Pulumi website screenshot

Pulumi

Pulumi is a modern infrastructure as code platform that allows you to use familiar programming languages to build, deploy, and manage cloud infrastructure. The Pulumi Cloud REST API enables programmatic access to manage organizations, stacks, deployments, environments, policy packs, webhooks, and other Pulumi Cloud resources.

2 APIs 0 Features
AutomationCloudDevOpsInfrastructure as CodeMulti-CloudStacksDeploymentsPolicy

APIs

Pulumi Cloud REST API

The Pulumi Cloud REST API exposes 446+ endpoints across 28 categories, including access tokens, AI/agents, audit logs, change gates and requests, deployments, environments (ESC)...

Pulumi Automation API

The Automation API enables you to build custom cloud interfaces for your technical end users. Build self-service developer portals, CLIs, frameworks, and more, programmatically ...

Agent Skills

package-usage

AGENT SKILL

provider-upgrade

AGENT SKILL

pulumi-arm-to-pulumi

AGENT SKILL

pulumi-automation-api

AGENT SKILL

pulumi-best-practices

AGENT SKILL

pulumi-cdk-to-pulumi

AGENT SKILL

pulumi-component

AGENT SKILL

pulumi-esc

AGENT SKILL

pulumi-neo-handoff

AGENT SKILL

upstream-patches

AGENT SKILL

Collections

Pricing Plans

Pulumi Plans Pricing

3 plans

PLANS

Rate Limits

Pulumi Rate Limits

5 limits

RATE LIMITS

FinOps

Pulumi Finops

FINOPS

Resources

🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
📰
Blog
Blog
👥
GitHubOrganization
GitHubOrganization
📝
Signup
Signup
🔗
Login
Login
💰
Pricing
Pricing
🟢
StatusPage
StatusPage
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
🔑
Authentication
Authentication
🔗
AgentSkills
AgentSkills

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Pulumi APIs
  version: 1.0.0
items:
- info:
    name: AI
    type: folder
  items:
  - info:
      name: AITemplate
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/ai/template'
      body:
        type: json
        data: '{}'
    docs: Generates a Pulumi template using the Pulumi AI service.
- info:
    name: Miscellaneous
    type: folder
  items:
  - info:
      name: Capabilities
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/capabilities'
    docs: Returns the set of capabilities that the service supports.
  - info:
      name: Version
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/cli/version'
    docs: Returns version information about the CLI.
  - info:
      name: Token
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/oauth/token'
      body:
        type: json
        data: '{}'
    docs: 'Exchanges an external identity provider token for a Pulumi access token using the OAuth 2.0 Token Exchange flow
      (RFC 8693).


      The request body must include:

      - `audience`: a URN identifying the target org (e.g., `urn:pulumi:org:{ORG_NAME}`)

      - `grant_type`: must be `urn:ietf:params:oauth:grant-type:token-exchange`

      - `subject_token`: the OIDC identity token from the external provider

      - `subject_token_type`: must be `urn:ietf:params:oauth:token-type:id_token`

      - `requested_token_type`: one of `urn:pul'
  - info:
      name: FetchRestSpecification
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/openapi/pulumi-spec.json'
    docs: Returns the OpenAPI v3 specification for the service.
- info:
    name: Organizations
    type: folder
  items:
  - info:
      name: ListChangeGates
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/change-gates/:orgName'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: entityType
        value: ''
        type: query
        description: The entity type to filter by
      - name: qualifiedName
        value: ''
        type: query
        description: The fully qualified entity name
    docs: Lists change gates for an entity within the organization. Change gates define approval requirements that must be
      satisfied before changes can be applied to infrastructure resources. Currently supports listing gates for a single entity
      specified by entityType and qualifiedName query parameters.
  - info:
      name: CreateChangeGate
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/change-gates/:orgName'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      body:
        type: json
        data: '{}'
    docs: Creates a new change gate for an entity in the organization. Change gates enforce approval workflows by requiring
      one or more approvals before infrastructure changes can be applied to the protected resource.
  - info:
      name: ReadChangeGate
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/change-gates/:orgName/:gateID'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: gateID
        value: ''
        type: path
        description: The change gate identifier
    docs: Retrieves the configuration and status of a specific change gate, including its approval requirements and the entity
      it protects.
  - info:
      name: UpdateChangeGate
      type: http
    http:
      method: PUT
      url: '{{baseUrl}}/api/change-gates/:orgName/:gateID'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: gateID
        value: ''
        type: path
        description: The change gate identifier
      body:
        type: json
        data: '{}'
    docs: Updates the configuration of an existing change gate, such as modifying its approval requirements or protected entity.
  - info:
      name: DeleteChangeGate
      type: http
    http:
      method: DELETE
      url: '{{baseUrl}}/api/change-gates/:orgName/:gateID'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: gateID
        value: ''
        type: path
        description: The change gate identifier
    docs: Deletes a change gate, removing the approval requirement from the protected entity. Changes to the entity will no
      longer require approval.
  - info:
      name: ListChangeRequests
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/change-requests/:orgName'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: continuationToken
        value: ''
        type: query
        description: Continuation token for paginated results
      - name: count
        value: ''
        type: query
        description: Number of items to return
      - name: entityId
        value: ''
        type: query
        description: The entity identifier to filter by
      - name: entityType
        value: ''
        type: query
        description: The entity type to filter by
    docs: Lists change requests for an organization with support for pagination and filtering by entity type and entity ID.
      Change requests represent proposed infrastructure modifications that require approval before being applied.
  - info:
      name: ReadChangeRequest
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
    docs: Retrieves the details of a specific change request, including its current status, description, approvals, and the
      proposed infrastructure changes.
  - info:
      name: UpdateChangeRequest
      type: http
    http:
      method: PATCH
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
      body:
        type: json
        data: '{}'
    docs: Updates a change request's metadata. Currently only the description field can be modified after creation.
  - info:
      name: ApplyChangeRequest
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID/apply'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
    docs: Applies an approved change request, triggering the execution of the proposed infrastructure changes. The change
      request must have received the required number of approvals before it can be applied. Returns 409 if there is a conflict
      preventing application.
  - info:
      name: ApproveChangeRequest
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID/approve'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
      body:
        type: json
        data: '{}'
    docs: Records an approval for a change request from the authenticated user. Once the required number of approvals is met,
      the change request can be applied.
  - info:
      name: UnapproveChangeRequest
      type: http
    http:
      method: DELETE
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID/approve'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
      body:
        type: json
        data: '{}'
    docs: Withdraws a previously given approval for a change request. If the change request no longer has the required number
      of approvals after withdrawal, it cannot be applied until additional approvals are granted.
  - info:
      name: CloseChangeRequest
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID/close'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
      body:
        type: json
        data: '{}'
    docs: Closes a change request without applying it. The proposed infrastructure changes are discarded and the request is
      marked as closed.
  - info:
      name: AddChangeRequestComment
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID/comments'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
      body:
        type: json
        data: '{}'
    docs: Adds a comment to a change request without approving or closing it. This allows reviewers to provide feedback or
      ask questions before making a decision.
  - info:
      name: ListChangeRequestEvents
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID/events'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
      - name: continuationToken
        value: ''
        type: query
        description: Continuation token for paginated results
    docs: Lists the event log for a change request, including approvals, status changes, and other lifecycle events. Supports
      pagination via continuation token.
  - info:
      name: SubmitChangeRequest
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/change-requests/:orgName/:changeRequestID/submit'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: changeRequestID
        value: ''
        type: path
        description: The change request identifier
      body:
        type: json
        data: '{}'
    docs: Submits a draft change request for approval. Once submitted, the request enters the review workflow and requires
      the configured number of approvals before it can be applied.
  - info:
      name: GetOrganization
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: Returns detailed information about the specified organization, including its name, display name, avatar URL, enabled
      features, subscription tier, and access control settings. The response includes member count, team availability, and
      other configuration relevant to the caller's role within the organization.
  - info:
      name: UpdateOrganizationSettings
      type: http
    http:
      method: PATCH
      url: '{{baseUrl}}/api/orgs/:orgName'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      body:
        type: json
        data: '{}'
    docs: Updates an organization's settings, such as the default stack permission level for new members, whether members
      can create teams, and other organization-wide configuration options. Returns the updated organization metadata.
  - info:
      name: ListAuditLogEventsHandlerV1
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: continuationToken
        value: ''
        type: query
        description: Token for paginated result retrieval
      - name: endTime
        value: ''
        type: query
        description: Upper bound of the query range (unix timestamp)
      - name: eventFilter
        value: ''
        type: query
        description: Filter audit logs by event type
      - name: format
        value: ''
        type: query
        description: 'Response format: ''json'' (default)'
      - name: startTime
        value: ''
        type: query
        description: Returns entries older than this timestamp (unix timestamp)
      - name: userFilter
        value: ''
        type: query
        description: Filter audit logs by username
    docs: Lists audit log events for an organization. Either continuationToken or startTime is required. Supports filtering
      by event type and user.
  - info:
      name: ExportAuditLogEventsHandlerV1
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/export'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: continuationToken
        value: ''
        type: query
        description: Token for paginated result retrieval
      - name: endTime
        value: ''
        type: query
        description: Upper bound of the query range (unix timestamp)
      - name: eventFilter
        value: ''
        type: query
        description: Filter audit logs by event type
      - name: format
        value: ''
        type: query
        description: 'Response format: ''cef'' or ''csv'' (defaults to csv)'
      - name: startTime
        value: ''
        type: query
        description: Returns entries older than this timestamp (unix timestamp)
      - name: userFilter
        value: ''
        type: query
        description: Filter audit logs by username
    docs: 'Exports audit log events for an organization in a downloadable format. Audit logs provide an immutable record of
      all user activity within the organization, including stack operations, member changes, and policy modifications. Results
      can be filtered by time range, event type, and user. Supported export formats are CSV and CEF (Common Event Format for
      SIEM integration). Pagination is supported via the continuationToken parameter.


      **Important:** This endpoint differs from other API endpoints:

      - T'
  - info:
      name: GetAuditLogExportConfiguration
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/export/config'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: 'GetAuditLogExportConfiguration returns the organization''s current audit log export configuration.

      If the organization has not configured its audit logs for export, returns a 404.'
  - info:
      name: UpdateAuditLogExportConfiguration
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/export/config'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      body:
        type: json
        data: '{}'
    docs: Creates or updates the organization's automated audit log export configuration. Audit log export enables automatic
      delivery of audit events to an S3 bucket for long-term retention and SIEM integration. The configuration includes the
      S3 bucket details and IAM role for authentication. This feature is available on Business Critical edition.
  - info:
      name: DeleteAuditLogExportConfiguration
      type: http
    http:
      method: DELETE
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/export/config'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: 'DeleteAuditLogExportConfiguration removes an organization''s audit log export settings.

      Skip feature validation so removal can happen if org no longer has access to feature.'
  - info:
      name: ForceAuditLogExport
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/export/config/force'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: timestamp
        value: ''
        type: query
        description: Unix timestamp to export audit logs for (used for backfilling missed data)
    docs: 'ForceAuditLogExport exports the audit logs for the organization for a user-supplied timestamp.

      This can be used to backfill data that may have been missed due to an outage or permissions issue.'
  - info:
      name: TestAuditLogExportConfiguration
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/export/config/test'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      body:
        type: json
        data: '{}'
    docs: 'TestAuditLogExportConfiguration uses the provided audit log configuration and

      checks if we are able to successfully write some data.'
  - info:
      name: GetAuditLogsReaderKind
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/reader-kind'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: 'GetAuditLogsReaderKind returns whether the audit log is being read

      from MySQL or DynamoDB to control the event filtering UI on the front end.'
  - info:
      name: ListAuditLogEventsHandlerV2
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/v2'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: continuationToken
        value: ''
        type: query
        description: Token for paginated result retrieval
      - name: endTime
        value: ''
        type: query
        description: Upper bound of the query range (unix timestamp)
      - name: eventFilter
        value: ''
        type: query
        description: Filter audit logs by event type
      - name: format
        value: ''
        type: query
        description: 'Response format: ''json'' (default)'
      - name: startTime
        value: ''
        type: query
        description: Lower bound of the query range (unix timestamp)
      - name: userFilter
        value: ''
        type: query
        description: Filter audit logs by username
    docs: Lists audit log events for an organization. Uses startTime as the lower bound and endTime as the upper bound of
      the query range. Supports filtering by event type and user.
  - info:
      name: ExportAuditLogEventsHandlerV2
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/auditlogs/v2/export'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: continuationToken
        value: ''
        type: query
        description: Token for paginated result retrieval
      - name: endTime
        value: ''
        type: query
        description: Upper bound of the query range (unix timestamp)
      - name: eventFilter
        value: ''
        type: query
        description: Filter audit logs by event type
      - name: format
        value: ''
        type: query
        description: 'Response format: ''cef'' or ''csv'' (defaults to csv)'
      - name: startTime
        value: ''
        type: query
        description: Lower bound of the query range (unix timestamp)
      - name: userFilter
        value: ''
        type: query
        description: Filter audit logs by username
    docs: Exports audit log events in a downloadable format (CSV or CEF). Supports filtering by time range using startTime
      (lower bound) and endTime (upper bound), as well as filtering by event type and user.
  - info:
      name: GetAuthPolicy
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/auth/policies/oidcissuers/:issuerId'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: issuerId
        value: ''
        type: path
        description: The OIDC issuer identifier
    docs: Returns the authentication policy associated with a specific OIDC issuer registration. Authentication policies define
      rules for how OIDC tokens from the issuer are validated and what access they grant, including claim mappings and trust
      conditions.
  - info:
      name: UpdateAuthPolicy
      type: http
    http:
      method: PATCH
      url: '{{baseUrl}}/api/orgs/:orgName/auth/policies/:policyId'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: policyId
        value: ''
        type: path
        description: The policy identifier
      body:
        type: json
        data: '{}'
    docs: 'Updates an authentication policy for an organization. Authentication policies define rules for how OIDC tokens
      are validated and what access they grant, including claim mappings, trust conditions, and role assignments. The policy
      definition cannot be empty.


      The request body contains a `policies` array where each policy object includes:

      - `decision`: `allow` or `deny`

      - `tokenType`: `organization`, `team`, `personal`, or `runner`

      - `teamName`: required when tokenType is `team`

      - `userLogin`: req'
  - info:
      name: TransferAllStacks
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/bulk-transfer/stacks'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      body:
        type: json
        data: '{}'
    docs: 'TransferAllStacks transfers all active stacks from one org to another, where deleted stacks

      will be skipped/ignored. We are currently constraining usage of this function to organizations

      with less than or equal to TransferAllStacksMax stacks.


      NOTE: This operation will lock the organization while the transfer is in-progress, to

      rewrite all checkpoint files that use service-managed secrets. This means that the

      organization will be read-only and no stack updates can begin until the rename process

      '
  - info:
      name: ListOrganizationKeys
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/cmk'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: Returns all customer managed keys (CMK) configured for an organization, including their key identifiers, cloud provider
      details, enabled status, and which key is set as the default for new stacks.
  - info:
      name: CreateOrganizationKey
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/cmk'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      body:
        type: json
        data: '{}'
    docs: Creates a new customer managed key (CMK) for an organization, allowing the organization to use their own encryption
      keys for securing secrets stored in Pulumi Cloud. The key must be a valid cloud provider key (e.g., AWS KMS). Once created,
      the key can be set as the default encryption key for all new stacks in the organization.
  - info:
      name: DisableAllOrganizationKeys
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/cmk/disable'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: Disables all customer managed keys (CMK) for an organization, reverting to Pulumi-managed encryption for secrets.
      After disabling, new stacks will use the default Pulumi-managed encryption rather than customer-provided keys.
  - info:
      name: ListOrganizationKeyMigrations
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/cmk/migration'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: Returns all key encryption key (KEK) migrations for an organization. KEK migrations track the process of re-encrypting
      secrets when rotating customer managed keys. Each migration record includes the source and destination keys, status,
      and any errors encountered during the migration process.
  - info:
      name: RetryOrganizationKeyMigrations
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/cmk/migration/retry'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: Retries any failed key encryption key (KEK) migrations for an organization. KEK migrations can fail due to transient
      errors when re-encrypting secrets during customer managed key rotation. This endpoint re-attempts the failed migrations
      without restarting the entire process.
  - info:
      name: SetDefaultOrganizationKey
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/cmk/:keyID/default'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: keyID
        value: ''
        type: path
        description: The key identifier
    docs: Sets a customer managed key as the default encryption key for the organization. New stacks created in the organization
      will use this key for encrypting secrets by default. The key must already be created and enabled for the organization.
  - info:
      name: DisableOrganizationKey
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/cmk/:keyID/disable'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: keyID
        value: ''
        type: path
        description: The key identifier
      body:
        type: json
        data: '{}'
    docs: Disables a specific customer managed key (CMK) for an organization. The key can no longer be used for encrypting
      new secrets, but existing secrets encrypted with this key remain accessible.
  - info:
      name: GetUsageSummaryDiscoveredResourceHours
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/discovered-resources/summary'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: granularity
        value: ''
        type: query
        description: Time granularity for aggregation (e.g., 'hourly', 'daily', 'monthly')
      - name: lookbackDays
        value: ''
        type: query
        description: Number of days to look back from the current time or lookbackStart
      - name: lookbackStart
        value: ''
        type: query
        description: Unix timestamp for the start of the lookback period (defaults to current time if omitted)
    docs: 'GetUsageSummaryDiscoveredResourceHours handles request to fetch the summary

      of discovered resources for an organization.'
  - info:
      name: ListOrganizationWebhooks
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/hooks'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
    docs: Returns all webhooks configured at the organization level. Each webhook in the response includes its name, destination
      URL, format (generic JSON, Slack, or Microsoft Teams), active status, and subscribed event filters. Organization-level
      webhooks can fire on stack lifecycle events, deployment events, drift detection events, and policy violation events.
  - info:
      name: CreateOrganizationWebhook
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/hooks'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      body:
        type: json
        data: '{}'
    docs: 'Creates a new webhook for an organization to notify external services when events occur. Webhooks can be configured
      to fire on stack events (created, deleted, update succeeded/failed), deployment events (queued, started, succeeded,
      failed), drift detection events, and policy violation events (mandatory, advisory).


      The `format` field accepts: `raw` (default), `slack`, `ms_teams`, or `pulumi_deployments`.


      The `filters` field accepts a list of event types to subscribe to. See the [webhook event f'
  - info:
      name: GetOrganizationWebhook
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/hooks/:hookName'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: hookName
        value: ''
        type: path
        description: The webhook name identifier
    docs: Returns the configuration of a specific organization-level webhook, including its name, destination URL, format
      (generic JSON, Slack, or Microsoft Teams), active status, event filter subscriptions, and whether a shared secret is
      configured for HMAC signature verification.
  - info:
      name: UpdateOrganizationWebhook
      type: http
    http:
      method: PATCH
      url: '{{baseUrl}}/api/orgs/:orgName/hooks/:hookName'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: hookName
        value: ''
        type: path
        description: The webhook name identifier
      body:
        type: json
        data: '{}'
    docs: Updates an existing organization-level webhook's configuration, including its destination URL, format, active status,
      event filter subscriptions, and shared secret. The 'pulumi_deployments' format can only be used on stack or environment
      webhooks, not organization-level ones.
  - info:
      name: DeleteOrganizationWebhook
      type: http
    http:
      method: DELETE
      url: '{{baseUrl}}/api/orgs/:orgName/hooks/:hookName'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: hookName
        value: ''
        type: path
        description: The webhook name identifier
    docs: Permanently deletes an organization-level webhook. The webhook will no longer receive event notifications for stack
      updates, deployments, drift detection, or policy violations. This action cannot be undone.
  - info:
      name: GetOrganizationWebhookDeliveries
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/orgs/:orgName/hooks/:hookName/deliveries'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
      - name: hookName
        value: ''
        type: path
        description: The webhook name identifier
    docs: Returns the recent delivery history for a specific webhook, including the HTTP status code, response time, request
      payload, and delivery timestamp for each attempt. This allows monitoring webhook health and diagnosing delivery failures.
      Each delivery includes a unique Pulumi-Webhook-ID.
  - info:
      name: RedeliverOrganizationWebhookEvent
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/orgs/:orgName/hooks/:hookName/deliveries/:event/redeliver'
      params:
      - name: orgName
        value: ''
        type: path
        description: The organization name
     

# --- truncated at 32 KB (482 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/pulumi/refs/heads/main/apis.yml