> ## Documentation Index > Fetch the complete documentation index at: https://docs.nscale.com/llms.txt > Use this file to discover all available pages before exploring further. # Get group > Allows a single group to be polled. ## OpenAPI ````yaml /openapi/identity-openapi.yaml get /api/v1/organizations/{organizationID}/groups/{groupid} openapi: 3.0.3 info: title: Identity API description: >- The Identity API provides an OIDC compliant interface for use with all official and 3rd party services and proxies. As its intended use is for multi-tenant cloud deployments, it acts as an aggregation layer for other 3rd party OIDC services, dispatching login requests to the required OIDC backend. Token introspection forms the basis of role based access control across all APIs. For security purposes, access tokens and refresh tokens are limited to a single session per client, thus if they are being consumed by a horizontally scalable platform care must be taken to ensure token rotation is handled atomically by a single process, and the tokens are distributed to each service instance synchronously. version: 1.11.0 servers: - url: https://identity.nks.europe-west4.nscale.com security: [] paths: /api/v1/organizations/{organizationID}/groups/{groupid}: description: >- Allows management of organization groups. Groups bind users and service accounts to roles and allow those users to perform API requests as defined by those roles. Groups are then typically linked to projects that grant the users the ability to perform project scoped operations, such as provisioning infrastructure. parameters: - $ref: '#/components/parameters/organizationIDParameter' - $ref: '#/components/parameters/groupidParameter' get: tags: - Groups summary: Get group description: Allows a single group to be polled. responses: '200': $ref: '#/components/responses/groupResponse' '401': $ref: '#/components/responses/unauthorizedResponse' '403': $ref: '#/components/responses/forbiddenResponse' '500': $ref: '#/components/responses/internalServerErrorResponse' security: - oauth2Authentication: [] components: parameters: organizationIDParameter: name: organizationID in: path description: An organization ID. required: true schema: type: string groupidParameter: name: groupid in: path description: A unique group ID. required: true schema: type: string responses: groupResponse: description: A group in the organization. content: application/json: schema: $ref: '#/components/schemas/groupRead' example: metadata: id: a142f641-7fd6-4ab9-a875-344c7ebadc53 name: a-team organizationId: d4600d6e-e965-4b44-a808-84fb2fa36702 creationTime: '2024-05-31T14:11:00Z' provisioningStatus: provisioned healthStatus: healthy spec: userIDs: - d4600d6e-e965-4b44-a808-84fb2fa36702 serviceAccountIDs: - a0e9c93a-3a47-4ea1-9caf-22757428a810 roleIDs: - d4600d6e-e965-4b44-a808-84fb2fa36702 unauthorizedResponse: description: Authentication failed or the access token has expired. content: application/json: schema: $ref: '#/components/schemas/error' example: error: access_denied error_description: authentication failed forbiddenResponse: description: >- Request was denied by authorization, this may be caused by the authorization token not having the required scope for an API, or the user doesn't have the necessary privileges on the provider platform. content: application/json: schema: $ref: '#/components/schemas/error' example: error: forbidden error_description: user credentials do not have the required privileges internalServerErrorResponse: description: >- An unexpected or unhandled error occurred. This may be a transient error and may succeed on a retry. If this isn't the case, please report it as an issue. content: application/json: schema: $ref: '#/components/schemas/error' example: error: server_error error_description: failed to token claim schemas: groupRead: description: A group when read. type: object required: - metadata - spec properties: metadata: $ref: '#/components/schemas/organizationScopedResourceReadMetadata' spec: $ref: '#/components/schemas/groupSpec' error: description: Generic error message, compatible with oauth2. type: object required: - error - error_description properties: error: description: >- A terse error string expanding on the HTTP error code. Errors are based on the OAuth 2.02 specification, but are expanded with proprietary status codes for APIs other than those specified by OAuth 2.02. type: string enum: - invalid_request - server_error - access_denied - not_found - conflict - method_not_allowed - unsupported_media_type - request_entity_too_large - forbidden error_description: description: Verbose message describing the error. type: string organizationScopedResourceReadMetadata: description: Metadata required by organization scoped resource reads. allOf: - $ref: '#/components/schemas/resourceReadMetadata' - type: object required: - organizationId properties: organizationId: description: The organization identifier the resource belongs to. type: string groupSpec: description: A group. type: object required: - serviceAccountIDs - roleIDs properties: subjects: description: list of subjects that are assigned to this group type: array items: $ref: '#/components/schemas/subject' userIDs: $ref: '#/components/schemas/stringList' serviceAccountIDs: $ref: '#/components/schemas/stringList' roleIDs: $ref: '#/components/schemas/stringList' resourceReadMetadata: description: Metadata required by all resource reads. allOf: - $ref: '#/components/schemas/staticResourceMetadata' - type: object required: - provisioningStatus - healthStatus properties: deletionTime: description: The time the resource was deleted. type: string format: date-time provisioningStatus: $ref: '#/components/schemas/resourceProvisioningStatus' healthStatus: $ref: '#/components/schemas/resourceHealthStatus' subject: description: A user account, as described when member of a group. type: object required: - id - issuer properties: id: description: The identitifier for this subject, given by the issuer. type: string email: description: An email for the user, if supplied by the issuer. type: string issuer: description: The issuer URL. type: string stringList: description: A list of strings. type: array items: description: An arbitrary string. type: string staticResourceMetadata: description: | This metadata is for resources that just exist, and don't require any provisioning and health status, but benefit from a standardized metadata format. type: object allOf: - $ref: '#/components/schemas/resourceMetadata' - type: object required: - id - creationTime properties: id: description: The unique resource ID. type: string creationTime: description: The time the resource was created. type: string format: date-time createdBy: description: The user who created the resource. type: string modifiedTime: description: The time a resource was updated. type: string format: date-time modifiedBy: description: The user who updated the resource. type: string resourceProvisioningStatus: description: The provisioning state of a resource. type: string enum: - unknown - provisioning - provisioned - deprovisioning - error resourceHealthStatus: description: The health state of a resource. type: string enum: - unknown - healthy - degraded - error resourceMetadata: description: Metadata required for all API resource reads and writes. required: - name properties: name: $ref: '#/components/schemas/kubernetesLabelValue' description: description: >- The resource description, this optionally augments the name with more context. type: string tags: $ref: '#/components/schemas/tagList' kubernetesLabelValue: description: >- A valid Kubernetes label value, typically used for resource names that can be indexed in the database. type: string pattern: ^[0-9A-Za-z](?:[0-9A-Za-z-_.]{0,61}[0-9A-Za-z])?$ tagList: description: A list of tags. type: array items: $ref: '#/components/schemas/tag' tag: description: >- A tag mapping arbitrary names to values. These have no special meaning for any component are are intended for use by end users to add additional context to a resource, for example to categorize it. type: object required: - name - value properties: name: description: A unique tag name. type: string value: description: The value of the tag. type: string securitySchemes: oauth2Authentication: description: Operation requires OAuth 2.0 bearer token authentication. type: oauth2 flows: authorizationCode: authorizationUrl: https://identity.nks.europe-west4.nscale.com/oauth2/v2/authorization tokenUrl: https://identity.nks.europe-west4.nscale.com/oauth2/v2/token scopes: {} ````