openapi: 3.1.0 info: title: Rubrik Security Cloud API description: | Rubrik Security Cloud (RSC) exposes a GraphQL API for managing data protection, recovery, and security operations. All operations are performed via a single GraphQL endpoint using HTTP POST. version: "1.0.0" contact: name: Rubrik Developer Center url: https://developer.rubrik.com/Rubrik-Security-Cloud-API/ servers: - url: https://{rsc_fqdn}/api description: Rubrik Security Cloud instance variables: rsc_fqdn: default: example.my.rubrik.com description: Fully qualified domain name of the RSC instance. security: - bearerAuth: [] paths: /client_token: post: summary: Issue an OAuth2 access token (service account) description: | Submits client credentials (client_id, client_secret, grant_type) and returns an OAuth2 access token used as a bearer token on subsequent API calls. operationId: createClientToken security: [] requestBody: required: true content: application/json: schema: type: object required: [client_id, client_secret, grant_type] properties: client_id: type: string client_secret: type: string grant_type: type: string enum: [client_credentials] responses: "200": description: Access token issued content: application/json: schema: type: object properties: access_token: type: string expires_in: type: integer token_type: type: string "401": description: Invalid credentials /oauth/token: post: summary: Exchange an authorization code for an access token description: OAuth2 Authorization Code with PKCE token exchange endpoint. operationId: exchangeAuthorizationCode security: [] requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object required: [grant_type, code, code_verifier, client_id, redirect_uri] properties: grant_type: type: string enum: [authorization_code] code: type: string code_verifier: type: string client_id: type: string redirect_uri: type: string responses: "200": description: Access token issued "400": description: Invalid request /graphql: post: summary: Execute a GraphQL query or mutation description: | Single GraphQL endpoint for all RSC operations. Submit GraphQL queries and mutations as JSON. Responses contain only the fields requested in the query. operationId: executeGraphQL requestBody: required: true content: application/json: schema: type: object required: [query] properties: query: type: string description: GraphQL query or mutation document. variables: type: object additionalProperties: true operationName: type: string responses: "200": description: GraphQL response payload content: application/json: schema: type: object properties: data: type: object additionalProperties: true errors: type: array items: type: object additionalProperties: true "401": description: Missing or invalid bearer token /session: delete: summary: Revoke the current session description: Revokes the session associated with the supplied bearer token. operationId: revokeSession responses: "204": description: Session revoked "401": description: Missing or invalid bearer token components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: OAuth2 access token obtained via /client_token or /oauth/token.