Create Resource
Creates a new cloud resource in your organization. Resources must be linked to existing cloud credentials and represent infrastructure that will be dynamically whitelisted during sessions.
Request
POST /resources
Authentication
Requires Bearer JWT Token with ORG_ADMIN role.
Authorization: Bearer <access_token>
Request Body
{
"name": "Production API Gateway",
"credentialId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"provider": "AWS",
"resourceType": "SECURITY_GROUP",
"resourceIdentifier": "sg-0abc123def456",
"region": "eu-central-1",
"config": {
"port": 443,
"protocol": "tcp"
}
}
Body Parameters
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Human-readable resource name |
credentialId | UUID | Yes | ID of existing cloud credential to use |
provider | string | Yes | Cloud provider: AWS, GCP, AZURE, or APISIX |
resourceType | string | Yes | Type of resource (e.g., SECURITY_GROUP) |
resourceIdentifier | string | Yes | Cloud provider's resource ID (e.g., sg-abc123) |
region | string | No | Cloud region (required for AWS, optional for others) |
config | object | No | Resource-specific configuration (e.g., {"port": 443, "protocol": "tcp"}) |
Config Object Examples
AWS Security Group:
{
"port": 443,
"protocol": "tcp"
}
Multiple ports:
{
"ports": [22, 80, 443],
"protocol": "tcp"
}
Response
Success Response
Status Code: 201 Created
Response Body:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Production API Gateway",
"credentialId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"credentialName": "AWS Production Account",
"provider": "AWS",
"resourceType": "SECURITY_GROUP",
"resourceIdentifier": "sg-0abc123def456",
"region": "eu-central-1",
"config": {
"port": 443,
"protocol": "tcp"
},
"isActive": false,
"lastVerifiedAt": null,
"createdAt": "2026-02-18T11:00:00Z",
"updatedAt": "2026-02-18T11:00:00Z"
}
Response Fields
| Field | Type | Description |
|---|---|---|
id | UUID | Unique resource identifier (generated) |
name | string | Human-readable resource name |
credentialId | UUID | ID of linked cloud credential |
credentialName | string | Name of linked cloud credential |
provider | string | Cloud provider |
resourceType | string | Type of resource |
resourceIdentifier | string | Cloud provider's resource ID |
region | string | Cloud region |
config | object | Resource-specific configuration |
isActive | boolean | Initially false until first verification |
lastVerifiedAt | string (ISO 8601) | null for new resources |
createdAt | string (ISO 8601) | Resource creation timestamp |
updatedAt | string (ISO 8601) | Last update timestamp |
Error Responses
| Status Code | Error | Description |
|---|---|---|
400 Bad Request | VALIDATION_ERROR | Invalid request body or missing required fields |
400 Bad Request | MAX_RESOURCES_REACHED | Organization has reached maximum resource limit for current tier |
401 Unauthorized | UNAUTHORIZED | Missing or invalid authentication token |
403 Forbidden | FORBIDDEN | User lacks ORG_ADMIN role |
404 Not Found | CREDENTIAL_NOT_FOUND | Specified credentialId does not exist |
429 Too Many Requests | RATE_LIMIT_EXCEEDED | Rate limit exceeded |
500 Internal Server Error | INTERNAL_ERROR | Server error occurred |
Error Response Example
{
"error": "MAX_RESOURCES_REACHED",
"message": "Organization has reached maximum of 3 resources for Free tier. Add credits to unlock unlimited resources.",
"timestamp": "2026-02-18T11:00:00Z"
}
Example
Request
curl -X POST https://api.entryguard.io/api/v1/resources \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json" \
-d '{
"name": "Production API Gateway",
"credentialId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"provider": "AWS",
"resourceType": "SECURITY_GROUP",
"resourceIdentifier": "sg-0abc123def456",
"region": "eu-central-1",
"config": {
"port": 443,
"protocol": "tcp"
}
}'
Response
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Production API Gateway",
"credentialId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"credentialName": "AWS Production Account",
"provider": "AWS",
"resourceType": "SECURITY_GROUP",
"resourceIdentifier": "sg-0abc123def456",
"region": "eu-central-1",
"config": {
"port": 443,
"protocol": "tcp"
},
"isActive": false,
"lastVerifiedAt": null,
"createdAt": "2026-02-18T11:00:00Z",
"updatedAt": "2026-02-18T11:00:00Z"
}
Notes
- New resources are created with
isActive: falseuntil first verification - Use the Verify Resource endpoint to test connectivity
- Resource limits vary by plan (Free: 3, Paid: unlimited)
- The credential must belong to the same organization