Schemas

OAuthUserCredentialForm Document

Name	Type	Description
access_token	string	Unused
identity_id	string <uuid>	Globus Auth identity id that this credential is associated with
login_hint	string	Mapped account username on the storage gateway
redirect_uri	string	URL to redirect to once the credential registration flow is complete. This should be a maximum of 220 characters to avoid conflicts with connector state limits.
storage_gateway	string <uuid>	Storage gateway to associate the credential with

{
  "access_token": "string",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "login_hint": "string",
  "redirect_uri": "string",
  "storage_gateway": "84f68622-c2e1-4c80-acc9-d3be0dea5d29"
}

Account_1_0_0 Document

User account information for a particular Storage Gateway.

Name	Type	Description
DATA_TYPE	string `account#1.0.0`	Type of this document
identity_id	string <uuid>	Globus Auth identity which maps to this account
storage_gateway_id	string <uuid>	Storage Gateway for which this account is valid.
username	string	Connector-specific local username

{
  "DATA_TYPE": "account#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

Batch_1_0_0 Document

The Batch data type is used to specify multiple objects to operate on via a single REST API call.

Name	Type	Description
DATA_TYPE	string `batch#1.0.0`	Type of this document
ids	array of string <uuid>	List of object IDs to operate on

{
  "DATA_TYPE": "batch#1.0.0",
  "ids": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

AuthenticationTimeout_1_0_0 Document

Error details when a user must reauthenticate an identity in order to perform this operation.

Name	Type	Description
DATA_TYPE	string `authentication_timeout#1.0.0`	Type of this document
high_assurance	boolean	Boolean flag indicating whether the new authentication must be done within the same auth session as the application making the request.
identities	array of string <uuid>	List of identities that would have otherwise been authorized except that the authentication has timed out.

{
  "DATA_TYPE": "authentication_timeout#1.0.0",
  "high_assurance": true,
  "identities": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

AuthenticationTimeout_1_1_0 Document

Error details when a user must reauthenticate an identity in order to perform this operation.

Version 1.1.0 adds the require_mfa property.

Name	Type	Description
DATA_TYPE	string `authentication_timeout#1.1.0`	Type of this document
high_assurance	boolean	Boolean flag indicating whether the new authentication must be done within the same auth session as the application making the request.
identities	array of string <uuid>	List of identities that would have otherwise been authorized except that the authentication has timed out.
require_mfa	boolean	Flag indicating that multi-factor authentication is required. Only occurs on high assurance storage gateways.

{
  "DATA_TYPE": "authentication_timeout#1.1.0",
  "high_assurance": true,
  "identities": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ],
  "require_mfa": true
}

CheckResult_1_0_0 Document

Consistency check information

Name	Type	Description
DATA_TYPE	string `check_result#1.0.0`	Type of this document
error	object	Error details
id	string <uuid>	ID of the object that was checked
message	string	Message describing the error

{
  "DATA_TYPE": "check_result#1.0.0",
  "error": {},
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "message": "string"
}

Domain_1_0_0 Document

Custom domain description

Name	Type	Description
DATA_TYPE	string `domain#1.0.0`	Type of this document
certificate	string `^(.* )?-----BEGIN CERTIFICATE-----.*`	PEM-Encoded X.509 certificate for this domain
certificate_chain	string `^(.* )?-----BEGIN CERTIFICATE-----.*`	PEM-Encoded X.509 certificate chain for this domain. Only needed if there are intermediate certificates that must also be sent to clients to allow them to verify the certificate. [Private]
certificate_chain_path	string `^/.*`	Path to a file containing the X.509 certificate chain for this domain. This file path must contain a sequence of valid certificate and be present on each data transfer node. [Private]
certificate_path	string `^/.*`	Path to a file containing the X.509 certificate for this domain. This file path must contain a valid certificate and be present on each data transfer node. [Private]
domain_name	string `^((?!-)[A-Za-z0-9-]{1,63}(?`	Domain name
private_key	string `^(.* )?-----BEGIN PRIVATE KEY-----.*`	PEM-Encoded private key for the certificate[Private]
private_key_path	string `^/.*`	Path to a file containing the private key for this domain. This file path must contain a valid key and be present on each data transfer node. [Private]
wildcard	boolean	Flag indicating whether this is a wildcard domain or not. When setting a custom domain for a mapped collection, the domain may optionally be a wildcard domain. If it is a wildcard domain, the guest collections will be created as subdomains of the mapped collection domain; if not, guest collections will be created as subdomains of the endpoint domain.

{
  "DATA_TYPE": "domain#1.0.0",
  "certificate": "string",
  "certificate_chain": "string",
  "certificate_chain_path": "string",
  "certificate_path": "string",
  "domain_name": "string",
  "private_key": "string",
  "private_key_path": "string",
  "wildcard": true
}

PathRestrictions_1_0_0 Document

This object represents the path restrictions for a storage gateway or a sharing path restrictions for a mapped collection.

The values of each of the path lists in this object are interpreted using the POSIX pattern matching notation as described in fnmatch(3) with flags set to 0 with additional support for some special user-specific value interpolation:

~, $HOME: The user’s home directory if the storage gateway supports such a concept, / otherwise
$USER: The effective Storage Gateway-specific username that is being used for data access. For a Guest Collection, this is the username of the identity that created the Guest Collection.

These restrictions are evaluated at every data access. When evaluating restrictions, the user-specific interpolation is applied before the file name matching is evaluated.

Globus Connect Server evaluates its path restrictions from longest leading expression match to shortest. When pattern matching characters are present, they are considered as a lower priority match than a literal character, with more specific pattern characters given precedence. The precedence is thus literal character, bracket expression, ? (single-character wildcard), * (wildcard).

If multiple path restrictions apply, all matches are applied from longest to shortest, with the following rules for overriding values:

Path Restriction Override Precedence

longer restriction	shorter restriction	result
read_write	read	read_write
read_write	none	read_write
read	read_write	read_write
read	none	read
none	read_write	none
none	read	none

Name	Type	Description
DATA_TYPE	string `path_restrictions#1.0.0`	Type of this document
none	array of string `^[/~\$\\?\[].$`	List of paths which are denied any access
read	array of string `^[/~\$\\?\[].$`	List of paths which are allowed read-only access
read_write	array of string `^[/~\$\\?\[].$`	List of paths which are allowed read-write access

{
  "DATA_TYPE": "path_restrictions#1.0.0",
  "none": [
    "string"
  ],
  "read": [
    "string"
  ],
  "read_write": [
    "string"
  ]
}

PathRestrictions Document

This object represents the path restrictions for a storage gateway or a sharing path restrictions for a mapped collection.

~, $HOME: The user’s home directory if the storage gateway supports such a concept, / otherwise
$USER: The effective Storage Gateway-specific username that is being used for data access. For a Guest Collection, this is the username of the identity that created the Guest Collection.

These restrictions are evaluated at every data access. When evaluating restrictions, the user-specific interpolation is applied before the file name matching is evaluated.

If multiple path restrictions apply, all matches are applied from longest to shortest, with the following rules for overriding values:

Path Restriction Override Precedence

longer restriction	shorter restriction	result
read_write	read	read_write
read_write	none	read_write
read	read_write	read_write
read	none	read
none	read_write	none
none	read	none

One of the following schemas:

PathRestrictions_1_0_0

{
  "DATA_TYPE": "path_restrictions#1.0.0",
  "none": [
    "string"
  ],
  "read": [
    "string"
  ],
  "read_write": [
    "string"
  ]
}

SharingPolicy_1_0_0 Document

Sharing policies for a mapped collection.

This document type allows endpoint and collection administrators to optionally constrain sharing path policies for particular users. The sharing_restrict_paths property has a similar meaning to that of the sharing_restrict_paths in the collection document; however, it is in effect only for specific users.

If the users property is null, then the restriction applies to all users. If it is non-null, then this restriction applies only to accounts which have been mapped to the enumerated storage gateway user accounts.

Multiple sharing policies can be defined for a mapped collection. When a guest collection is created or accessed, only the policies relevant to the user which created the account are enforced.

Name	Type	Description
DATA_TYPE	string `sharing_policy#1.0.0`	Type of this document
collection_id	string <uuid>	Id of the mapped collection which this policy is associated with
id	string <uuid>	Unique id for this sharing policy
sharing_restrict_paths	PathRestrictions PathRestrictions_1_0_0	Restrictions on which paths may be shared in guest collections related to this mapped collection. These paths are relative to the root_path property of the mapped collection.
users	array of string	List of local user accounts that this policy applies to. If omitted or null, this restriction applies to all local user accounts.

{
  "DATA_TYPE": "sharing_policy#1.0.0",
  "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "sharing_restrict_paths": {
    "DATA_TYPE": "path_restrictions#1.0.0",
    "none": [
      "string"
    ],
    "read": [
      "string"
    ],
    "read_write": [
      "string"
    ]
  },
  "users": [
    "string"
  ]
}

Collection_1_0_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Name	Type	Description
DATA_TYPE	string `collection#1.0.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

Collection_1_1_0 Document

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus Web App when users visit the collection.

Name	Type	Description
DATA_TYPE	string `collection#1.1.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.1.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_2_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Name	Type	Description
DATA_TYPE	string `collection#1.2.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.2.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Domain Document

Custom domain description

One of the following schemas:

Domain_1_0_0

{
  "DATA_TYPE": "domain#1.0.0",
  "certificate": "string",
  "certificate_chain": "string",
  "certificate_chain_path": "string",
  "certificate_path": "string",
  "domain_name": "string",
  "private_key": "string",
  "private_key_path": "string",
  "wildcard": true
}

Collection_1_3_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Name	Type	Description
DATA_TYPE	string `collection#1.3.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain Domain_1_0_0	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.3.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_4_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Name	Type	Description
DATA_TYPE	string `collection#1.4.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain Domain_1_0_0	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.4.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_5_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Name	Type	Description
DATA_TYPE	string `collection#1.5.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain Domain_1_0_0	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.5.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_6_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Name	Type	Description
DATA_TYPE	string `collection#1.6.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain Domain_1_0_0	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.6.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_7_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Name	Type	Description
DATA_TYPE	string `collection#1.7.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain Domain_1_0_0	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.7.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_8_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Name	Type	Description
DATA_TYPE	string `collection#1.8.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
delete_protected	boolean	If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain Domain_1_0_0	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.8.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_9_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable permissions that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection permissions.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted. As of GCS 5.4.69, this is true by default.

Version 1.9.0 adds the read-only last_access and created_at properties.

Name	Type	Description
DATA_TYPE	string `collection#1.9.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME\|~)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. Support for `~` was added in API version 1.21.0. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
created_at	string <date>	Date on which this collection was created
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
delete_protected	boolean	If set to true, this collection can not be deleted. This property is available only on mapped collections. As of GCS 5.4.69, this is true by default.
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection allow anonymous write permissions or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain Domain_1_0_0	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections which do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before permissions are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
last_access	string <date>	Date on which this collection was last accessed
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or DropboxCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.9.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "created_at": "2019-08-24",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "last_access": "2019-08-24",
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Collection_1_10_0 Document