APIIdentity & Access
Environments API
Environments represent isolated tenant workspaces, each mapping to a distinct Redshift schema. Data isolation is enforced at the environment level — all FinOps queries and Redshift health checks are scoped to the environment embedded in the authenticated user's JWT.
Endpoints
| Method | Path | Description | Required Permission |
|---|---|---|---|
| GET | /environments | List all environments available to the tenant | iam:read |
| GET | /environments/{id} | Get environment details including connection config | iam:read |
| POST | /environments | Create a new environment with Redshift connection details | iam:admin |
| PUT | /environments/{id} | Update environment name or connection parameters | iam:admin |
Environment Object
Environment Response Object
{
"id": "env_prod_us_east",
"name": "Production US-East",
"redshift_host": "quper-cluster.abc123.us-east-1.redshift.amazonaws.com",
"redshift_db": "quper_db",
"redshift_schema": "quper_prod",
"aws_region": "us-east-1",
"created_at": "2024-01-05T10:00:00Z"
}Environment Fields Reference
| Field | Type | Description |
|---|---|---|
| id | string | Unique identifier embedded in user JWTs as env_id |
| name | string | Human-readable environment label shown in the UI switcher |
| redshift_host | string | Redshift cluster endpoint hostname |
| redshift_db | string | Name of the Redshift database to connect to |
| redshift_schema | string | Redshift schema used for this environment. All queries are prefixed with this schema to enforce data isolation. |
| aws_region | string | AWS region where the Redshift cluster is deployed (e.g., us-east-1) |
| created_at | string (ISO 8601) | Timestamp when the environment was created |
Environment ID in JWT
The
env_id claim in the user's JWT determines which environment is active for all API calls. The Redshift schema corresponding to that environment is automatically applied to every data query. Users can switch environments via the UI, which re-issues a JWT with the new env_id.Data Isolation
Each environment maps to a unique redshift_schema. All SQL queries executed by the API and the Vidura agent are scoped to this schema:
Schema-Scoped Query Example
-- All queries are automatically prefixed with the environment schema
SELECT * FROM quper_prod.cost_usage_view
WHERE account_id = 'acme-prod'
AND usage_date >= CURRENT_DATE - 30;