> For clean Markdown content of this page, append .md to this URL. For the complete documentation index, see https://learning.postman.com/llms.txt. For full content including API reference and SDK examples, see https://learning.postman.com/llms-full.txt.

# Approve or deny an access request

POST https://api.getpostman.com/teams/{teamId}/access-requests/{requestId}
Content-Type: application/json

Approve or deny a team's access request.

Reference: https://learning.postman.com/api-docs/api-reference/teams/approve-deny-access-request

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: Postman API
  version: 1.0.0
paths:
  /teams/{teamId}/access-requests/{requestId}:
    post:
      operationId: approveDenyAccessRequest
      summary: Approve or deny an access request
      description: Approve or deny a team's access request.
      tags:
        - teams
      parameters:
        - name: teamId
          in: path
          description: The team's ID.
          required: true
          schema:
            $ref: '#/components/schemas/teamId'
        - name: requestId
          in: path
          description: The access request's ID.
          required: true
          schema:
            $ref: '#/components/schemas/accessRequestId'
        - name: x-api-key
          in: header
          required: true
          schema:
            type: string
        - name: identifierType
          in: header
          description: Use SCIM user and group IDs instead of Postman user IDs.
          required: false
          schema:
            $ref: '#/components/schemas/identifierType'
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/approveDenyAccessRequestResponse'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/ApproveDenyAccessRequestRequestBadRequestError
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorTypeTitleDetailStatusInstance'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/teamsError'
        '404':
          description: Not Found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/teamsError'
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/teamsError'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/approveDenyAccessRequest'
servers:
  - url: https://api.getpostman.com
    description: https://api.getpostman.com
  - url: https://api.eu.postman.com
    description: https://api.eu.postman.com
components:
  schemas:
    teamId:
      type: integer
      title: teamId
    accessRequestId:
      type: integer
      title: accessRequestId
    identifierType:
      type: string
      title: identifierType
    ApproveDenyAccessRequestAction:
      type: string
      enum:
        - approve
        - deny
      description: Whether to approve or deny the access request.
      title: ApproveDenyAccessRequestAction
    approveDenyAccessRequest:
      type: object
      properties:
        action:
          $ref: '#/components/schemas/ApproveDenyAccessRequestAction'
          description: Whether to approve or deny the access request.
      required:
        - action
      title: approveDenyAccessRequest
    ApproveDenyAccessRequestResponseResultEntityId:
      oneOf:
        - type: integer
        - type: string
      description: The entity's ID.
      title: ApproveDenyAccessRequestResponseResultEntityId
    ApproveDenyAccessRequestResponseResultAccessRequest:
      type: object
      properties:
        id:
          type: integer
          description: The access request's ID.
        requestType:
          type: string
          description: The access request type.
        reason:
          type: string
          description: The reason the access request was created.
        status:
          type: string
          description: The access request's status.
        objectType:
          type: string
          description: The entity type.
        objectId:
          type: integer
          description: The entity's ID.
        createdBy:
          type: integer
          description: The user ID of the user who created the access request.
      description: Information about the access request.
      title: ApproveDenyAccessRequestResponseResultAccessRequest
    ApproveDenyAccessRequestResponseResult:
      type: object
      properties:
        entityType:
          type: string
          description: The entity type.
        entityId:
          $ref: '#/components/schemas/ApproveDenyAccessRequestResponseResultEntityId'
          description: The entity's ID.
        role:
          type: string
          description: The requested team role.
        previousRole:
          type:
            - string
            - 'null'
          description: >-
            The entity's previous role. This value only returns if the entity's
            role is modified.
        status:
          type: string
          description: The access request's status.
        accessRequest:
          $ref: >-
            #/components/schemas/ApproveDenyAccessRequestResponseResultAccessRequest
          description: Information about the access request.
      description: Information about the approved or denied access request.
      title: ApproveDenyAccessRequestResponseResult
    approveDenyAccessRequestResponse:
      type: object
      properties:
        result:
          $ref: '#/components/schemas/ApproveDenyAccessRequestResponseResult'
          description: Information about the approved or denied access request.
      title: approveDenyAccessRequestResponse
    TeamsErrorDetailError:
      type: object
      properties:
        name:
          type: string
          description: The error name.
        message:
          type: string
          description: The error message.
      description: Information about the error.
      title: TeamsErrorDetailError
    teamsErrorDetail:
      type: object
      properties:
        error:
          $ref: '#/components/schemas/TeamsErrorDetailError'
          description: Information about the error.
      description: An explanation about the problem.
      title: teamsErrorDetail
    TeamsErrorDetailInvalidEntriesResultItemsEntityId:
      oneOf:
        - type: integer
        - type: string
      description: The entity ID.
      title: TeamsErrorDetailInvalidEntriesResultItemsEntityId
    TeamsErrorDetailInvalidEntriesResultItems:
      type: object
      properties:
        entityType:
          type: string
          description: The entity type.
        entityId:
          $ref: >-
            #/components/schemas/TeamsErrorDetailInvalidEntriesResultItemsEntityId
          description: The entity ID.
        role:
          type:
            - string
            - 'null'
          description: The assigned role.
        status:
          type: string
          description: The `Invalid` response status.
        reason:
          type: string
          description: The reason for the error.
      title: TeamsErrorDetailInvalidEntriesResultItems
    teamsErrorDetailInvalidEntries:
      type: object
      properties:
        error:
          type: string
          description: The error message.
        result:
          type: array
          items:
            $ref: '#/components/schemas/TeamsErrorDetailInvalidEntriesResultItems'
          description: A list of invalid entities.
      description: An explanation about the problem.
      title: teamsErrorDetailInvalidEntries
    TeamsErrorDetail:
      oneOf:
        - $ref: '#/components/schemas/teamsErrorDetail'
        - $ref: '#/components/schemas/teamsErrorDetailInvalidEntries'
      title: TeamsErrorDetail
    teamsError:
      type: object
      properties:
        type:
          type: string
          format: uri-reference
          description: >-
            The [URI reference](https://www.rfc-editor.org/rfc/rfc3986) that
            identifies the type of problem.
        status:
          type: integer
          description: The HTTP status code generated by the origin server.
        title:
          type: string
          description: A short summary of the problem.
        detail:
          $ref: '#/components/schemas/TeamsErrorDetail'
        instance:
          type: string
          description: >-
            The URI reference that identifies the specific occurrence of the
            problem.
      title: teamsError
    commonErrorTypeTitleDetailStatusInstance:
      type: object
      properties:
        type:
          type: string
          format: uri-reference
          description: >-
            The [URI reference](https://www.rfc-editor.org/rfc/rfc3986) that
            identifies the type of problem.
        title:
          type: string
          description: A short summary of the problem.
        detail:
          type: string
          description: An explanation about the problem.
        status:
          type: integer
          description: The HTTP status code generated by the origin server.
        instance:
          type: string
          description: >-
            The URI reference that identifies the specific occurrence of the
            problem.
      title: commonErrorTypeTitleDetailStatusInstance
    ApproveDenyAccessRequestRequestBadRequestError:
      oneOf:
        - $ref: '#/components/schemas/teamsError'
        - $ref: '#/components/schemas/commonErrorTypeTitleDetailStatusInstance'
      title: ApproveDenyAccessRequestRequestBadRequestError
  securitySchemes:
    PostmanApiKey:
      type: apiKey
      in: header
      name: x-api-key
    scimApiKey:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        A valid [SCIM API
        key](https://learning.postman.com/docs/administration/scim-provisioning/scim-provisioning-overview/#generating-scim-api-key)
        for calls to SCIM endpoints.
    basicAuth:
      type: http
      scheme: basic

```

## Examples

### Approve an Access Request



**Request**

```json
{
  "action": "approve"
}
```

**Response**

```json
{
  "result": {
    "entityType": "user",
    "entityId": 87654321,
    "role": "TEAM_DEVELOPER",
    "previousRole": null,
    "status": "Accepted",
    "accessRequest": {
      "id": 1095,
      "requestType": "REQUEST_TO_ADD_MEMBERS",
      "reason": "",
      "status": "Accepted",
      "objectType": "team",
      "objectId": 1095,
      "createdBy": 87654321
    }
  }
}
```

**SDK Code**

```python Approve an Access Request
import requests

url = "https://api.getpostman.com/teams/123/access-requests/12345"

payload = { "action": "approve" }
headers = {
    "x-api-key": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript Approve an Access Request
const url = 'https://api.getpostman.com/teams/123/access-requests/12345';
const options = {
  method: 'POST',
  headers: {'x-api-key': '<apiKey>', 'Content-Type': 'application/json'},
  body: '{"action":"approve"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Approve an Access Request
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/teams/123/access-requests/12345"

	payload := strings.NewReader("{\n  \"action\": \"approve\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("x-api-key", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Approve an Access Request
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/teams/123/access-requests/12345")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["x-api-key"] = '<apiKey>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"action\": \"approve\"\n}"

response = http.request(request)
puts response.read_body
```

```java Approve an Access Request
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.getpostman.com/teams/123/access-requests/12345")
  .header("x-api-key", "<apiKey>")
  .header("Content-Type", "application/json")
  .body("{\n  \"action\": \"approve\"\n}")
  .asString();
```

```php Approve an Access Request
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.getpostman.com/teams/123/access-requests/12345', [
  'body' => '{
  "action": "approve"
}',
  'headers' => [
    'Content-Type' => 'application/json',
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Approve an Access Request
using RestSharp;

var client = new RestClient("https://api.getpostman.com/teams/123/access-requests/12345");
var request = new RestRequest(Method.POST);
request.AddHeader("x-api-key", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"action\": \"approve\"\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift Approve an Access Request
import Foundation

let headers = [
  "x-api-key": "<apiKey>",
  "Content-Type": "application/json"
]
let parameters = ["action": "approve"] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/teams/123/access-requests/12345")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```

### Deny an Access Request



**Request**

```json
{
  "action": "deny"
}
```

**Response**

```json
{
  "result": {
    "entityType": "user",
    "entityId": 87654321,
    "role": "TEAM_DEVELOPER",
    "status": "Denied",
    "accessRequest": {
      "id": 1095,
      "requestType": "REQUEST_TO_ADD_MEMBERS",
      "reason": "",
      "status": "Denied",
      "objectType": "team",
      "objectId": 1095,
      "createdBy": 87654321
    }
  }
}
```

**SDK Code**

```python Deny an Access Request
import requests

url = "https://api.getpostman.com/teams/123/access-requests/12345"

payload = { "action": "deny" }
headers = {
    "x-api-key": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript Deny an Access Request
const url = 'https://api.getpostman.com/teams/123/access-requests/12345';
const options = {
  method: 'POST',
  headers: {'x-api-key': '<apiKey>', 'Content-Type': 'application/json'},
  body: '{"action":"deny"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Deny an Access Request
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/teams/123/access-requests/12345"

	payload := strings.NewReader("{\n  \"action\": \"deny\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("x-api-key", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Deny an Access Request
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/teams/123/access-requests/12345")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["x-api-key"] = '<apiKey>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"action\": \"deny\"\n}"

response = http.request(request)
puts response.read_body
```

```java Deny an Access Request
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.getpostman.com/teams/123/access-requests/12345")
  .header("x-api-key", "<apiKey>")
  .header("Content-Type", "application/json")
  .body("{\n  \"action\": \"deny\"\n}")
  .asString();
```

```php Deny an Access Request
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.getpostman.com/teams/123/access-requests/12345', [
  'body' => '{
  "action": "deny"
}',
  'headers' => [
    'Content-Type' => 'application/json',
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Deny an Access Request
using RestSharp;

var client = new RestClient("https://api.getpostman.com/teams/123/access-requests/12345");
var request = new RestRequest(Method.POST);
request.AddHeader("x-api-key", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"action\": \"deny\"\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift Deny an Access Request
import Foundation

let headers = [
  "x-api-key": "<apiKey>",
  "Content-Type": "application/json"
]
let parameters = ["action": "deny"] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/teams/123/access-requests/12345")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```