers can verify the file without staging the file from tape.

{
  "DATA_TYPE": "hpss_storage_policies#1.1.0",
  "authentication_mech": "krb5",
  "authenticator": "auth_keytab:/var/hpss/etc/gridftp.keytab",
  "login_name": "string",
  "uda_checksum": true
}

HPSSCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the HPSS connector

Name

Type

Description

DATA_TYPE

string hpss_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "hpss_collection_policies#1.0.0"
}

HPSSUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the HPSS connector

Name

Type

Description

DATA_TYPE

string hpss_user_credential_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "hpss_user_credential_policies#1.0.0"
}

IrodsEnvironment Document

Variables to set in the iRODS client environment.

Name

Type

Description

name

string

Environment variable name

value

string

Environment variable value

{
  "name": "string",
  "value": "string"
}

IrodsStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the Irods connector

Name

Type

Description

DATA_TYPE

string irods_storage_policies#1.0.0

Type of this document

environment

array ( IrodsEnvironment )

Variables to set in the iRODS client environment[Private]

irods_authentication_file

string

Path to the irods authentication file[Private]

irods_environment_file

string

Path to the irods environment file[Private]

{
  "DATA_TYPE": "irods_storage_policies#1.0.0",
  "environment": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "irods_authentication_file": "/var/irods/.irodsA",
  "irods_environment_file": "/var/irods/irods_environment.json"
}

IrodsCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the Irods connector

Name

Type

Description

DATA_TYPE

string irods_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "irods_collection_policies#1.0.0"
}

IrodsUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the Irods connector

Name

Type

Description

DATA_TYPE

string irods_user_credential_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "irods_user_credential_policies#1.0.0"
}

OneDriveStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the OneDrive connector

Name

Type

Description

DATA_TYPE

string onedrive_storage_policies#1.0.0

Type of this document

auth_callback

string

URL of the auth callback that must be registered on the Microsoft API console for the application client_id in order to process Microsoft credentials.

client_id

string

Client ID registered with the Azure console to access OneDrive[Private]

secret

string

Secret created in the Azure console to access OneDrive with the client_id in this policy. [Private]

tenant

string

Tenant ID of the Microsoft organization. Required when Supported Account Types of the Azure application is set to Single tenant. [Private]

user_api_rate_limit

integer

User API Rate Limit associated with this client ID in operations per second per user. [Private]

{
  "DATA_TYPE": "onedrive_storage_policies#1.0.0",
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "tenant": "string",
  "user_api_rate_limit": 0
}

OneDriveStoragePolicies_1_1_0 Document

Connector-specific storage gateway policies for the OneDrive connector

Name

Type

Description

DATA_TYPE

string onedrive_storage_policies#1.1.0

Type of this document

allow_any_account

boolean

If true, allow users to access personal or external Microsoft accounts. If false (the default), users must use the Microsoft account which matches the username their Globus credential maps to.

auth_callback

string

URL of the auth callback that must be registered on the Microsoft API console for the application client_id in order to process Microsoft credentials.

client_id

string

Client ID registered with the Azure console to access OneDrive[Private]

secret

string

Secret created in the Azure console to access OneDrive with the client_id in this policy. [Private]

tenant

string

Tenant ID of the Microsoft organization. Required when Supported Account Types of the Azure application is set to Single tenant. [Private]

user_api_rate_limit

integer

User API Rate Limit associated with this client ID in operations per second per user. [Private]

{
  "DATA_TYPE": "onedrive_storage_policies#1.1.0",
  "allow_any_account": true,
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "tenant": "string",
  "user_api_rate_limit": 0
}

OneDriveCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the OneDrive connector

Name

Type

Description

DATA_TYPE

string onedrive_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "onedrive_collection_policies#1.0.0"
}

OneDriveUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the OneDrive connector

Name

Type

Description

DATA_TYPE

string onedrive_user_credential_policies#1.0.0

Type of this document

access_token

string

OAuth access token[Private]

email

string

OAuth email claim

refresh_token

string

OAuth refresh token[Private]

scopes

array of string

OAuth scopes associated with the access token

sub

string

OAuth subject identifier claim

tid

string

token_expiry

string <date-time>

OAuth access token expiration time

{
  "DATA_TYPE": "onedrive_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "openid",
    "email",
    "profile",
    "offline_access",
    "files.readwrite.all"
  ],
  "sub": "string",
  "tid": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

PosixStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the POSIX connector.

Name

Type

Description

DATA_TYPE

string posix_storage_policies#1.0.0

Type of this document

groups_allow

array of string

List of POSIX group names allowed to access this storage gateway [Private]

groups_deny

array of string

List of POSIX group names denied access this storage gateway [Private]

{
  "DATA_TYPE": "posix_storage_policies#1.0.0",
  "groups_allow": [
    "string"
  ],
  "groups_deny": [
    "string"
  ]
}

PosixCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the POSIX connector

Name

Type

Description

DATA_TYPE

string posix_collection_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "posix_collection_policies#1.0.0"
}

PosixCollectionPolicies_1_1_0 Document

Connector-specific collection policies for the POSIX connector

Version 1.1.0 of the posix_collection_policies document adds the sharing_groups_allow, and sharing_groups_deny properties.

Name

Type

Description

DATA_TYPE

string posix_collection_policies#1.1.0

Type of this document

sharing_groups_allow

array of string

List of POSIX group names allowed to create shares on this collection [Private]

sharing_groups_deny

array of string

List of POSIX group names denied access to create shares on this collection. [Private]

{
  "DATA_TYPE": "posix_collection_policies#1.1.0",
  "sharing_groups_allow": [
    "string"
  ],
  "sharing_groups_deny": [
    "string"
  ]
}

PosixUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the POSIX connector

Name

Type

Description

DATA_TYPE

string posix_user_credential_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "posix_user_credential_policies#1.0.0"
}

PosixStagingEnvironment Document

Variables to set in the environment when executing the stage_app.

Name

Type

Description

name

string

Environment variable name

value

string

Environment variable value

{
  "name": "string",
  "value": "string"
}

PosixStagingStoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the POSIX Staging connector

Name

Type

Description

DATA_TYPE

string posix_staging_storage_policies#1.0.0

Type of this document

environment

array ( PosixStagingEnvironment )

Variables to set in the environment when executing the stage_app[Private]

groups_allow

array of string

List of POSIX group names allowed to access this storage gateway [Private]

groups_deny

array of string

List of POSIX group names denied access this storage gateway [Private]

stage_app

string

Path to the stage app[Private]

{
  "DATA_TYPE": "posix_staging_storage_policies#1.0.0",
  "environment": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "groups_allow": [
    "string"
  ],
  "groups_deny": [
    "string"
  ],
  "stage_app": "string"
}

PosixStagingCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the POSIX Staging connector

Name

Type

Description

DATA_TYPE

string posix_staging_collection_policies#1.0.0

Type of this document

sharing_groups_allow

array of string

List of POSIX group names allowed to create shares on this collection [Private]

sharing_groups_deny

array of string

List of POSIX group names denied access to create shares on this collection. [Private]

{
  "DATA_TYPE": "posix_staging_collection_policies#1.0.0",
  "sharing_groups_allow": [
    "string"
  ],
  "sharing_groups_deny": [
    "string"
  ]
}

PosixStagingUserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the POSIX Staging connector

Name

Type

Description

DATA_TYPE

string posix_staging_user_credential_policies#1.0.0

Type of this document

{
  "DATA_TYPE": "posix_staging_user_credential_policies#1.0.0"
}

Node Document

Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as data transfer nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.

Version 1.1.0 adds support for setting the data interface on a node.

Version 1.2.0 adds support for setting an IPv6 data interface on a node.

One of the following schemas:

  • Node_1_0_0

  • Node_1_1_0

  • Node_1_2_0

​

{
  "DATA_TYPE": "node#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}

Batch Document

The Batch data type is used to specify multiple objects to operate on via a single REST API call.

One of the following schemas:

  • Batch_1_0_0

​

{
  "DATA_TYPE": "batch#1.0.0",
  "ids": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

AuthenticationTimeout Document

Error details when a user must reauthenticate an identity in order to perform this operation.

Version 1.1.0 adds the require_mfa property.

One of the following schemas:

  • AuthenticationTimeout_1_0_0

  • AuthenticationTimeout_1_1_0

​

{
  "DATA_TYPE": "authentication_timeout#1.0.0",
  "high_assurance": true,
  "identities": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

CheckResult Document

Consistency check information

One of the following schemas:

  • CheckResult_1_0_0

​

{
  "DATA_TYPE": "check_result#1.0.0",
  "error": {},
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "message": "string"
}

SharingPolicy Document

Sharing policies for a mapped collection.

This document type allows endpoint and collection administrators to optionally constrain sharing path policies for particular users. The sharing_restrict_paths property has a similar meaning to that of the sharing_restrict_paths in the collection document; however, it is in effect only for specific users.

If the users property is null, then the restriction applies to all users. If it is non-null, then this restriction applies only to accounts which have been mapped to the enumerated storage gateway user accounts.

Multiple sharing policies can be defined for a mapped collection. When a guest collection is created or accessed, only the policies relevant to the user which created the account are enforced.

One of the following schemas:

  • SharingPolicy_1_0_0

​

{
  "DATA_TYPE": "sharing_policy#1.0.0",
  "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "sharing_restrict_paths": {
    "DATA_TYPE": "path_restrictions#1.0.0",
    "none": [
      "string"
    ],
    "read": [
      "string"
    ],
    "read_write": [
      "string"
    ]
  },
  "users": [
    "string"
  ]
}

Collection Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.

Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.

Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA collections.

Version 1.13.0 adds the auto_delete_timeout property to mapped collections and the skip_auto_delete property to guest collections.

Version 1.14.0 adds the subscription_admin_verified property to collections and activity_notification_policy to guest collections.

Version 1.15.0 adds the associated_flow_policy property to the collection.

One of the following schemas:

  • Collection_1_0_0

  • Collection_1_1_0

  • Collection_1_2_0

  • Collection_1_3_0

  • Collection_1_4_0

  • Collection_1_5_0

  • Collection_1_6_0

  • Collection_1_7_0

  • Collection_1_8_0

  • Collection_1_9_0

  • Collection_1_10_0

  • Collection_1_11_0

  • Collection_1_12_0

  • Collection_1_13_0

  • Collection_1_14_0

  • Collection_1_15_0

​

{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

CollectionNotFound Document

Error details when a mapped collection no longer exists when accessing a guest collection.

One of the following schemas:

  • CollectionNotFound_1_0_0

​

{
  "DATA_TYPE": "collection_not_found#1.0.0",
  "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80"
}

CollectionOwner Document

Schema for processing the collection_owner#1.0.0 data type

One of the following schemas:

  • CollectionOwner_1_0_0

​

{
  "DATA_TYPE": "collection_owner#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

Connector Document

Connector information document

Version 1.1.0 adds information about HA and BAA subscriptions.

One of the following schemas:

  • Connector_1_0_0

  • Connector_1_1_0

​

{
  "DATA_TYPE": "connector#1.0.0",
  "display_name": "POSIX",
  "id": "string",
  "version": "string"
}

CredentialNotFound Document

Error details when a user has attempted to use a credential when creating a collection or logging in, but there are multiple mapped identities and none of them have a valid credential.

One of the following schemas:

  • CredentialNotFound_1_0_0

​

{
  "DATA_TYPE": "credential_not_found#1.0.0",
  "accounts": [
    {
      "DATA_TYPE": "account#1.0.0",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ]
}

Endpoint Document

A Globus Connect Server endpoint is a deployment of Globus Connect Server version 5. A single endpoint may optionally include multiple data transfer nodes. The endpoint provides a link between a Globus Connect Server deployment and the Globus Transfer service. The endpoint describes services for accessing data via GridFTP and HTTPS and also for configuring and managing the policies associated with that access.

Version 1.1.0 of the endpoint includes support for customizing the TCP port that the GridFTP listens on.

Version 1.2.0 of the endpoint includes read-only earliest_last_access to put a limit on collections which are missing a last_access value.

One of the following schemas:

  • Endpoint_1_0_0

  • Endpoint_1_1_0

  • Endpoint_1_2_0

​

{
  "DATA_TYPE": "endpoint#1.0.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}

EndpointOwner Document

Schema for processing the endpoint_owner#1.0.0 data type

One of the following schemas:

  • EndpointOwner_1_0_0

​

{
  "DATA_TYPE": "endpoint_owner#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

EndpointSubscription Document

Endpoint subscription

One of the following schemas:

  • EndpointSubscription_1_0_0

​

{
  "DATA_TYPE": "endpoint_subscription#1.0.0",
  "subscription_id": "string"
}

IdNotInIdentitySet Document

Error details when a user has authenticated but has requested to act as an identity not in the current identity set.

One of the following schemas:

  • IdNotInIdentitySet_1_0_0

​

{
  "DATA_TYPE": "id_not_in_identity_set#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}

Info Document

This document contains information about the Globus Connect Server, including its software and supported API version number.

One of the following schemas:

  • Info_1_0_0

​

{
  "DATA_TYPE": "info#1.0.0",
  "api_version": "string",
  "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  "domain_name": "string",
  "endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
  "manager_version": "string"
}

InvalidCredential Document

Error details when the caller’s identity maps to an account with a user credential that is in an invalid state.

One of the following schemas:

  • InvalidCredential_1_0_0

​

{
  "DATA_TYPE": "invalid_credential#1.0.0",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

InvalidInput Document

Error details when the caller has sent an invalid input document.

One of the following schemas:

  • InvalidInput_1_0_0

​

{
  "DATA_TYPE": "invalid_input#1.0.0",
  "errors": [
    {
      "property": "string",
      "message": "string"
    }
  ]
}

InvalidUser Document

Error details when the caller’s identity does not map to valid local account.

One of the following schemas:

  • InvalidUser_1_0_0

​

{
  "DATA_TYPE": "invalid_user#1.0.0",
  "usernames": [
    "string"
  ]
}

LimitExceeded Document

Error details when a user would be authorized, but the endpoint has reached a hard resource limit on the type of object being created.

One of the following schemas:

  • LimitExceeded_1_0_0

​

{
  "DATA_TYPE": "limit_exceeded#1.0.0"
}

MissingRequiredRole Document

Error details when a user has authenticated but lacks a role to be able to perform the requested operation.

One of the following schemas:

  • MissingRequiredRole_1_0_0

​

{
  "DATA_TYPE": "missing_required_role#1.0.0",
  "roles": [
    {
      "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
      "role": "owner"
    }
  ]
}

MissingRequiredScopes Document

Error details when a user has authenticated but lacks an OAuth scope to be able to perform the requested operation.

One of the following schemas:

  • MissingRequiredScopes_1_0_0

​

{
  "DATA_TYPE": "missing_required_scopes#1.0.0",
  "required_scopes": [
    "string"
  ]
}

NotFromAllowedDomain Document

Error details when a user has authenticated but does not have an identity from the required domain to perform the requested action.

One of the following schemas:

  • NotFromAllowedDomain_1_0_0

​

{
  "DATA_TYPE": "not_from_allowed_domain#1.0.0",
  "allowed_domains": [
    "string"
  ]
}

NotResourceOwner Document

Error details when a user has authenticated but is not the owner of the resource being acted upon.

One of the following schemas:

  • NotResourceOwner_1_0_0

​

{
  "DATA_TYPE": "not_resource_owner#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}

SubscriptionAdminVerified Document

Subscription Admin Verified

One of the following schemas:

  • SubscriptionAdminVerified_1_0_0

​

{
  "DATA_TYPE": "subscription_admin_verified#1.0.0",
  "subscription_admin_verified": true
}

OwnerString Document

Owner string document

One of the following schemas:

  • OwnerString_1_0_0

​

{
  "DATA_TYPE": "owner_string#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

Result Document

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

ResourceConflict Document

Error details when the caller has attempted to update an object that results in a conflict with some other object.

One of the following schemas:

  • ResourceConflict_1_0_0

​

{
  "DATA_TYPE": "resource_conflict#1.0.0",
  "resources": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

Role Document

The "Role" document type represents the assignment of a role on an Endpoint or Collection to a Globus identity or group.

One of the following schemas:

  • Role_1_0_0

​

{
  "DATA_TYPE": "role#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "principal": "string",
  "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
  "role": "owner"
}

StorageGateway Document

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.

One of the following schemas:

  • StorageGateway_1_0_0

  • StorageGateway_1_1_0

  • StorageGateway_1_2_0

  • StorageGateway_1_3_0

​

{
  "DATA_TYPE": "storage_gateway#1.0.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

StorageGatewayNotFound Document

Error details when a storage gateway no longer exists when accessing a collection.

One of the following schemas:

  • StorageGatewayNotFound_1_0_0

​

{
  "DATA_TYPE": "storage_gateway_not_found#1.0.0",
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb"
}

SubscriptionRequired Document

Error details when the caller has attempted to access a feature not supported by the endpoint’s subscription.

One of the following schemas:

  • SubscriptionRequired_1_0_0

​

{
  "DATA_TYPE": "subscription_required#1.0.0",
  "add_ons": [
    "string"
  ],
  "subscription_level": "string"
}

UserCredential Document

Credential information for an identity on a particular storage gateway and its related collections.

One of the following schemas:

  • UserCredential_1_0_0

​

{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "s3_user_credential_policies#1.0.0",
    "s3_key_id": "string",
    "s3_secret_key": "string"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

S3StoragePolicies Document

Connector-specific storage gateway policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property

Version 1.2.0 adds support for the s3_allow_multi_keys property

One of the following schemas:

  • S3StoragePolicies_1_0_0

  • S3StoragePolicies_1_1_0

  • S3StoragePolicies_1_2_0

​

{
  "DATA_TYPE": "s3_storage_policies#1.0.0",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_user_credential_required": true
}

S3CollectionPolicies Document

Connector-specific collection policies for the S3 connector

One of the following schemas:

  • S3CollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "s3_collection_policies#1.0.0"
}

S3UserCredentialPolicies Document

Connector-specific user credential policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property.

Version 1.2.0 adds support for the s3_multi_keys property list.

One of the following schemas:

  • S3UserCredentialPolicies_1_0_0

  • S3UserCredentialPolicies_1_1_0

  • S3UserCredentialPolicies_1_2_0

​

{
  "DATA_TYPE": "s3_user_credential_policies#1.0.0",
  "s3_key_id": "string",
  "s3_secret_key": "string"
}

ActiveScaleStoragePolicies Document

Connector-specific storage gateway policies for the ActiveScale connector. These are identical to s3 connector’s storage gateway policies.

One of the following schemas:

  • S3StoragePolicies_1_0_0

​

{
  "DATA_TYPE": "s3_storage_policies#1.0.0",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_user_credential_required": true
}

ActiveScaleCollectionPolicies Document

Connector-specific storage gateway policies for the ActiveScale connector. These are identical to s3 connector’s storage gateway policies.

One of the following schemas:

  • S3CollectionPolicies

​

{
  "DATA_TYPE": "s3_collection_policies#1.0.0"
}

ActiveScaleUserCredentialPolicies Document

Connector-specific storage gateway policies for the ActiveScale connector. These are identical to s3 connector’s storage gateway policies.

One of the following schemas:

  • S3UserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "s3_user_credential_policies#1.0.0",
  "s3_key_id": "string",
  "s3_secret_key": "string"
}

AzureBlobStoragePolicies Document

Connector-specific storage gateway policies for the AzureBlob connector

One of the following schemas:

  • AzureBlobStoragePolicies_1_0_0

  • AzureBlobStoragePolicies_1_1_0

​

{
  "DATA_TYPE": "azure_blob_storage_policies#1.0.0",
  "account": "string",
  "adls": true,
  "auth_callback": "string",
  "auth_type": "string",
  "client_id": "string",
  "secret": "string",
  "tenant": "string",
  "user_credential_required": true
}

AzureBlobCollectionPolicies Document

Connector-specific collection policies for the AzureBlob connector

One of the following schemas:

  • AzureBlobCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
}

AzureBlobUserCredentialPolicies Document

Connector-specific user credential policies for the AzureBlob connector

One of the following schemas:

  • AzureBlobUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "azure_blob_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "string"
  ],
  "sub": "string",
  "tid": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

BlackPearlStoragePolicies Document

Connector-specific storage gateway policies for the Blackpearl connector

One of the following schemas:

  • BlackPearlStoragePolicies_1_0_0

​

{
  "DATA_TYPE": "blackpearl_storage_policies#1.0.0",
  "bp_access_id_file": "string",
  "s3_endpoint": "string"
}

BlackPearlCollectionPolicies Document

Connector-specific collection policies for the BlackPearl connector

One of the following schemas:

  • BlackPearlCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "blackpearl_collection_policies#1.0.0"
}

BlackPearlUserCredentialPolicies Document

Connector-specific user credential policies for the Blackpearl connector

One of the following schemas:

  • BlackPearlUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "blackpearl_user_credential_policies#1.0.0",
  "access_id": "string",
  "secret_key": "string"
}

BoxStoragePolicies Document

Connector-specific storage gateway policies for the Box connector.

One of the following schemas:

  • BoxStorage_1_0_0

  • BoxStorage_1_1_0

  • BoxStorage_1_2_0

​

{
  "DATA_TYPE": "box_storage_policies#1.0.0",
  "boxAppSettings": {
    "appAuth": {
      "passphrase": "string",
      "privateKey": "string",
      "publicKeyID": "string"
    },
    "clientID": "string",
    "clientSecret": "string"
  },
  "enterpriseID": "string"
}

BoxCollectionPolicies Document

Connector-specific collection policies for the Box connector

One of the following schemas:

  • BoxCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "box_collection_policies#1.0.0"
}

BoxUserCredentialPolicies Document

Connector-specific user credential policies for the Box connector

One of the following schemas:

  • BoxUserCredential_1_0_0

  • BoxUserCredential_1_1_0

​

{
  "DATA_TYPE": "box_user_credential_policies#1.0.0"
}

CephStoragePolicies Document

Connector-specific storage gateway policies for the Ceph connector

One of the following schemas:

  • CephStoragePolicies_1_0_0

​

{
  "DATA_TYPE": "ceph_storage_policies#1.0.0",
  "ceph_admin_key_id": "string",
  "ceph_admin_secret_key": "string",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "string"
}

CephCollectionPolicies Document

Connector-specific collection policies for the Ceph connector

One of the following schemas:

  • CephCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "ceph_collection_policies#1.0.0"
}

CephUserCredentialPolicies Document

Connector-specific user credential policies for the Ceph connector

One of the following schemas:

  • CephUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "ceph_user_credential_policies#1.0.0"
}

DropboxStoragePolicies Document

Connector-specific storage gateway policies for the Dropbox connector

One of the following schemas:

  • DropboxStoragePolicies_1_0_0

​

{
  "DATA_TYPE": "dropbox_storage_policies#1.0.0",
  "allow_any_account": true,
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "user_api_rate_limit": 0
}

DropboxCollectionPolicies Document

Connector-specific collection policies for the Dropbox connector

One of the following schemas:

  • DropboxCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "dropbox_collection_policies#1.0.0"
}

DropboxUserCredentialPolicies Document

Connector-specific user credential policies for the Dropbox connector

One of the following schemas:

  • DropboxUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "dropbox_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "root_info": {},
  "scopes": [
    "profile",
    "openid",
    "email",
    "account_info.read",
    "files.metadata.read",
    "files.content.write",
    "files.content.read"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

GoogleCloudStoragePolicies Document

Connector-specific storage gateway policies for the Google Cloud Storage connector

One of the following schemas:

  • GoogleCloudStoragePolicies_1_0_0

  • GoogleCloudStoragePolicies_1_1_0

​

{
  "DATA_TYPE": "google_cloud_storage_policies#1.0.0",
  "auth_callback": "string",
  "buckets": [
    "string"
  ],
  "client_id": "string",
  "projects": [
    "string"
  ],
  "secret": "string",
  "service_account_key": {},
  "user_credential_required": true
}

GoogleCloudStorageCollectionPolicies Document

Connector-specific collection policies for the Google Cloud Storage connector

One of the following schemas:

  • GoogleCloudStorageCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "google_cloud_storage_collection_policies#1.0.0",
  "project": "string"
}

GoogleCloudStorageUserCredentialPolicies Document

Connector-specific user credential policies for the Google Cloud Storage connector

One of the following schemas:

  • GoogleCloudStorageUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "google_cloud_storage_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "projects": [
    {
      "name": "string",
      "projectId": "string"
    }
  ],
  "refresh_token": "string",
  "scopes": [
    "string"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

GoogleDriveStoragePolicies Document

Connector-specific storage gateway policies for the Google Drive connector

One of the following schemas:

  • GoogleDriveStoragePolicies_1_0_0

  • GoogleDriveStoragePolicies_1_1_0

​

{
  "DATA_TYPE": "google_drive_storage_policies#1.0.0",
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "user_api_rate_quota": 0
}

GoogleDriveCollectionPolicies Document

Connector-specific collection policies for the Google Drive connector

One of the following schemas:

  • GoogleDriveCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "google_drive_collection_policies#1.0.0"
}

GoogleDriveUserCredentialPolicies Document

Connector-specific user credential policies for the Google Drive connector

One of the following schemas:

  • GoogleDriveUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "google_drive_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "email",
    "profile",
    "https://www.googleapis.com/auth/drive",
    "https://www.googleapis.com/auth/drive.appfolder"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

HPSSStoragePolicies Document

One of the following schemas:

  • HPSSStoragePolicies_1_0_0

  • HPSSStoragePolicies_1_1_0

​

{
  "DATA_TYPE": "hpss_storage_policies#1.0.0",
  "authentication_mech": "krb5",
  "authenticator": "auth_keytab:/var/hpss/etc/gridftp.keytab",
  "uda_checksum": true
}

HPSSCollectionPolicies Document

Connector-specific collection policies for the HPSS connector

One of the following schemas:

  • HPSSCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "hpss_collection_policies#1.0.0"
}

HPSSUserCredentialPolicies Document

Connector-specific user credential policies for the HPSS connector

One of the following schemas:

  • HPSSUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "hpss_user_credential_policies#1.0.0"
}

IrodsStoragePolicies Document

Connector-specific storage gateway policies for the Irods connector

One of the following schemas:

  • IrodsStoragePolicies_1_0_0

​

{
  "DATA_TYPE": "irods_storage_policies#1.0.0",
  "environment": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "irods_authentication_file": "/var/irods/.irodsA",
  "irods_environment_file": "/var/irods/irods_environment.json"
}

IrodsCollectionPolicies Document

Connector-specific collection policies for the Irods connector

One of the following schemas:

  • IrodsCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "irods_collection_policies#1.0.0"
}

IrodsUserCredentialPolicies Document

Connector-specific user credential policies for the Irods connector

One of the following schemas:

  • IrodsUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "irods_user_credential_policies#1.0.0"
}

OneDriveStoragePolicies Document

Connector-specific storage gateway policies for the OneDrive connector

One of the following schemas:

  • OneDriveStoragePolicies_1_0_0

  • OneDriveStoragePolicies_1_1_0

​

{
  "DATA_TYPE": "onedrive_storage_policies#1.0.0",
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "tenant": "string",
  "user_api_rate_limit": 0
}

OneDriveCollectionPolicies Document

Connector-specific collection policies for the OneDrive connector

One of the following schemas:

  • OneDriveCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "onedrive_collection_policies#1.0.0"
}

OneDriveUserCredentialPolicies Document

Connector-specific user credential policies for the OneDrive connector

One of the following schemas:

  • OneDriveUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "onedrive_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "openid",
    "email",
    "profile",
    "offline_access",
    "files.readwrite.all"
  ],
  "sub": "string",
  "tid": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

PosixStoragePolicies Document

Connector-specific storage gateway policies for the POSIX connector.

One of the following schemas:

  • PosixStoragePolicies_1_0_0

​

{
  "DATA_TYPE": "posix_storage_policies#1.0.0",
  "groups_allow": [
    "string"
  ],
  "groups_deny": [
    "string"
  ]
}

PosixCollectionPolicies Document

Connector-specific collection policies for the POSIX connector

Version 1.1.0 of the posix_collection_policies document adds the sharing_groups_allow, and sharing_groups_deny properties.

One of the following schemas:

  • PosixCollectionPolicies_1_0_0

  • PosixCollectionPolicies_1_1_0

​

{
  "DATA_TYPE": "posix_collection_policies#1.0.0"
}

PosixUserCredentialPolicies Document

Connector-specific user credential policies for the POSIX connector

One of the following schemas:

  • PosixUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "posix_user_credential_policies#1.0.0"
}

PosixStagingStoragePolicies Document

Connector-specific storage gateway policies for the POSIX Staging connector

One of the following schemas:

  • PosixStagingStoragePolicies_1_0_0

​

{
  "DATA_TYPE": "posix_staging_storage_policies#1.0.0",
  "environment": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "groups_allow": [
    "string"
  ],
  "groups_deny": [
    "string"
  ],
  "stage_app": "string"
}

PosixStagingCollectionPolicies Document

Connector-specific collection policies for the POSIX Staging connector

One of the following schemas:

  • PosixStagingCollectionPolicies_1_0_0

​

{
  "DATA_TYPE": "posix_staging_collection_policies#1.0.0",
  "sharing_groups_allow": [
    "string"
  ],
  "sharing_groups_deny": [
    "string"
  ]
}

PosixStagingUserCredentialPolicies Document

Connector-specific user credential policies for the POSIX Staging connector

One of the following schemas:

  • PosixStagingUserCredentialPolicies_1_0_0

​

{
  "DATA_TYPE": "posix_staging_user_credential_policies#1.0.0"
}

Responses

Unsupported media type

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Bad Request

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Unprocessable entity

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Unauthorized

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

Not found

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility