{ "openapi": "3.0.1", "info": { "title": "Entrust Identity as a Service Administration API", "description": "This document describes how to manage your Identity as a Service account using Administration (Admin) API calls. This\nAPI allows you to seamlessly perform administrative actions on Identity as a Service without logging in to the Identity\nas a Service Administrator portal.\n\n# Prerequisites\n\nConfirm the following before executing the Admin API calls included in this guide:\n\n- An Admin API application has been created on your Identity as a Service account. The application must be configured\n with a role that has the permissions needed by your application. Identity as a Service allows you to download a JSON\n file once the application is created.\n- The Application ID and Shared Secret parameter values are easily accessible. They must be entered into the body of the\n Admin APi request. The required values are displayed after creating the Administration API application on Identity as\n a Service. Upon creation, you can either copy these values to your clipboard or download them as a JSON file.\n- The Admin API application configuration data has been downloaded and is available for use.\n\n# Identity as a Service Administration APIs\n\nIdentity as a Service administration APIs are grouped into the following categories. You can only perform the API calls\npermitted by the role assigned to your Administration API application on Identity as a Service. See the **Identity as a\nService Administrator Help** for more information on Identity as a Service roles:\n\n### Admin Authentication\n\nThese APIs facilitate authentication between your Admin API application and Identity as a Service. You must make this\ncall before making any other Admin API calls. The call generates an authentication token value that must be included in\nall other Admin API requests.\n\nThe Admin API authentication response includes the token's expiration time. For instance:\n\n```json\n{\n \"authToken\": \"GLrKMuDGiIWPJooDRFTZIHc65RyjJBiPdy4b5xNR8fKxXfwy4tbSIvh+xiFHlJ2p6tm3FuOZ34sxjCHYbDa77eLrxFcMuwYjRMmLWsUIGfkpfg33Wb/5X01Xag4Vdjz5DpVKfCg/OL2rnd4tfCfzM9FoY+vY/sllGgRtQkGeZodsi+QvazqQS1iJ5e6i5ouR05P52YsLgmMlZ4mUfH3JiXZmkkAJvXuM3oj9msi/a4ULWeUGYW5oHM5Gs6ab37baa5xzVykzowHdIoZMVeC8+zVqDr+yXTAHVysBYQHngyckgBizDc2g49RgRTEz2k+yRIvwUU5swGzKtgt6kYtyyFM8YdeODB59Fkl8w5mQQDpxIyZcclCFv2C+MBWdnbM0kJIgNtE1ZeRA+zxwS6avE8EKw3T9Nczs6KBfycV3NxgxTvTQIxNi3kPA8XdJtAmCkUR/gyLkqJXk7bGDvFo4+rWR4uX2XxHm2NZGTNA1QezK96Y7JVjImfoHlUJnxGm207/kVPIVtSUD+6XuEl0uVvrtnTPmQnpq3P0gTYvon3Cw1caQvIydtrUv4yfs4Q/WVvSF3GQh3uet/IkUeGbkxLn43CSVz2hCQoeF8jxIoiJuSAxs1e3phylp0plijvok01Tbit6um/x4tK5UZYCRZYmeSD/ltXGtZNOoA4YHh5cDK+KcDy2tuWaexi2Hf+nJ5adqiMHwuozIH69Eqc6OZ9o86t75mIdux8zLgWt0T3SFOphtCvF0L8BdxICrEXGMDhguRRH7f+/IPU0ggFwnxsIV2a3c4oOayFfHwVSg4rGSKfWuWtkfNavA8RI5y6JOKzMrulrdg+gzuBMms2nKn38HNIRu2pKMVzQ2jU8CrtPgOT8=\",\n \"expirationTime\": \"2020-01-23T16:30:58Z\",\n \"creationTime\": \"2020-01-23T16:15:58Z\"\n}\n```\n\nIf you use this authentication token to make requests after it expires, the service will return an UNAUTHORIZED response\ncode (401) and you will need to reauthenticate to obtain a new token.\n\nSome workarounds to prevent this are:\n\n- Always reauthenticate before making a request; or\n- Track the expiration time and reauthenticate when you detect that it has expired; or\n- Send an OPTIONS request to the same end-point to detect whether the token has expired. This can be useful with\n end-points receiving a large payload such as images where the token can expire before the request has completed. In\n these cases the request may fail with a 500 error.\n\nWhen an admin API application authenticates, there is an option to enable a web session to add additional security to\nthe session. This is done by setting the enableWebSession argument passed to the authentication controller to true. When\na web session is enabled, an HTTP session cookie named Identity as a Service_SESSION_ID will be returned with the\nauthentication results. This cookie must be included with all subsequent admin API calls along with the authentication\ntoken.\n\n### Users\n\nThese APIs facilitate user management operations on an Identity as a Service account.\n\n### Smart Credentials\n\nThe Entrust® Mobile Smart Credential (MSC) application allows users to perform authentications to their Identity as a\nService account and configured applications. This API call facilitates mobile smart credential management operations on\nan Identity as a Service account.\n\n### Tokens\n\nThese APIs facilitate hardware and soft token management operations on an Identity as a Service account.\n\n### FIDO2/Passkey Tokens\n\nThese APIs facilitate management of FIDO2 tokens. FIDO2 tokens can be registered, viewed, deleted and updated.\n\n### Grid Cards\n\nGrid authentication uses cards with a grid as the authentication lookup tool. This API call facilitates Grid Card\nmanagement operations on an Identity as a Service account.\n\n### Temporary Access Codes\n\nTemporary Access Codes can be used to log in when a user cannot access their one-time passcode (OTP), Grid Card, or\ntoken authenticator. This API call facilitates Temporary Access Code management operations on an Identity as a Service\naccount.\n\n### KBA - Knowledge-based Authenticators\n\nKnowledge-based authentication (or knowledge-based authenticators) (KBA) (also known as question-and-answer (Q&A)\nauthentication) allows users to authenticate to SAML application accounts using Identity as a Service by providing the\ncorrect answer to one or more preregistered questions. This API call facilitates Knowledge-based Authenticator\nmanagement operations on an Identity as a Service account.\n\n### Passwords\n\nThere are two types of password authenticators available on Identity as a Service —Identity as a Service passwords and\nActive Directory (AD) passwords. Identity as a Service passwords are passwords that can be manually or automatically\nassigned to users on Identity as a Service. Active Directory (AD) passwords are passwords that have already been\nassigned to a user on their corporate directory - not through Identity as a Service. This API call facilitates password\nmanagement operations on an Identity as a Service account for either type of password.\n\n### OTPs\n\nThese APIs facilitate OTP management operations on an Identity as a Service account.\n\n### Machine authenticators\n\nMachine Authentication (MA) provides identification information on the Web browser being used to access a SAML\napplication. This API call facilitates Machine Authenticator management operations on an Identity as a Service account.\n\n### Face Biometric\n\nFace Biometric authentication uses an Onfido account to allow users to authenticate with biometric security. Face\nBiometric can be viewed, deleted, updated and created for a user if they already exist in Onfido.\n\n### Magic Link\n\nMagic Link is a secure, time-sensitive, single-use URL that is sent to a user's email address. When clicked, the link\nverifies the user's identity and grants access without requiring a password. Magic Links support multiple use cases\nincluding authentication, registration, and password reset. For an enhanced user experience, Magic Links can be\nconfigured to redirect users to a list of allowed URLs after successful verification. These APIs facilitate creating,\nviewing, and revoking Magic Links.\n\n### User Risk-based authentication (RBA) Settings\n\nRisk-based authentication (RBA) identifies the level of risk associated with a user who tries to authenticate. This API\ncall facilitates Risk-based authentication management operations on an Identity as a Service account.\n\n### User Attributes\n\nUser attributes are the information fields listed as part of each user's Profile information. This API call facilitates\nuser attribute management operations on an Identity as a Service account.\n\n### Roles\n\nRoles control what operations a user can perform on their Identity as a Service account. These roles distinguish the\namount of access given to each account, ranging from administrators with full access to end users (who can only access\nthe user portal features).This API call facilitates role management operations on an Identity as a Service account.\n\n### Groups\n\nAn Identity as a Service group is a collection of users given access to applications based on the resource rules they\nare assigned to. This API call facilitates group management operations on an Identity as a Service account.\n\n### Reports\n\nThese APIs allow you to access the Audit Log on your Identity as a Service account. This Log lists the actions\nperformed on your account within a period of time.\n\n### Settings\n\nThese APIs provide management of the settings used to configure Identity as a Service behavior. Settings that can be\nmanaged using the administration API include General settings, OTP settings, Token settings, FIDO Token settings, \nPassword Reset settings and Onfido Account settings.\n\n### Applications\n\nThese APIs provide management of authentication API applications using the administration API.\n\n### Resource Rules\n\nResource rules define the authenticators that can be used to authenticate to an application. The resource rules APIs\nprovide management of resource rules, access filters, and authentication flows using the administration API. Optional \naccess filters, including authentication context references that evaluate users with or without an ACR specified, \ndomain-based IDPs that evaluate users that are associated or not associated with a domain, and groups that evaluate \nusers associated with specific groups, can be used to further streamline whether users accessing the resource can have \naccess to this resource rule.\n\nAn authentication flow defines a list of possible authentication paths that a user can take when accessing an \napplication. For example:\n\n- The User Login flow allows access to an application after providing a user identifier (User ID) and a combination of\n first and/or second factor authenticators (e.g., OTP, FIDO, TOKEN).\n- The IDP Login flow allows access to an application after authenticating using an external identity provider.\n- The Passkey Login flow allows access to an application using a Passkey/FIDO token.\n\n### Identity Providers\n\nIdentity providers define external OpenID Connect (OIDC) or SAML identity providers that can be used for user authentication and user verification purposes. \nThe identity providers APIs provide management of identity providers using the administration API.\n\n### Directories\n\nThese APIs provide directory related information using the administration API.\n\n### Tenants\n\nFor service provider accounts, the tenant APIs provide management of their child tenants as well as management of\nentitlements for those tenants. These APIs are only available for accounts that are service providers.\n\n### Account Info\n\nThe account info APIs provide functionality to fetch and modify account related information such as the company name and\nthe license acknowledged flag.\n\n### Entitlements\n\nThese APIs are used by child tenants to retrieve their own entitlement information.\n\n### Organizations\n\nAn organization is a collection of users given access to applications in a business-to-business configuration using a single Identity as a Service account. These APIs provide management of organizations as well as management of user membership to organizations.\n\n### Webhooks\n\nThese APIs provide management of webhooks.\n\n# Examples\n\nThe following are examples of Admin API calls that can be used to perform administrative actions. The examples below are\nnot an exhaustive list of possible Admin API actions.\n\n**Important:** You must execute the Authentication (Admin API) call before executing any other Admin API calls. The\nAuthentication (Admin API) call generates a token value that must be included in every other request to be successful.\n\n## Authentication (Admin API)\n\nTo perform this action, the first step is to submit a POST request to the Admin application. This is the Admin\napplication created on your Identity as a Service account. The URL address of the Admin application includes your\nIdentity as a Service account URL. The format of the URL is:\n\n```\nhttps://..trustedauth.com/api/web/v1/adminapi/authenticate\n```\n\nFor example:\n\n```\nhttps://example.us.trustedauth.com/api/web/v1/adminapi/authenticate\n```\n\nThe body of this request should contain the JSON object with an Application ID and Shared Secret. This JSON file was\ngenerated during creation of Admin Application on Identity as a Service. For example:\n\n```json\n{\n \"applicationId\": \"d3737e0f-4d8e-431c-b1d8-cd17ad4d633d\",\n \"sharedSecret\": \"randomSharedSecret\"\n}\n```\n\nAn API response is received if the call is successful . For example:\n\n```json\n{\n \"authToken\": \"GLb6JWz966gCayVNw4lZSSKV6W3PGgsJZ4CagZjoZNMaa2Me7F5OX+CKOVx8sOXsBEdLemVEruixXoaVsjQc1j+GPBy5Qn+KlilA9GXrSEQujsmfiJono3Gta7Uc8b3VUkEBvU193UqWPtmW1NXsSnPV2Z9B2AjZT17zNlHAyOvFpOXTI5bkmj6f2cKses6cBem5kLSbGHH9lHBv4JvXBjNxtPf7urAUkFn8cJariZyb0/q/AYqYL9do8nFrPFmSCTjYeNmxuWm5CACRi17K5XSyhZpu979b3i7MQEeOq1Pfjw7WzdKfrSvLJg/qgYeLD4aSOrQu4HAixZSFBmW9RGDxlo0J0Y1uAAy4lR57yG3p6E8H6OcV3Vakso4CT8yHAFH8xmdsUXXfyv9v+hr5QKh+7iVYro8tjjByRzj6XXAOx0vDO2yhpOd4migv33aWlFEhbgxIzNseJ8je6wauST0O+hJ5kKjl5yLBXS3iKhZJZMG2FNcU5pbD7SnUh79OWoCuOsehOM2pDFDPnMEms5ri/y0yaKIZmtz9Poy6KH1BDd+645+xX8iqW4IeqJ3zW8RZtnJgzAkUFeCjuDtbvotIcR45p8ibXF0GWLFAbxzvc5daf21bBV29A33C7mFoX4id44BZJ6OC8fztmthRzR2l0uP04STG0dgRRTNgZpoqKiMczwbOVNDv7ZQeSf/Kh3n2S1O8SZXHZT+zUvPwCLg9mnhOTYEqPjoMlqTZycttFYv3D4hKbU7NzYmFdtGYreaI2rNNue7aOzn+J8BN0j3+ZHkhimfO/ZfhF89Bn02IRzDER1ENdcwBSO8frWeAR+nCy0m4Eg==\",\n \"expirationTime\": \"2018-05-28T19:07:50.328+0000\",\n \"creationTime\": \"2018-05-28T18:52:50.329+0000\"\n}\n```\n\nYou must include the **auth token** value displayed in this response in subsequent API calls. Without it, other Admin\nAPI calls will fail.\n\nAn error code is displayed if the call is unsuccessful. A different error code is displayed for each type of error.\n\n## Users\n\n### Create A User\n\nSubmit a POST request to create a User on your account.\nThe format of the URL is:\n\n```\nhttps://..trustedauth.com/api/web/v3/users\n```\n\nAn Authorization header field must be included in the header section of this request. The Authorization header stores\nthe value received as \"token\" in the authentication request. The Authorization header can be sent with or without a type\nvalue of \"Bearer\". For example:\n\n```\nAuthorization: Bearer \n```\n\nor\n\n```\nAuthorization: \n```\n\nThe body of this request must contain all the fields mentioned in the example below that are configured as mandatory:\n\n```json\n{\n \"firstName\": \"john\",\n \"lastName\": \"smith\",\n \"email\": \"johnsmith@organization.com\",\n \"userId\": \"john\",\n \"mobile\": \"+16138561234\",\n \"phone\": \"+161385699876\",\n \"locale\": \"\",\n \"state\": \"ACTIVE\",\n \"externaId\": null,\n \"externalSource\": null,\n \"userAttributeValues\": [\n ],\n \"userAliases\": [\n {\n \"value\": \"johnny\",\n \"type\": \"CUSTOM\"\n }\n ]\n}\n```\n\nIn this example, all the required input parameters have been provided. The request would succeed and generate a response\nthat includes all the details of the created user. For example:\n\n```json\n{\n \"id\": \"2c422a2f-e8ae-4af8-8b03-e1ce0ddde0b0\",\n \"userId\": \"john\",\n \"firstName\": \"john\",\n \"lastName\": \"smith\",\n \"email\": \"johnsmith@organization.com\",\n \"mobile\": \"+16138561234\",\n \"phone\": \"+161385699876\",\n \"locale\": null,\n \"state\": \"ACTIVE\",\n \"externalId\": null,\n \"externalSource\": null,\n \"migrated\": null,\n \"locked\": false,\n \"lockoutExpiry\": null,\n \"otpCreateTime\": null,\n \"grids\": [],\n \"tokens\": [\n {\n \"id\": \"9a2edcc5-46f0-4fff-89b1-13c0f73e1a5c\",\n \"type\": \"ENTRUST_SOFT_TOKEN\",\n \"serialNumber\": \"62461-69384\",\n \"loadDate\": \"2018-05-29T19:12:54.000+0000\",\n \"lastUsedDate\": null,\n \"state\": \"ACTIVATING\",\n \"platform\": null,\n \"registeredForTransactions\": false,\n \"name\": null,\n \"allowedActions\": [\n \"REACTIVATE\",\n \"ACTIVATE_COMPLETE\",\n \"DELETE\"\n ],\n \"description\": null,\n \"userId\": null\n }\n ],\n \"smartCredentials\": [],\n \"tempAccessCode\": null,\n \"userAttributeValues\": [],\n \"userAliases\": [\n {\n \"id\": \"43422a2f-e8ae-4af8-8b03-e1ce0ddde0b0\",\n \"userId\": \"c633a710-70bd-411e-86be-e1898f1b19f5\",\n \"value\": \"johnny\",\n \"type\": \"CUSTOM\"\n },\n {\n \"id\": \"2c422a2f-e8ae-4af8-8b03-e1ce0ddde0b0\",\n \"userId\": \"c633a710-70bd-411e-86be-e1898f1b19f5\",\n \"value\": \"john\",\n \"type\": \"USERID\"\n }\n ],\n \"groups\": [],\n \"type\": \"MGMT_UI\"\n}\n```\n\n### Get a User by UserID\n\nSubmit a POST request to retrieve user details for a particular User ID. The format of the URL is:\n\n```\nhttps://..trustedauth.com/api/web/v3/users/userid\n```\n\nAn Authorization header field must be included in the header section of this request. The Authorization header stores\nthe value received as \"token\" in the authentication request. The Authorization header can be sent with or without a type\nvalue of \"Bearer\". For example:\n\n```\nAuthorization: Bearer \n```\n\nor\n\n```\nAuthorization: \n``` \n\nThe body of this request must contain **UserID**. For example:\n\n```json\n{\n \"userId\": \"John\"\n}\n```\n\nIn this example, all the required input parameters have been provided. The request would succeed and generate a response\nthat includes the user's information. For example:\n\n```json\n{\n \"id\": \"2c422a2f-e8ae-4af8-8b03-e1ce0ddde0b0\",\n \"userId\": \"john\",\n \"firstName\": \"john\",\n \"lastName\": \"smith\",\n \"email\": \"johnsmith@organization.com\",\n \"mobile\": \"+16138561234\",\n \"phone\": \"+161385699876\",\n \"locale\": null,\n \"state\": \"ACTIVE\",\n \"externalId\": null,\n \"externalSource\": null,\n \"migrated\": null,\n \"locked\": false,\n \"lockoutExpiry\": null,\n \"otpCreateTime\": null,\n \"grids\": [],\n \"tokens\": [\n {\n \"id\": \"9a2edcc5-46f0-4fff-89b1-13c0f73e1a5c\",\n \"type\": \"ENTRUST_SOFT_TOKEN\",\n \"serialNumber\": \"62461-69384\",\n \"loadDate\": \"2018-05-29T19:12:54.000+0000\",\n \"lastUsedDate\": null,\n \"state\": \"ACTIVATING\",\n \"platform\": null,\n \"registeredForTransactions\": false,\n \"name\": null,\n \"allowedActions\": [\n \"REACTIVATE\",\n \"ACTIVATE_COMPLETE\",\n \"DELETE\"\n ],\n \"description\": null,\n \"userId\": null\n }\n ],\n \"smartCredentials\": [],\n \"tempAccessCode\": null,\n \"userAttributeValues\": [],\n \"userAliases\": [\n {\n \"id\": \"43422a2f-e8ae-4af8-8b03-e1ce0ddde0b0\",\n \"userId\": \"c633a710-70bd-411e-86be-e1898f1b19f5\",\n \"value\": \"johnny\",\n \"type\": \"CUSTOM\"\n },\n {\n \"id\": \"2c422a2f-e8ae-4af8-8b03-e1ce0ddde0b0\",\n \"userId\": \"c633a710-70bd-411e-86be-e1898f1b19f5\",\n \"value\": \"john\",\n \"type\": \"USERID\"\n }\n ],\n \"groups\": [],\n \"type\": \"MGMT_UI\"\n}\n```\n\n## Grids\n\n### Create a Grid\n\nSubmit a POST request to create a new Grid Card and assign it to a user. You must include the UUID of the user that you\nwant to assign a Grid Card in the API request. The format of the URL is:\n\n```\nhttps://..trustedauth.com/api/web/v2/users/{userid}/grids\n```\n\nFor example:\n\n```\nhttps://example.us.trustedauth.com/api/web/v2/users/2c422a2f-e8ae-4af8-8b03-e1ce0ddde0b0/grids\n```\n\nAn Authorization header field must be included in the header section of this request. The Authorization header stores\nthe value received as \"token\" in the authentication request. The Authorization header can be sent with or without a type\nvalue of \"Bearer\". For example:\n\n```\nAuthorization: Bearer \n```\n\nor\n\n```\nAuthorization: \n```\n\nIn this example, all the required input parameters have been provided. The request would succeed and generate a response\nthat includes the desired Grid Card information. For example:\n\n```json\n{\n \"id\": \"6c5ad3b4-888c-4d3b-88f2-8ab71ae4f917\",\n \"serialNumber\": 2,\n \"createDate\": \"2018-05-29T19:48:24.249+0000\",\n \"assignDate\": null,\n \"expiryDate\": null,\n \"expired\": false,\n \"lastUsedDate\": null,\n \"state\": \"ACTIVE\",\n \"gridContents\": [\n [\n \"TP\",\n \"0M\",\n \"P8\",\n \"KW\",\n \"3D\",\n \"KR\",\n \"M1\",\n \"W0\",\n \"TJ\",\n \"F4\"\n ],\n [\n \"9M\",\n \"MV\",\n \"88\",\n \"DX\",\n \"H3\",\n \"DV\",\n \"44\",\n \"PW\",\n \"V1\",\n \"CX\"\n ],\n [\n \"F2\",\n \"FE\",\n \"0Q\",\n \"XN\",\n \"CD\",\n \"36\",\n \"MQ\",\n \"PN\",\n \"WF\",\n \"DD\"\n ],\n [\n \"WN\",\n \"9F\",\n \"J4\",\n \"TF\",\n \"7J\",\n \"W4\",\n \"7M\",\n \"9Q\",\n \"1H\",\n \"W5\"\n ],\n [\n \"QM\",\n \"21\",\n \"VQ\",\n \"39\",\n \"1N\",\n \"EV\",\n \"PT\",\n \"P4\",\n \"28\",\n \"WY\"\n ]\n ],\n \"allowedActions\": [\n \"DELETE\",\n \"DISABLE\"\n ],\n \"userId\": \"2c422a2f-e8ae-4af8-8b03-e1ce0ddde0b0\",\n \"userName\": \"john\"\n}\n```\n\n### Get a Grid by Id\n\nSubmit a GET request to display a Grid Card's details. You must include the Grid Card's ID string in the request. The ID\nis required to identify which Grid Card's details to display. The format of the request URL is:\n\n```\nhttps://customer.region.trustedauth.com/api/web/v2/grids/{gridid}\n```\n\nFor example:\n\n```\nhttps://example.us.trustedauth.com/api/web/v2/grids/6c5ad3b4-888c-4d3b-88f2-8ab71ae4f917\n```\n\nAn Authorization header field must be included in the header section of this request. The Authorization header stores\nthe value received as \"token\" in the authentication request. The Authorization header can be sent with or without a type\nvalue of \"Bearer\". For example:\n\n```\nAuthorization: Bearer \n```\n\nor\n\n```\nAuthorization: \n```\n\nIn this example, all the required input parameters have been provided. The request would succeed and generate a response\nthat includes Grid Card details. For example:\n\n```json\n{\n \"id\": \"6c5ad3b4-888c-4d3b-88f2-8ab71ae4f917\",\n \"serialNumber\": 2,\n \"createDate\": \"2018-05-29T19:48:24.000+0000\",\n \"assignDate\": null,\n \"expiryDate\": null,\n \"expired\": false,\n \"lastUsedDate\": null,\n \"state\": \"ACTIVE\",\n \"gridContents\": [\n [\n \"TP\",\n \"0M\",\n \"P8\",\n \"KW\",\n \"3D\",\n \"KR\",\n \"M1\",\n \"W0\",\n \"TJ\",\n \"F4\"\n ],\n [\n \"9M\",\n \"MV\",\n \"88\",\n \"DX\",\n \"H3\",\n \"DV\",\n \"44\",\n \"PW\",\n \"V1\",\n \"CX\"\n ],\n [\n \"F2\",\n \"FE\",\n \"0Q\",\n \"XN\",\n \"CD\",\n \"36\",\n \"MQ\",\n \"PN\",\n \"WF\",\n \"DD\"\n ],\n [\n \"WN\",\n \"9F\",\n \"J4\",\n \"TF\",\n \"7J\",\n \"W4\",\n \"7M\",\n \"9Q\",\n \"1H\",\n \"W5\"\n ],\n [\n \"QM\",\n \"21\",\n \"VQ\",\n \"39\",\n \"1N\",\n \"EV\",\n \"PT\",\n \"P4\",\n \"28\",\n \"WY\"\n ]\n ],\n \"allowedActions\": [\n \"DELETE\",\n \"DISABLE\"\n ],\n \"userId\": \"2c422a2f-e8ae-4af8-8b03-e1ce0ddde0b0\",\n \"userName\": \"john\"\n}\n```\n", "contact": { "name": "Entrust Identity as a Service", "url": "https://www.entrust.com/", "email": "support@entrust.com" }, "version": "5.45" }, "servers": [ { "url": "https://customer.region.trustedauth.com" } ], "tags": [ { "name": "Admin Auth", "description": "Administration authentication controllers" }, { "name": "Users", "description": "User controllers" }, { "name": "Face", "description": "Face Biometric controllers" }, { "name": "FIDO Tokens", "description": "FIDO Token controllers" }, { "name": "Grids", "description": "Grid controllers" }, { "name": "KBA", "description": "Knowledge-based Authentication controllers" }, { "name": "Machine Auth", "description": "Machine Authenticator controllers" }, { "name": "Magic Link", "description": "Magic Link is a time-sensitive, single-use URL sent to a user's email, allowing them to authenticate without a password. When clicked, the link verifies the user's identity and grants access to the system." }, { "name": "OTPs", "description": "OTP controllers" }, { "name": "Passwords", "description": "Password controllers" }, { "name": "Smart Credentials", "description": "Smart Credential controllers" }, { "name": "Temp Access Codes", "description": "Temporary Access Code controllers" }, { "name": "Tokens", "description": "Token controllers" }, { "name": "User RBA Settings", "description": "User RBA Settings controllers" }, { "name": "User Attributes", "description": "User Attribute controllers" }, { "name": "Roles", "description": "Role controllers" }, { "name": "Groups", "description": "Group controllers" }, { "name": "Reports", "description": "Reports controllers" }, { "name": "Settings", "description": "Settings controllers" }, { "name": "Applications", "description": "Application controllers" }, { "name": "Resource Rules", "description": "Resource Rules controllers" }, { "name": "Identity Providers", "description": "Identity Providers controllers" }, { "name": "Directories", "description": "Directory controllers" }, { "name": "Tenants", "description": "Tenant controllers" }, { "name": "Account Info", "description": "Account information controllers" }, { "name": "Devices", "description": "Device controllers" }, { "name": "OAuth Roles", "description": "OAuth Role controllers" }, { "name": "Entitlements", "description": "Entitlement controllers" }, { "name": "Organizations", "description": "Organizations controllers" }, { "name": "Webhooks", "description": "Webhook controllers" } ], "paths": { "/api/web/v1/accountinfo": { "get": { "tags": [ "Account Info" ], "summary": "Get account info", "description": "Get account information. Caller requires the SUBSCRIBERS:VIEW permission.", "operationId": "getAccoutInfoUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AccountInfo" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SUBSCRIBERS:VIEW" ] } ] }, "put": { "tags": [ "Account Info" ], "summary": "Update account info", "description": "Update account information. Caller requires the SUBSCRIBERS:EDIT permission.", "operationId": "updateAccountInfoUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AccountInfoParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SUBSCRIBERS:EDIT" ] } ] } }, "/api/web/v1/acrs": { "get": { "tags": [ "Resource Rules" ], "summary": "Get all acrs", "description": "Get all acrs. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "getAcrsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Acr" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] }, "post": { "tags": [ "Resource Rules" ], "summary": "Create an acr", "description": "Create an acr. Caller requires the CONTEXTRULES:ADD permission.", "operationId": "createAcrUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AcrParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Acr" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:ADD" ] } ] } }, "/api/web/v1/acrs/{id}": { "get": { "tags": [ "Resource Rules" ], "summary": "Get an acr", "description": "Get the specified acr. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "getAcrUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the acr to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Acr" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] }, "delete": { "tags": [ "Resource Rules" ], "summary": "Delete an acr", "description": "Delete the specified acr. Caller requires the CONTEXTRULES:REMOVE permission.", "operationId": "removeAcrUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the acr to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:REMOVE" ] } ] } }, "/api/web/v1/adminapi/authenticate": { "post": { "tags": [ "Admin Auth" ], "summary": "Authenticate to an Admin API application.", "operationId": "authenticateAdminApiUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminApiAuthentication" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminApiAuthenticationResult" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } } } }, "/api/web/v1/applicationinfo": { "get": { "tags": [ "Applications" ], "summary": "List application information", "description": "List application information. Caller requires the APPLICATIONS:VIEW permission.", "operationId": "listApplicationInfoUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ApplicationInfo" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "deprecated": true, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:VIEW" ] } ] } }, "/api/web/v1/applications/adminapi": { "get": { "tags": [ "Applications" ], "summary": "List Admin API application", "description": "List Admin API application. Caller requires the APPLICATIONS:VIEW permission.", "operationId": "listAdminApiApplicationsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/AdminApiApplication" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:VIEW" ] } ] }, "post": { "tags": [ "Applications" ], "summary": "Create Admin API application", "description": "Create an Admin API application. Caller requires the APPLICATIONS:ADD permission.", "operationId": "createAdminApiApplicationUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminApiApplicationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminApiApplication" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:ADD" ] } ] } }, "/api/web/v1/applications/adminapi/regenerate/{id}": { "put": { "tags": [ "Applications" ], "summary": "Regenerate Admin API application shared secret", "description": "Regenerate the shared secret for an Admin API application. Caller requires the APPLICATIONS:EDIT permission.", "operationId": "updateAdminApiSharedSecretUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the application to be updated.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "string" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:EDIT" ] } ] } }, "/api/web/v1/applications/adminapi/{id}": { "get": { "tags": [ "Applications" ], "summary": "Get Admin API application", "description": "Get an Admin API application. Caller requires the APPLICATIONS:VIEW permission.", "operationId": "getAdminApiApplicationUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the application to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminApiApplication" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:VIEW" ] } ] }, "put": { "tags": [ "Applications" ], "summary": "Update Admin API application", "description": "Update an Admin API application. Caller requires the APPLICATIONS:EDIT permission.", "operationId": "updateAdminApiApplicationUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the application to be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminApiApplicationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminApiApplication" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:EDIT" ] } ] }, "delete": { "tags": [ "Applications" ], "summary": "Remove Admin API application", "description": "Remove an Admin API application. Caller requires the APPLICATIONS:REMOVE permission.", "operationId": "removeAdminApiApplicationUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the application to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:REMOVE" ] } ] } }, "/api/web/v1/applications/authapi": { "get": { "tags": [ "Applications" ], "summary": "List Auth API applications", "description": "List all auth API applications. Caller requires the APPLICATIONS:VIEW permission.", "operationId": "listAuthApiApplicationsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/AuthApiApplication" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:VIEW" ] } ] }, "post": { "tags": [ "Applications" ], "summary": "Create Auth API application", "description": "Create an auth API application. Caller requires the APPLICATIONS:ADD permission.", "operationId": "createAuthApiApplicationUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthApiApplicationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthApiApplication" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:ADD" ] } ] } }, "/api/web/v1/applications/authapi/{id}": { "get": { "tags": [ "Applications" ], "summary": "Get Auth API application", "description": "Get the specified auth API application. Caller requires the APPLICATIONS:VIEW permission.", "operationId": "getAuthApiApplicationUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the application to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthApiApplication" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:VIEW" ] } ] }, "put": { "tags": [ "Applications" ], "summary": "Update Auth API application", "description": "Update the specified auth API application. Caller requires the APPLICATIONS:EDIT permission.", "operationId": "updateAuthApiApplicationUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the application to be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthApiApplicationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:EDIT" ] } ] }, "delete": { "tags": [ "Applications" ], "summary": "Remove Auth API application", "description": "Remove the specified auth API application. Caller requires the APPLICATIONS:REMOVE permission.", "operationId": "removeAuthApiApplicationUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the application to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "APPLICATIONS:REMOVE" ] } ] } }, "/api/web/v1/applications/templates": { "get": { "tags": [ "Applications" ], "summary": "List application templates", "description": "List application templates. Caller requires the TEMPLATES:VIEW permission.", "operationId": "listApplicationTemplatesUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ApplicationTemplate" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TEMPLATES:VIEW" ] } ] } }, "/api/web/v1/attributemappings/{id}": { "get": { "tags": [ "Directories" ], "summary": "Get a directory attribute mapping", "description": "Get the specified directory attribute mapping. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getDirectoryAttrMappingUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory attribute mapping to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DirectoryAttributeMapping" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/contact/verification/authenticate": { "post": { "tags": [ "OTPs" ], "summary": "Authenticate Contact Verification Challenge", "description": "Authenticate the contact verification challenge. Caller requires the CONTACTVERIFICATION:ADD permission.", "operationId": "contactVerificationAuthenticateUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OTPVerificationAuthenticateValue" } } }, "required": true }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OTPVerificationAuthenticateResponse" } } } }, "400": { "description": "Bad request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authorization information is missing or invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Too many requests", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTACTVERIFICATION:ADD" ] } ] } }, "/api/web/v1/contact/verification/challenge": { "post": { "tags": [ "OTPs" ], "summary": "Get Contact Verification Challenge", "description": "Get a contact verification challenge for the specified contact. Caller requires the CONTACTVERIFICATION:ADD permission.", "operationId": "contactVerificationChallengeUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OTPVerificationChallengeValue" } } }, "required": true }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OTPVerificationChallengeResponse" } } } }, "400": { "description": "Bad request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authorization information is missing or invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Too many requests", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTACTVERIFICATION:ADD" ] } ] } }, "/api/web/v1/directories": { "get": { "tags": [ "Directories" ], "summary": "List directories", "description": "List all directories. Caller requires the DIRECTORIES:VIEW permission.

The following attributes are not included in the returned Directory object: directoryAttributeMappings, directorySync, groupFilters, searchBases. The get directory API can be used to acquire these attribute for a specific directory.", "operationId": "listDirectoriesUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Directory" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/directories/{id}": { "get": { "tags": [ "Directories" ], "summary": "Get a directory", "description": "Get the specified directory. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getDirectoryUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Directory" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/directories/{id}/attributemappings": { "get": { "tags": [ "Directories" ], "summary": "List directory attribute mappings", "description": "List all directory attribute mappings for a given directory. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getDirectoryAttrMappingsUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory whose directory attribute mappings are to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DirectoryAttributeMapping" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/directories/{id}/directorysyncs": { "get": { "tags": [ "Directories" ], "summary": "List directory sync settings", "description": "List all directory sync settings associated with the given directory sync agent. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getDirectorySyncsUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory sync agent whose directory sync settings are to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DirectorySync" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/directories/{id}/groupfilters": { "get": { "tags": [ "Directories" ], "summary": "List directory group filters", "description": "List all directory group filters for a given directory. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getGroupFiltersUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory whose group filters are to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/GroupFilter" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/directories/{id}/searchbases": { "get": { "tags": [ "Directories" ], "summary": "List directory searchbases", "description": "List all searchbases for a given directory. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getSearchBasesUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory whose searchbases are to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/SearchBase" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/directorysyncinfo/{id}": { "get": { "tags": [ "Directories" ], "summary": "Get directory synchronization status", "description": "Get the specified directory synchronization status details. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getDirectorySyncStatusInfoUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory whose synchronization status is to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DirectorySyncStatusInfo" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/directorysyncs/{id}": { "get": { "tags": [ "Directories" ], "summary": "Get directory synchronization settings", "description": "Get the specified directory synchronization settings. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getDirectorySyncUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory synchronization settings to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DirectorySync" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/domainbasedidentityproviders": { "get": { "tags": [ "Resource Rules" ], "summary": "Lists domain-based identity providers", "description": "Lists domain-based identity providers. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "listDomainBasedIdentityProvidersUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IdentityProvider" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] } }, "/api/web/v1/entitlements/info": { "get": { "tags": [ "Entitlements" ], "summary": "Get entitlement info", "description": "Get entitlement info. Caller requires the ENTITLEMENTS:VIEW permission.", "operationId": "getSubscriberAccountActiveEntitlementsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AccountEntitlement" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ENTITLEMENTS:VIEW" ] } ] } }, "/api/web/v1/face/{faceid}": { "delete": { "tags": [ "Face" ], "summary": "Delete a Face Biometric by UUID", "description": "Delete a Face Biometric authenticator by the specified UUID. Requires the FACE:REMOVE permission.", "operationId": "deleteFaceUsingDELETE", "parameters": [ { "name": "faceid", "in": "path", "description": "The UUID of the Face Biometric to delete.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FACE:REMOVE" ] } ] } }, "/api/web/v1/face/{faceid}/activation": { "put": { "tags": [ "Face" ], "summary": "Send an activation email for the Face Biometric", "description": "Send an activation email for the Face Biometric authenticator by the specified UUID. Requires the FACE:ADD permission.", "operationId": "sendFaceActivationEmailUsingPUT", "parameters": [ { "name": "faceid", "in": "path", "description": "The UUID of the Face Biometric authenticator to send an activation email for.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FACE:ADD" ] } ] } }, "/api/web/v1/fidotokens/challenge/{id}": { "get": { "tags": [ "FIDO Tokens" ], "summary": "Start FIDO token registration", "description": "Start FIDO token registration for the specified user. Caller requires the FIDOTOKENS:ADD permission.", "operationId": "startCreateFIDOTokenUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user for which the fido token is to be created.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDORegisterChallenge" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [] } ] } }, "/api/web/v1/fidotokens/complete/{id}": { "post": { "tags": [ "FIDO Tokens" ], "summary": "Complete FIDO token registration", "description": "Complete FIDO token registration for the specified user. Caller requires the FIDOTOKENS:ADD permission.", "operationId": "completeCreateFIDOTokenUsingPOST", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user for which the fido token is to be created.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDORegisterResponse" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDOToken" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [] } ] } }, "/api/web/v1/fidotokens/{fidoid}": { "get": { "tags": [ "FIDO Tokens" ], "summary": "Get a FIDO token", "description": "Get the specified FIDO token. Caller requires the FIDOTOKENS:VIEW permission.", "operationId": "getFIDOTokenUsingGET", "parameters": [ { "name": "fidoid", "in": "path", "description": "The UUID of the FIDO token to be retrieved.", "required": true, "schema": { "type": "string" }, "example": "6c5ad3b4-888c-4d3b-88f2-8ab71ae4f917" } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDOToken" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FIDOTOKENS:VIEW" ] } ] }, "put": { "tags": [ "FIDO Tokens" ], "summary": "Update a FIDO token", "description": "Update the specified FIDO token. Caller requires the FIDOTOKENS:EDIT permission.", "operationId": "updateFIDOTokenUsingPUT", "parameters": [ { "name": "fidoid", "in": "path", "description": "The UUID of the FIDO token to be changed.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDOTokenParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FIDOTOKENS:EDIT" ] } ] }, "delete": { "tags": [ "FIDO Tokens" ], "summary": "Delete a FIDO token", "description": "Delete the specified FIDO token. Caller requires the FIDOTOKENS:REMOVE permission.", "operationId": "deleteFIDOTokenUsingDELETE", "parameters": [ { "name": "fidoid", "in": "path", "description": "The UUID of the FIDO token to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FIDOTOKENS:REMOVE" ] } ] } }, "/api/web/v1/grids": { "post": { "tags": [ "Grids" ], "summary": "Create unassigned grids", "description": "Create the specified number of unassigned grids. Caller requires the GRIDS:ADD permission.", "operationId": "createUnassignedGridsUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridCreateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Grid" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:ADD" ] } ] } }, "/api/web/v1/grids/properties": { "get": { "tags": [ "Grids" ], "summary": "Get grid properties", "description": "Get grid properties. Caller requires the GRIDS:VIEW permission.", "operationId": "getGridPropertiesUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridProperties" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:VIEW" ] } ] } }, "/api/web/v1/grids/{gridid}/email": { "post": { "tags": [ "Grids" ], "summary": "Email a grid card to the card owner", "description": "Email a grid card to the card owner. Caller requires the GRIDS:VIEW permission.", "operationId": "deliverAssignedGridByEmailUsingPOST", "parameters": [ { "name": "gridid", "in": "path", "description": "The ID of the grid to email.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EmailParms" } } } }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:VIEW" ] } ] } }, "/api/web/v1/grids/{gridid}/export": { "get": { "tags": [ "Grids" ], "summary": "Export a grid to PDF format", "description": "Export a grid to PDF format. Caller requires the GRIDS:VIEW permission.", "operationId": "getSingleGridExportUsingGET", "parameters": [ { "name": "gridid", "in": "path", "description": "The ID of the grid to export.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridExport" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:VIEW" ] } ] } }, "/api/web/v1/grids/{gridserialnumber}/assign": { "put": { "tags": [ "Grids" ], "summary": "Assign a grid to a user by serial number", "description": "Assign the specified grid to a user. Caller requires the GRIDS:EDIT permission.", "operationId": "assignGridByIdUsingPUT", "parameters": [ { "name": "gridserialnumber", "in": "path", "description": "The Serial Number of the grid to assign.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridAssignParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:EDIT" ] } ] } }, "/api/web/v1/grids/{id}/unassign": { "put": { "tags": [ "Grids" ], "summary": "Unassign a grid", "description": "Unassigned the specified grid. Caller requires the GRIDS:EDIT permission.", "operationId": "unassignGridUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the grid to unassign.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:EDIT" ] } ] } }, "/api/web/v1/gridspaged/unassigned": { "post": { "tags": [ "Grids" ], "summary": "Lists a page of unassigned grids", "description": "Returns unassigned grids for the provided search parameters. Caller requires the GRIDS:VIEW permission. The following searchByAttributes are supported:
  • serialNumber: a numeric value. Allowed operators are: EQUALS, GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • createDate: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • groupId: a String value should be a UUID of an existing group. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.

The orderByAttribute supports these attribute names: serialNumber, createDate.", "operationId": "unassignedGridsPageUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridsPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:VIEW" ] } ] } }, "/api/web/v1/groupfilters/{id}": { "get": { "tags": [ "Directories" ], "summary": "Get directory group filter", "description": "Get the specified directory group filter. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getGroupFilterUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the directory group filter to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GroupFilter" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/groups": { "get": { "tags": [ "Groups" ], "summary": "List groups", "description": "List all groups. Caller requires the GROUPS:VIEW permission.", "operationId": "groupsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Group" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GROUPS:VIEW" ] } ] }, "post": { "tags": [ "Groups" ], "summary": "Create a group", "description": "Create a group with the specified name. Caller requires the GROUPS:ADD permission.", "operationId": "createGroupUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GroupParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Group" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GROUPS:ADD" ] } ] } }, "/api/web/v1/groups/externalid": { "post": { "tags": [ "Groups" ], "summary": "Get a group by externalId", "description": "Get the specified group by externalId. Caller requires the GROUPS:VIEW permission.", "operationId": "groupByExternalIdUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GroupId" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Group" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GROUPS:VIEW" ] } ] } }, "/api/web/v1/groups/{id}": { "get": { "tags": [ "Groups" ], "summary": "Get a group", "description": "Get the specified group. Caller requires the GROUPS:VIEW permission.", "operationId": "groupUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the group to fetch.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Group" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GROUPS:VIEW" ] } ] }, "put": { "tags": [ "Groups" ], "summary": "Update a group", "description": "Update the specified group. Caller requires the GROUPS:EDIT permission.", "operationId": "updateGroupUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the group to update.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GroupParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Group" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GROUPS:EDIT" ] } ] }, "delete": { "tags": [ "Groups" ], "summary": "Remove a group", "description": "Remove the specified group. Caller requires the GROUPS:REMOVE permission.", "operationId": "deleteGroupUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the group to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GROUPS:REMOVE" ] } ] } }, "/api/web/v1/groupspaged": { "post": { "tags": [ "Groups" ], "summary": "List a page of groups", "description": "Returns groups for the provided search parameters. Caller requires the GROUPS:VIEW permission. The following searchByAttributes are supported:
  • name: a string value that indicates the name of the group. Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • type: a string with the value that indicates the type of the group. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.

The orderByAttribute supports this attribute name: name.

", "operationId": "groupsPagedUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GroupsPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GROUPS:VIEW" ] } ] } }, "/api/web/v1/identityproviders": { "get": { "tags": [ "Identity Providers" ], "summary": "Lists identity providers", "description": "Lists identity providers. Caller requires the IDENTITYPROVIDERS:VIEW permission.", "operationId": "listIdentityProvidersUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IdentityProvider" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:VIEW" ] } ] } }, "/api/web/v1/identityproviders/oidc": { "get": { "tags": [ "Identity Providers" ], "summary": "Lists OIDC identity providers", "description": "Lists OIDC identity providers. Caller requires the IDENTITYPROVIDERS:VIEW permission.", "operationId": "listOidcIdentityProvidersUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/OidcIdentityProvider" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:VIEW" ] } ] }, "post": { "tags": [ "Identity Providers" ], "summary": "Create an OIDC identity provider", "description": "Create an OIDC identity provider. Caller requires the IDENTITYPROVIDERS:ADD permission.", "operationId": "createOidcIdentityProviderUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIdentityProviderParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIdentityProvider" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:ADD" ] } ] } }, "/api/web/v1/identityproviders/oidc/configuration": { "post": { "tags": [ "Identity Providers" ], "summary": "Fetch OIDC Configuration for an OIDC identity provider", "description": "Fetch OIDC Configuration for an OIDC identity provider. Caller requires the IDENTITYPROVIDERS:VIEW permission.", "operationId": "fetchOidcConfigurationUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcConfigurationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcConfigurationResponse" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:VIEW" ] } ] } }, "/api/web/v1/identityproviders/oidc/{id}": { "get": { "tags": [ "Identity Providers" ], "summary": "Get an OIDC identity provider", "description": "Get an OIDC identity provider. Caller requires the IDENTITYPROVIDERS:VIEW permission.", "operationId": "getOidcIdentityProviderUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the OIDC Identity Provider to get.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIdentityProvider" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:VIEW" ] } ] }, "put": { "tags": [ "Identity Providers" ], "summary": "Update an OIDC identity provider", "description": "Update an OIDC identity provider. Caller requires the IDENTITYPROVIDERS:EDIT permission.", "operationId": "updateOidcIdentityProviderUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the OIDC Identity Provider to update.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIdentityProviderParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIdentityProvider" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:EDIT" ] } ] }, "delete": { "tags": [ "Identity Providers" ], "summary": "Delete an OIDC identity provider", "description": "Delete an OIDC identity provider. Caller requires the IDENTITYPROVIDERS:REMOVE permission.", "operationId": "deleteOidcIdentityProviderUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the OIDC Identity Provider to delete.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:REMOVE" ] } ] } }, "/api/web/v1/identityproviders/saml": { "get": { "tags": [ "Identity Providers" ], "summary": "Lists SAML identity providers", "description": "Lists SAML identity providers. Caller requires the IDENTITYPROVIDERS:VIEW permission.", "operationId": "listSamlIdentityProvidersUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/SamlIdentityProvider" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:VIEW" ] } ] }, "post": { "tags": [ "Identity Providers" ], "summary": "Create a SAML identity provider", "description": "Create a SAML identity provider. Caller requires the IDENTITYPROVIDERS:ADD permission.", "operationId": "createSamlIdentityProviderUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SamlIdentityProviderParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SamlIdentityProvider" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:ADD" ] } ] } }, "/api/web/v1/identityproviders/saml/configuration": { "post": { "tags": [ "Identity Providers" ], "summary": "Fetch SAML Configuration for a SAML identity provider", "description": "Fetch SAML Configuration for a SAML identity provider. Caller requires the IDENTITYPROVIDERS:VIEW permission.", "operationId": "fetchSamlConfigurationUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SamlConfigurationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SamlConfigurationResponse" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:VIEW" ] } ] } }, "/api/web/v1/identityproviders/saml/{id}": { "get": { "tags": [ "Identity Providers" ], "summary": "Get a SAML identity provider", "description": "Get a SAML identity provider. Caller requires the IDENTITYPROVIDERS:VIEW permission.", "operationId": "getSamlIdentityProviderUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the SAML Identity Provider to get.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SamlIdentityProvider" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:VIEW" ] } ] }, "put": { "tags": [ "Identity Providers" ], "summary": "Update a SAML identity provider", "description": "Update a SAML identity provider. Caller requires the IDENTITYPROVIDERS:EDIT permission.", "operationId": "updateSamlIdentityProviderUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the SAML Identity Provider to update.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SamlIdentityProviderParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SamlIdentityProvider" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:EDIT" ] } ] }, "delete": { "tags": [ "Identity Providers" ], "summary": "Delete a SAML identity provider", "description": "Delete a SAML identity provider. Caller requires the IDENTITYPROVIDERS:REMOVE permission.", "operationId": "deleteSamlIdentityProviderUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the SAML Identity Provider to delete.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:REMOVE" ] } ] } }, "/api/web/v1/identityproviders/saml/{id}/configuration": { "get": { "tags": [ "Identity Providers" ], "summary": "Download SAML Configuration for a SAML identity provider", "description": "Download SAML Configuration for a SAML identity provider. Caller requires the IDENTITYPROVIDERS:VIEW permission.", "operationId": "getSamlConfigurationUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the SAML Identity Provider to download configuration for.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/octet-stream": { "schema": { "type": "string" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "IDENTITYPROVIDERS:VIEW" ] } ] } }, "/api/web/v1/iplocations": { "post": { "tags": [ "User RBA Settings" ], "summary": "Create IP location", "description": "Gets IP location information for an IP address. The IP location can be used to create an ExpectedLocation. Caller requires the USERRBASETTINGS:ADD permission.", "operationId": "ipLocationFromIpAddressUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IpLocation" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IpLocation" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERRBASETTINGS:ADD" ] } ] } }, "/api/web/v1/oauthroles": { "get": { "tags": [ "OAuth Roles" ], "summary": "List oauth roles", "description": "List all oauth roles. Caller requires the OAUTHROLES:VIEW permission.", "operationId": "listOAuthRolesUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/OAuthRole" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "OAUTHROLES:VIEW" ] } ] } }, "/api/web/v1/organizations": { "post": { "tags": [ "Organizations" ], "summary": "Create an organization", "description": "Create an organization. Caller requires the ORGANIZATIONS:ADD permission.", "operationId": "createOrganizationUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrganizationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Organization" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ORGANIZATIONS:ADD" ] } ] } }, "/api/web/v1/organizations/{id}": { "get": { "tags": [ "Organizations" ], "summary": "Get an organization", "description": "Get the specified organization. Caller requires the ORGANIZATIONS:VIEW permission.", "operationId": "getOrganizationUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the organization to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Organization" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ORGANIZATIONS:VIEW" ] } ] }, "put": { "tags": [ "Organizations" ], "summary": "Update an organization", "description": "Update the specified organization. Caller requires the ORGANIZATIONS:EDIT permission.", "operationId": "updateOrganizationUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the organization to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrganizationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Organization" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ORGANIZATIONS:EDIT" ] } ] }, "delete": { "tags": [ "Organizations" ], "summary": "Delete an organization", "description": "Delete the specified organization. Caller requires the ORGANIZATIONS:REMOVE permission.", "operationId": "removeOrganizationUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the organization to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ORGANIZATIONS:REMOVE" ] } ] } }, "/api/web/v1/organizations/{orgid}/users/{userid}": { "post": { "tags": [ "Organizations" ], "summary": "Add user to organization", "description": "Add user to organization. Caller requires the ORGANIZATIONS:EDIT permission.", "operationId": "createUserOrganizationAssociationUsingPOST", "parameters": [ { "name": "orgid", "in": "path", "description": "The UUID of the organization.", "required": true, "schema": { "type": "string" } }, { "name": "userid", "in": "path", "description": "The UUID of the user to be added to the organization.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ORGANIZATIONS:EDIT" ] } ] }, "delete": { "tags": [ "Organizations" ], "summary": "Remove user from organization", "description": "Remove user from organization. Caller requires the ORGANIZATIONS:EDIT permission.", "operationId": "deleteUserOrganizationAssociationUsingDELETE", "parameters": [ { "name": "orgid", "in": "path", "description": "The UUID of the organization.", "required": true, "schema": { "type": "string" } }, { "name": "userid", "in": "path", "description": "The UUID of the user to be remove from the organization.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ORGANIZATIONS:EDIT" ] } ] } }, "/api/web/v1/organizationspaged": { "post": { "tags": [ "Organizations" ], "summary": "List a page of organizations", "description": "Returns organizations for the provided search parameters. Caller requires the ORGANIZATIONS:VIEW permission. The following searchByAttributes are supported:
  • displayName: a string value that indicates the display name of the organizations. Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • name: a string value that indicates the name of the organizations. Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
If you provide more than one search attribute, they are joined with an AND condition.

The orderByAttribute supports these attribute names: displayName, name.

", "operationId": "organizationsPagedUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrganizationPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ORGANIZATIONS:VIEW" ] } ] } }, "/api/web/v1/otps": { "post": { "tags": [ "OTPs" ], "summary": "Creates and returns an OTP", "description": "Create and return an OTP. Caller requires the OTPS:ADD permission.", "operationId": "createOTPUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OTPCreateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OTP" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "OTPS:ADD" ] } ] } }, "/api/web/v1/roles": { "get": { "tags": [ "Roles" ], "summary": "List roles", "description": "List all roles. Caller requires the ROLES:VIEW permission.", "operationId": "listSiteRolesUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/RoleUser" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ROLES:VIEW" ] } ] } }, "/api/web/v1/roles/{id}": { "get": { "tags": [ "Roles" ], "summary": "Get a role", "description": "Get a specified role. Caller requires the ROLES:VIEW permission.", "operationId": "getSiteRoleUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the role to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Role" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "ROLES:VIEW" ] } ] } }, "/api/web/v1/scdefns": { "get": { "tags": [ "Smart Credentials" ], "summary": "List smart credential definitions", "description": "List all the smart credential definition. Caller requires the SCDEFNS:VIEW permission.", "operationId": "listSCDefnsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/SCDefn" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SCDEFNS:VIEW" ] } ] } }, "/api/web/v1/scdefns/name": { "post": { "tags": [ "Smart Credentials" ], "summary": "Get a smart credential definition by name", "description": "Get the smart credential definition for the specified name. Caller requires the SCDEFNS:VIEW permission.", "operationId": "getSCDefnByNameUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SCDefnGetParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SCDefn" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SCDEFNS:VIEW" ] } ] } }, "/api/web/v1/scdefns/users/{userId}": { "get": { "tags": [ "Smart Credentials" ], "summary": "List allowed smart credential definitions", "description": "List allowed smart credential definitions. Caller requires the SCDEFNS:VIEW permission.", "operationId": "listAllowedSCDefnsUsingGET", "parameters": [ { "name": "userId", "in": "path", "description": "The UUID of the user whose allowed smart credential definitions to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/SCDefn" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SCDEFNS:VIEW" ] } ] } }, "/api/web/v1/scdefns/{id}": { "get": { "tags": [ "Smart Credentials" ], "summary": "Get a smart credential definition", "description": "Get the smart credential definition for the specified UUID. Caller requires the SCDEFNS:VIEW permission.", "operationId": "getSCDefnUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential definition to be retrieved.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SCDefn" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SCDEFNS:VIEW" ] } ] } }, "/api/web/v1/searchbases/{searchbaseid}": { "get": { "tags": [ "Directories" ], "summary": "Get a searchbase", "description": "Get the specified searchbase. Caller requires the DIRECTORIES:VIEW permission.", "operationId": "getSearchBaseUsingGET", "parameters": [ { "name": "searchbaseid", "in": "path", "description": "The UUID of the searchbase to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchBase" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "DIRECTORIES:VIEW" ] } ] } }, "/api/web/v1/settings/entrustst": { "get": { "tags": [ "Settings" ], "summary": "Get Entrust ST Authenticator settings", "description": "Get Entrust ST Authenticator settings. Caller requires the SETTINGS:VIEW permission.", "operationId": "getEntrustSTAuthenticatorSettingsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EntrustSTAuthenticatorSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] }, "put": { "tags": [ "Settings" ], "summary": "Update Entrust ST Authenticator settings", "description": "Update Entrust ST Authenticator settings. Caller requires the SETTINGS:EDIT permission.", "operationId": "updateEntrustSTAuthenticatorSettingsUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EntrustSTAuthenticatorSettings" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:EDIT" ] } ] } }, "/api/web/v1/settings/face/account": { "get": { "tags": [ "Settings" ], "summary": "Get Onfido account settings used by the Face Biometric authenticator", "description": "Get the current Onfido account settings used by the Face Biometric authenticator. Requires the SETTINGS:VIEW permission.", "operationId": "getFaceAccountSettingsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FaceAccountSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] }, "put": { "tags": [ "Settings" ], "summary": "Update Onfido account settings used by the Face Biometric authenticator", "description": "Update the Onfido account settings used by the Face Biometric authenticator. Requires the SETTINGS:EDIT permission.", "operationId": "setFaceAccountSettingsUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FaceAccountSettings" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:EDIT" ] } ] } }, "/api/web/v1/settings/fido": { "get": { "tags": [ "Settings" ], "summary": "Get FIDO settings", "description": "Get the FIDO settings. Caller requires the SETTINGS:VIEW permission.", "operationId": "getFIDOSettingsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDOAuthenticatorSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] }, "put": { "tags": [ "Settings" ], "summary": "Update FIDO settings", "description": "Update the FIDO settings. Caller requires the SETTINGS:EDIT permission.", "operationId": "updateFIDOSettingsUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDOAuthenticatorSettingsParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:EDIT" ] } ] } }, "/api/web/v1/settings/fido/configuration/android": { "post": { "tags": [ "Settings" ], "summary": "Fetch Android association file for a FIDO relying party", "description": "Fetch Android association file for a FIDO relying party. Caller requires the SETTINGS:VIEW permission.", "operationId": "fetchAndroidAssociationFileUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDOAssociationFileRequest" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/FIDOAndroidAssetLinks" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] } }, "/api/web/v1/settings/fido/configuration/ios": { "post": { "tags": [ "Settings" ], "summary": "Fetch Apple association file for a FIDO relying party", "description": "Fetch Apple association file for a FIDO relying party. Caller requires the SETTINGS:VIEW permission.", "operationId": "fetchAppleAssociationFileUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDOAssociationFileRequest" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FIDOAppleAppSiteAssociation" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] } }, "/api/web/v1/settings/general": { "get": { "tags": [ "Settings" ], "summary": "Get general settings", "description": "Get general settings. Caller requires the SETTINGS:VIEW permission.", "operationId": "getGeneralSettingsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] }, "put": { "tags": [ "Settings" ], "summary": "Update general settings", "description": "Update general settings. Caller requires the SETTINGS:EDIT permission.", "operationId": "updateGeneralSettingsUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralSettings" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:EDIT" ] } ] } }, "/api/web/v1/settings/google": { "get": { "tags": [ "Settings" ], "summary": "Get Google Authenticator settings", "description": "Get Google Authenticator settings. Caller requires the SETTINGS:VIEW permission.", "operationId": "getGoogleAuthenticatorSettingsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GoogleAuthenticatorSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] }, "put": { "tags": [ "Settings" ], "summary": "Update Google Authenticator settings", "description": "Update Google Authenticator settings. Caller requires the SETTINGS:EDIT permission.", "operationId": "updateGoogleAuthenticatorSettingsUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GoogleAuthenticatorSettings" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:EDIT" ] } ] } }, "/api/web/v1/settings/passwordreset": { "get": { "tags": [ "Settings" ], "summary": "Get Password Reset settings", "description": "Get the password reset settings. Caller requires the SETTINGS:VIEW permission.", "operationId": "getPasswordResetSettingsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PasswordResetSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] }, "put": { "tags": [ "Settings" ], "summary": "Update Password Reset settings", "description": "Update the password reset settings. Caller requires the SETTINGS:EDIT permission.", "operationId": "updatePasswordResetSettingsUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PasswordResetSettings" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:EDIT" ] } ] } }, "/api/web/v1/smartcredentials": { "post": { "tags": [ "Smart Credentials" ], "summary": "Create a smart credential", "description": "Create a smart credential for a user. Caller requires the SMARTCREDENTIALS:ADD permission.", "operationId": "createSmartCredentialUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredential" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:ADD" ] } ] } }, "/api/web/v1/smartcredentials/certificate/{id}/export/{format}": { "get": { "tags": [ "Smart Credentials" ], "summary": "Export a certificate from a smart credential", "description": "Export the specified certificate. Caller requires the SMARTCREDENTIALS:VIEW permission.", "operationId": "exportCertificateUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the certificate to be exported.", "required": true, "schema": { "type": "string" } }, { "name": "format", "in": "path", "description": "The format in which to export the certificate.", "required": true, "schema": { "type": "string", "enum": [ "CA", "P7", "CERT" ] } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExportCertificate" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:VIEW" ] } ] } }, "/api/web/v1/smartcredentials/certificate/{id}/hold": { "put": { "tags": [ "Smart Credentials" ], "summary": "Hold a certificate from a smart credential", "description": "Hold the specified certificate. Caller requires the SMARTCREDENTIALS:EDIT permission.", "operationId": "holdCertificateUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the certificate to be put on hold.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:EDIT" ] } ] } }, "/api/web/v1/smartcredentials/certificate/{id}/revoke": { "put": { "tags": [ "Smart Credentials" ], "summary": "Revoke a certificate from a smart credential", "description": "Revoke the specified certificate. Caller requires the SMARTCREDENTIALS:EDIT permission.", "operationId": "revokeCertificateUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the certificate to be revoked.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:EDIT" ] } ] } }, "/api/web/v1/smartcredentials/certificate/{id}/unhold": { "put": { "tags": [ "Smart Credentials" ], "summary": "Unhold a certificate from a smart credential", "description": "Unhold the specified certificate. Caller requires the SMARTCREDENTIALS:EDIT permission.", "operationId": "unholdCertificateUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the certificate to be put removed from hold.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:EDIT" ] } ] } }, "/api/web/v1/smartcredentials/serialnumber/{sernum}": { "get": { "tags": [ "Smart Credentials" ], "summary": "Get a smart credential by serial number", "description": "Get the specified smart credential by serial number. Caller requires the SMARTCREDENTIALS:VIEW permission.", "operationId": "getSmartCredentialBySerialNumberUsingGET", "parameters": [ { "name": "sernum", "in": "path", "description": "The serial number of the smart credential to be retrieved.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredential" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:VIEW" ] } ] } }, "/api/web/v1/smartcredentials/{id}": { "get": { "tags": [ "Smart Credentials" ], "summary": "Get a smart credential", "description": "Get the specified smart credential. Caller requires the SMARTCREDENTIALS:VIEW permission.", "operationId": "getSmartCredentialUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential to be retrieved.", "required": true, "schema": { "type": "string" } }, { "name": "revocationInfo", "in": "query", "description": "Optional flag indicating if revocation inforamtion should be returned. Defaults to false if not specified.", "required": false, "schema": { "type": "boolean", "default": false } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredential" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:VIEW" ] } ] }, "put": { "tags": [ "Smart Credentials" ], "summary": "Update a smart credential", "description": "Update the specified smart credential. Caller requires the SMARTCREDENTIALS:EDIT permission.", "operationId": "updateSmartCredentialUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:EDIT" ] } ] }, "delete": { "tags": [ "Smart Credentials" ], "summary": "Delete a smart credential", "description": "Delete the specified smart credential. Caller requires the SMARTCREDENTIALS:REMOVE permission.", "operationId": "deleteSmartCredentialUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:REMOVE" ] } ] } }, "/api/web/v1/smartcredentials/{id}/activate": { "put": { "tags": [ "Smart Credentials" ], "summary": "Activate a smart credential", "description": "Activate the specified smart credential. Caller requires the SMARTCREDENTIALS:EDIT permission.", "operationId": "activateSmartCredentialUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential to be activated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ActivateSmartCredentialParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ActivateSmartCredentialResult" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:EDIT" ] } ] } }, "/api/web/v1/smartcredentials/{id}/changestate": { "put": { "tags": [ "Smart Credentials" ], "summary": "Change smart credential state", "description": "Change the state of the specified smart credential. Caller requires the SMARTCREDENTIALS:EDIT permission.", "operationId": "changeSmartCredentialStateUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential whose state is to be changed.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialChangeStateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:EDIT" ] } ] } }, "/api/web/v1/smartcredentials/{id}/completesign": { "put": { "tags": [ "Smart Credentials" ], "summary": "Smart credential complete signature", "description": "Smart credential complete sign. Caller requires the SMARTCREDENTIALSSIGNATURE:ADD permission.", "operationId": "completeSignSmartCredentialUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialCompleteSignParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialCompleteSignResponse" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALSSIGNATURE:ADD" ] } ] } }, "/api/web/v1/smartcredentials/{id}/startsign": { "put": { "tags": [ "Smart Credentials" ], "summary": "Smart credential start signature", "description": "Smart credential start sign. Caller requires the SMARTCREDENTIALSSIGNATURE:ADD permission.", "operationId": "startSignSmartCredentialUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialStartSignParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialStartSignResponse" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALSSIGNATURE:ADD" ] } ] } }, "/api/web/v1/smartcredentials/{id}/unassign": { "put": { "tags": [ "Smart Credentials" ], "summary": "Unassign a smart credential", "description": "Unassign the specified smart credential. Caller requires the SMARTCREDENTIALS:EDIT permission.", "operationId": "unassignSmartCredentialUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential to be unassigned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:EDIT" ] } ] } }, "/api/web/v1/smartcredentials/{id}/unblock": { "put": { "tags": [ "Smart Credentials" ], "summary": "Unblock a smart credential", "description": "Unblock the specified smart credential. Caller requires the SMARTCREDENTIALS:EDIT permission.", "operationId": "unblockSmartCredentialUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the smart credential that is to be unblocked.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialUnblockParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SmartCredentialUnblockResponse" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SMARTCREDENTIALS:EDIT" ] } ] } }, "/api/web/v1/syncusers/sync": { "post": { "tags": [ "Users" ], "summary": "Synchronize a new user or an existing user", "description": "Synchronize a user. Caller requires the USERS:EDIT permission. An Identity as a Service directory must be configured and associated with an Identity as a Service Gateway 5.0 or later. If you unsynchronize a user using the unsync API, the user becomes locally managed. In order to set the user back to an AD Sync user, the user should be synchronized again using this API. Using an AD Sync crawl will only re-synchronize the user if the user is updated in AD (i.e., the user's last update time in AD is updated) or a new custom user attribute mapping is added for the directory (this resets The last update time for all users such that all AD users will be re-synchronlized).

The following response status attribute values are possible:
  • CONVERTED: the locally managed Identity as a Service user was converted into an AD Sync user.
  • CREATED: a new user was created as an AD Sync user.
  • DELETED: the user was not found in AD and has been deleted in Identity as a Service.
  • LOCALIZED_ENABLED: the user was not found in AD and has been set as locally managed and enabled in Identity as a Service.
  • LOCALIZED_DISABLED: the user was not found in AD and has been set as locally managed and disabled in Identity as a Service.
  • UPDATED: the user was synchronized.
", "operationId": "syncUserUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SyncUserParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SyncUser" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] } }, "/api/web/v1/syncusers/unsync": { "post": { "tags": [ "Users" ], "summary": "Unsynchronize an existing user", "description": "Unsynchronize a user. Caller requires the USERS:EDIT permission. An Identity as a Service directory must be configured and associated with an Identity as a Service Gateway 5.0 or later. If you unsynchronize a user using this API, the user becomes locally managed. In order to set the user back to an AD Sync user, the user should be synchronized again using the sync API. Using an AD Sync crawl will only re-synchronize the user if the user is updated in AD (i.e., the user's last update time in AD is updated) or a new custom user attribute mapping is added for the directory (this resets the last update time for all users such that all AD users will be re-synchronlized).", "operationId": "unsyncUserUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnsyncUserParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] } }, "/api/web/v1/tenants/{id}/spidentityprovider": { "get": { "tags": [ "Tenants" ], "summary": "Get Tenant Identity Provider and Service Provider OIDC Application for Tenant Management.", "description": "Get Tenant Identity Provider and Service Provider OIDC Application for Tenant Management. Caller requires the SPIDENTITYPROVIDERS:VIEW permission.", "operationId": "getSpIdentityProviderUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the tenant to be obtained.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SpIdentityProvider" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SPIDENTITYPROVIDERS:VIEW" ] } ] }, "put": { "tags": [ "Tenants" ], "summary": "Set Tenant Identity Provider and Service Provider OIDC Application for Tenant Management", "description": "Set Tenant Identity Provider and Service Provider OIDC Application for Tenant Management. Caller requires the SPIDENTITYPROVIDERS:EDIT permission.", "operationId": "setSpIdentityProviderUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the tenant to be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SpIdentityProviderParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SpIdentityProvider" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SPIDENTITYPROVIDERS:EDIT" ] } ] } }, "/api/web/v1/tokens/sernum/{sernum}": { "get": { "tags": [ "Tokens" ], "summary": "Get a token by serial number", "description": "Get the token for the specified serial number. Caller requires the TOKENS:VIEW permission.", "operationId": "getTokenBySerialNumberUsingGET", "parameters": [ { "name": "sernum", "in": "path", "description": "The serial number of the token to be retrieved.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Token" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:VIEW" ] } ] } }, "/api/web/v1/tokens/{tokenid}": { "get": { "tags": [ "Tokens" ], "summary": "Get a token", "description": "Get the token for the specified UUID. Caller requires the TOKENS:VIEW permission.", "operationId": "getTokenUsingGET", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token to be retrieved.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Token" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:VIEW" ] } ] }, "put": { "tags": [ "Tokens" ], "summary": "Modify a token", "description": "Modify the specified token. Caller requires the TOKENS:EDIT permission.", "operationId": "modifyTokenUsingPUT", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TokenParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:EDIT" ] } ] }, "delete": { "tags": [ "Tokens" ], "summary": "Delete a token", "description": "Delete the specified token. Caller requires the TOKENS:REMOVE permission.", "operationId": "deleteTokenUsingDELETE", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:REMOVE" ] } ] } }, "/api/web/v1/tokens/{tokenid}/activation": { "put": { "tags": [ "Tokens" ], "summary": "Complete token activation", "description": "Complete activation of the given token. Caller requires the TOKENS:ADD permission.", "operationId": "completeActivateTokenUsingPUT", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token for which activation is to be completed.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ActivateCompleteParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:ADD" ] } ] }, "post": { "tags": [ "Tokens" ], "summary": "Start token activation", "description": "Start activation of the given token. Caller requires the TOKENS:ADD permission.", "operationId": "startActivateTokenUsingPOST", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token to be activated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ActivateParms" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ActivateResult" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:ADD" ] } ] } }, "/api/web/v1/tokens/{tokenid}/assign": { "put": { "tags": [ "Tokens" ], "summary": "Assign token to user", "description": "Given a hardware token, assign it to a user. Caller requires the TOKENS:EDIT permission.", "operationId": "assignTokenByIdUsingPUT", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token to be assigned to a user.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AssignParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:EDIT" ] } ] } }, "/api/web/v1/tokens/{tokenid}/assigned": { "put": { "tags": [ "Tokens" ], "summary": "Modify an assigned token", "description": "Modify an assigned token. Caller requires the TOKENS:EDIT permission.", "operationId": "modifyAssignedTokenUsingPUT", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the assigned token to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AssignedTokenParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:EDIT" ] } ] } }, "/api/web/v1/tokens/{tokenid}/changestate": { "put": { "tags": [ "Tokens" ], "summary": "Change token state", "description": "Change the state of a token. Caller requires the TOKENS:EDIT permission.", "operationId": "changeTokenStateUsingPUT", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token that will have its state changed.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeStateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:EDIT" ] } ] } }, "/api/web/v1/tokens/{tokenid}/reset": { "put": { "tags": [ "Tokens" ], "summary": "Reset a token", "description": "Reset a token. Caller requires the TOKENS:EDIT permission.", "operationId": "resetTokenUsingPUT", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token to be reset.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResetParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:EDIT" ] } ] } }, "/api/web/v1/tokens/{tokenid}/unassign": { "put": { "tags": [ "Tokens" ], "summary": "Unassign a token", "description": "Unassign a token from a user. Caller requires the TOKENS:EDIT permission.", "operationId": "unassignTokenUsingPUT", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token to be unassigned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:EDIT" ] } ] } }, "/api/web/v1/tokens/{tokenid}/unlock": { "put": { "tags": [ "Tokens" ], "summary": "Unlock a token", "description": "Unlock a token. Caller requires the TOKENS:EDIT permission.", "operationId": "unlockTokenUsingPUT", "parameters": [ { "name": "tokenid", "in": "path", "description": "The UUID of the token that will be unlocked.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnlockParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnlockResult" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:EDIT" ] } ] } }, "/api/web/v1/tokenspaged/assigned": { "post": { "tags": [ "Tokens" ], "summary": "Lists a page of assigned tokens", "description": "Returns assigned tokens for the provided search parameters. Caller requires the TOKENS:VIEW permission.The following searchByAttributes are supported:
  • state: NEW, ACTIVE, ACTIVATING or INACTIVE. Allowed operator: EQUALS.
  • serialNumber: a String up to 100 characters. Allowed operators are: EQUALS, CONTAINS, STARTS_WITH.
  • type: ENTRUST_SOFT_TOKEN, GOOGLE_AUTHENTICATOR, OATH_PHYSICAL_TOKEN or ENTRUST_LEGACY_TOKEN. Allowed operator: EQUALS.
  • loadDate: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • lastUsedDate: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • groupId: a String value should be a UUID of an existing group. Allowed operator: EQUALS.
  • label: a String up to 100 characters. Allowed operator: CONTAINS.
The orderByAttribute supports these attribute names: serialNumber, state, loadDate or lastUsedDate.Sorting by attributes containing Null values such as lastUsedDate is not possible. Therefore, any record containing Null in the orderByAttribute will be filtered out before doing the sorting.", "operationId": "assignedTokenPageUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TokensPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:VIEW" ] } ] } }, "/api/web/v1/tokenspaged/unassigned": { "post": { "tags": [ "Tokens" ], "summary": "Lists a page of unassigned hardware tokens", "description": "Returns unassigned hardware tokens for the provided search parameters. Caller requires the TOKENS:VIEW permission.The following searchByAttributes are supported:
  • serialNumber: a String up to 100 characters. Allowed operators are: EQUALS, CONTAINS, STARTS_WITH.
  • type: OATH_PHYSICAL_TOKEN or ENTRUST_LEGACY_TOKEN. Allowed operator: EQUALS.
  • loadDate: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • groupId: a String value should be a UUID of an existing group. Allowed operator: EQUALS.
The orderByAttribute supports these attribute names: serialNumber.", "operationId": "unassignedTokenPageUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TokensPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:VIEW" ] } ] } }, "/api/web/v1/transactionrules": { "get": { "tags": [ "Resource Rules" ], "summary": "List all transaction rules", "description": "Get all transaction rules. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "getTransactionRulesUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/TransactionRuleDescription" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] } }, "/api/web/v1/userattributes": { "get": { "tags": [ "User Attributes" ], "summary": "List user attributes", "description": "List all user attributes defined for the account. Caller requires the USERATTRIBUTES:VIEW permission.", "operationId": "listUserAttributesUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/UserAttribute" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERATTRIBUTES:VIEW" ] } ] }, "post": { "tags": [ "User Attributes" ], "summary": "Create a user attribute", "description": "Create a user attribute. Caller requires the USERATTRIBUTES:ADD permission.", "operationId": "createUserAttributeUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserAttributeParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserAttribute" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERATTRIBUTES:ADD" ] } ] } }, "/api/web/v1/userattributes/{id}": { "get": { "tags": [ "User Attributes" ], "summary": "Get a user attribute", "description": "Get the specified user attribute. Caller requires the USERATTRIBUTES:VIEW permission.", "operationId": "getUserAttributeUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user attribute to get.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserAttribute" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERATTRIBUTES:VIEW" ] } ] }, "put": { "tags": [ "User Attributes" ], "summary": "Modify a user attribute", "description": "Modify the specified user attribute. Caller requires the USERATTRIBUTES:EDIT permission.", "operationId": "modifyUserAttributeUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user attribute to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserAttributeParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserAttribute" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERATTRIBUTES:Edit" ] } ] }, "delete": { "tags": [ "User Attributes" ], "summary": "Delete a user attribute", "description": "Delete the specified user attribute. Caller requires the USERATTRIBUTES:REMOVE permission.", "operationId": "deleteUserAttributeUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user attribute to delete.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERATTRIBUTES:Remove" ] } ] } }, "/api/web/v1/userauthorizationgroup/{userid}/groups": { "put": { "tags": [ "Groups" ], "summary": "Modify user group membership", "description": "Modify the list of groups assigned to a specified user. Caller requires the USERS:EDIT permission.", "operationId": "modifyUserAuthorizationGroupAssociationsUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose group membership is to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "type": "array", "description": "A list of group UUIDs that will be assigned to the user.", "items": { "type": "string" } } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] } }, "/api/web/v1/useroauthrole/{userid}/oauthroles": { "put": { "tags": [ "OAuth Roles" ], "summary": "Modify user oauth role membership", "description": "Modify the list of oauth roles assigned to a specified user. Caller requires the USERS:EDIT permission.", "operationId": "modifyUserOAuthRoleAssociationsUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose oauth role membership is to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "type": "array", "description": "A list of oauth role UUIDs that will be assigned to the user.", "items": { "type": "string" } } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] } }, "/api/web/v1/users/userquestions/{locale}": { "get": { "tags": [ "KBA" ], "summary": "Get a list of Knowledge-based questions that a user can answer", "description": "Get a list of Knowledge-based questions for the specified locale (language). The locale should be the two letter Caller requires the USERQUESTIONS:VIEW permission.", "operationId": "getKbaQuestionsUsingGET", "parameters": [ { "name": "locale", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/UserQuestion" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERQUESTIONS:VIEW" ] } ] } }, "/api/web/v1/users/{id}/grids/assign": { "put": { "tags": [ "Grids" ], "summary": "Assign a user to a grid", "description": "Assign the specified user a grid. Caller requires the GRIDS:EDIT permission.", "operationId": "assignGridBySerialNumberUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user to which a grid is to be assigned.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridAssignParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:EDIT" ] } ] } }, "/api/web/v1/users/{id}/state": { "put": { "tags": [ "Users" ], "summary": "Update user state", "description": "Update the state of the specified user. Caller requires the USERS:EDIT permission.", "operationId": "updateUserStateUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user whose state is to be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserChangeStateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] } }, "/api/web/v1/users/{id}/tokens/assign": { "put": { "tags": [ "Tokens" ], "summary": "Assign user to token", "description": "Given a user assign a hardware token. Caller requires the TOKENS:EDIT permission.", "operationId": "assignTokenBySerialNumberUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user to which the token is to be assigned.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AssignParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:EDIT" ] } ] } }, "/api/web/v1/users/{id}/unlock": { "put": { "tags": [ "Users" ], "summary": "Unlock user", "description": "Unlock the specified user. Caller requires the USERS:EDIT permission.", "operationId": "unlockUserUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user that will be unlocked.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] } }, "/api/web/v1/users/{userid}/expectedlocations": { "get": { "tags": [ "User RBA Settings" ], "summary": "List expected locations for a user", "description": "Lists the expected locations for the specified user. Caller requires the USERRBASETTINGS:VIEW permission.", "operationId": "listUserExpectedLocationsUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose expected locations will be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserExpectedLocations" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERRBASETTINGS:VIEW" ] } ] }, "put": { "tags": [ "User RBA Settings" ], "summary": "Set expected locations for a user", "description": "Sets the list of expected locations for the specified user. Caller requires the USERRBASETTINGS:EDIT permission.", "operationId": "setUserExpectedLocationsUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose expected locations will be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "type": "array", "description": "The new list of expected locations that will be set for the user.", "items": { "$ref": "#/components/schemas/ExpectedLocation" } } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERRBASETTINGS:EDIT" ] } ] } }, "/api/web/v1/users/{userid}/face": { "put": { "tags": [ "Face" ], "summary": "Update the Face Biometric for a given user", "description": "Update the Face Biometric authenticator for the specified user UUID. Requires the FACE:EDIT permission.", "operationId": "updateFaceUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user to update the Face Biometric for.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FaceUpdateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FACE:EDIT" ] } ] }, "post": { "tags": [ "Face" ], "summary": "Create a Face Biometric for a user", "description": "Create a Face for the specified user. Caller requires the FACE:ADD permission.", "operationId": "createFaceUsingPOST", "parameters": [ { "name": "userid", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FaceCreateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FaceAuthenticator" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "deprecated": true, "security": [ { "AdminAPIAuthentication": [ "FACE:ADD" ] } ] } }, "/api/web/v1/users/{userid}/faces": { "get": { "tags": [ "Face" ], "summary": "Get a list of Face Biometric for a given user", "description": "Get a list of Face Biometrics authenticators for the specified user UUID. Requires the FACE:VIEW permission.", "operationId": "getFacesUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user to get the Face Biometrics for.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/FaceAuthenticator" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FACE:VIEW" ] } ] } }, "/api/web/v1/users/{userid}/kbachallenges": { "delete": { "tags": [ "KBA" ], "summary": "Delete retained knowledge-based authenticator challenges", "description": "Delete all retained knowledge-based authenticator challenges for the specified user. Caller requires the USERQUESTIONS:REMOVE permission.", "operationId": "deleteUserKbaChallengesUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user from which the retained KBA challenges are to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERQUESTIONS:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/list/passwords": { "get": { "tags": [ "Passwords" ], "summary": "Gets a list of user passwords", "description": "Get password information for the specified user. Caller requires the USERPASSWORDS:VIEW permission.", "operationId": "getUserNamedPasswordsUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose password information is to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/UserPassword" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:VIEW" ] } ] } }, "/api/web/v1/users/{userid}/machines": { "get": { "tags": [ "Machine Auth" ], "summary": "List machine authenticators for a user", "description": "List all machine authenticators for the specified user. Caller requires the USERMACHINES:VIEW permission.", "operationId": "listMachineAuthenticatorsUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user for which machine authenticators are to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/UserMachineAuthenticator" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERMACHINES:VIEW" ] } ] }, "post": { "tags": [ "Machine Auth" ], "summary": "Create a Machine Authenticator", "description": "Create a Machine Authenticator for a user. Caller requires the USERMACHINES:ADD permission.", "operationId": "createMachineAuthenticatorUsingPOST", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user for which the machine authenticator is to be added.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MachineAuthenticatorRegistration" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MachineAuthenticatorRegistrationResult" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERMACHINES:ADD" ] } ] } }, "/api/web/v1/users/{userid}/machines/{id}": { "delete": { "tags": [ "Machine Auth" ], "summary": "Delete a Machine Authenticator", "description": "Deletes a Machine Authenticator from a user. Caller requires the USERMACHINES:REMOVE permission.", "operationId": "deleteMachineAuthenticatorUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user from which the machine authenticator is to be deleted.", "required": true, "schema": { "type": "string" } }, { "name": "id", "in": "path", "description": "The UUID of the machine authenticator which is to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERMACHINES:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/magiclink": { "get": { "tags": [ "Magic Link" ], "summary": "Get the Magic Link for a user", "description": "Get information about the Magic Link for the specified user UUID if one has been created. Requires the MAGICLINKS:VIEW permission.", "operationId": "getMagicLinkUsingGET", "parameters": [ { "name": "userid", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MagicLink" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "MAGICLINKS:VIEW" ] } ] }, "put": { "tags": [ "Magic Link" ], "summary": "Create and get the Magic Link for a user", "description": "Create and get the Magic Link for the specified user UUID. Requires the MAGICLINKS:ADD permission.", "operationId": "createMagicLinkUsingPUT", "parameters": [ { "name": "userid", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MagicLinkCreateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MagicLinkResponse" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "MAGICLINKS:ADD" ] } ] }, "delete": { "tags": [ "Magic Link" ], "summary": "Delete the Magic Link for a given user", "description": "Delete the Magic Link for the specified user UUID. Requires the MAGICLINKS:REMOVE permission.", "operationId": "deleteMagicLinkUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user to delete the Magic Link for.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "MAGICLINKS:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/organizations": { "put": { "tags": [ "Users" ], "summary": "Modify user organization membership", "description": "Modify the list of organizations assigned to a specified user. Caller requires the USERS:EDIT permission.", "operationId": "modifyUserAOrganizationAssociationsUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose organization membership is to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserOrganizationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] } }, "/api/web/v1/users/{userid}/password/notify": { "put": { "tags": [ "Passwords" ], "summary": "Update and send a password expiry notification", "description": "Updates and sends a password expiry notification to the specified user. Caller requires the USERPASSWORDS:EDIT permission.", "operationId": "sendPasswordExpiryNotificationUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user to send an expiry notification to.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:EDIT" ] } ] } }, "/api/web/v1/users/{userid}/password/validate": { "post": { "tags": [ "Passwords" ], "summary": "Validate user password", "description": "Validate user password. Caller requires the USERPASSWORDS:EDIT permission.", "operationId": "validateUserPasswordUsingPOST", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose password is to be validated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserPasswordValidationParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserPasswordValidationResponse" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:EDIT" ] } ] } }, "/api/web/v1/users/{userid}/password/{namedpasswordid}/notify": { "put": { "tags": [ "Passwords" ], "summary": "Update and send a password expiry notification using password ID", "description": "Updates and sends a password expiry notification to the specified user. Caller requires the USERPASSWORDS:EDIT permission.", "operationId": "sendUserNamedPasswordExpiryNotificationUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user to send an expiry notification to.", "required": true, "schema": { "type": "string" } }, { "name": "namedpasswordid", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:EDIT" ] } ] } }, "/api/web/v1/users/{userid}/passwords": { "get": { "tags": [ "Passwords" ], "summary": "Gets a user password", "description": "Get password information for the specified user. Caller requires the USERPASSWORDS:VIEW permission.", "operationId": "getUserPasswordUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose password information is to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserPassword" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:VIEW" ] } ] }, "put": { "tags": [ "Passwords" ], "summary": "Set a user password", "description": "Set a user password for the specified user. Caller requires the USERPASSWORDS:EDIT permission.", "operationId": "setUserPasswordUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose password is to be created or modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserPasswordParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserPassword" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:EDIT" ] } ] }, "delete": { "tags": [ "Passwords" ], "summary": "Delete a user password", "description": "Delete the user's password. Caller requires the USERPASSWORDS:REMOVE permission.", "operationId": "deleteUserPasswordUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user from which the password will be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/passwords/{namedpasswordid}": { "delete": { "tags": [ "Passwords" ], "summary": "Delete a user password using the password ID", "description": "Delete the user's password. Caller requires the USERPASSWORDS:REMOVE permission.", "operationId": "deleteUserNamedPasswordUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user from which the password will be deleted.", "required": true, "schema": { "type": "string" } }, { "name": "namedpasswordid", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/roles": { "get": { "tags": [ "Roles" ], "summary": "List all site roles assigned to user", "description": "List all site roles assigned to the specified user. Caller requires the USERSITEROLES:VIEW permission.", "operationId": "getUserRolesUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Role" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERSITEROLES:VIEW" ] } ] } }, "/api/web/v1/users/{userid}/roles/{roleid}": { "get": { "tags": [ "Roles" ], "summary": "Get site role assigned to user", "description": "Get the specified site role assigned to the specified user. Caller requires the USERSITEROLES:VIEW permission.", "operationId": "getUserSiteRoleAssociationUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user to which the role is assigned.", "required": true, "schema": { "type": "string" } }, { "name": "roleid", "in": "path", "description": "The UUID of the role assigned to the user.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Role" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERSITEROLES:VIEW" ] } ] }, "put": { "tags": [ "Roles" ], "summary": "Set user role", "description": "Set the role of the given user to the given role. Caller requires the USERSITEROLES:EDIT permission.", "operationId": "modifyUserSiteRoleAssociationUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose role is to be modified.", "required": true, "schema": { "type": "string" } }, { "name": "roleid", "in": "path", "description": "The UUID of the role which will be assigned to the user.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERSITEROLES:EDIT" ] } ] }, "delete": { "tags": [ "Roles" ], "summary": "Delete a site role from a user", "description": "Delete a user's site role. Caller requires the USERSITEROLES:REMOVE permission.", "operationId": "deleteUserSiteRoleAssociationUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user from which the role is to be removed.", "required": true, "schema": { "type": "string" } }, { "name": "roleid", "in": "path", "description": "The UUID of the role that is to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERSITEROLES:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/settings/face": { "get": { "tags": [ "Face" ], "summary": "Get a users Face Biometric settings", "description": "Get Face Biometric settings information for the specified user UUID. Requires the FACE:VIEW permission.", "operationId": "getUserFaceSettingsUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user to get the settings for.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserFaceSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FACE:VIEW" ] } ] } }, "/api/web/v1/users/{userid}/settings/password": { "get": { "tags": [ "Passwords" ], "summary": "Gets a user password settings", "description": "Get password settings information for the specified user. Caller requires the USERPASSWORDS:VIEW permission.", "operationId": "getUserPasswordSettingsUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose password settings information is to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserPasswordSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:VIEW" ] } ] } }, "/api/web/v1/users/{userid}/settings/password/{namedpasswordid}": { "get": { "tags": [ "Passwords" ], "summary": "Get user password authenticator settings by named password ID", "description": "Get password settings information for the specified user. Caller requires the USERPASSWORDS:VIEW permission.", "operationId": "getUserNamedPasswordSettingsUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose password settings information is to be fetched.", "required": true, "schema": { "type": "string" } }, { "name": "namedpasswordid", "in": "path", "description": "The named password ID whose password settings information is to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserPasswordSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERPASSWORDS:VIEW" ] } ] } }, "/api/web/v1/users/{userid}/tempaccesscode": { "get": { "tags": [ "Temp Access Codes" ], "summary": "Get a temporary access code", "description": "Get the temporary access code for the given user. Caller requires the TEMPACCESSCODE:VIEW permission.", "operationId": "getTempAccessCodeUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose temporary access code will be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TempAccessCode" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TEMPACCESSCODE:VIEW" ] } ] }, "post": { "tags": [ "Temp Access Codes" ], "summary": "Create a temporary access code", "description": "Create a temporary access code for the given user. Caller requires the TEMPACCESSCODE:ADD permission.", "operationId": "createTempAccessCodeUsingPOST", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user for which a temporary access code will be created.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TempAccessCode" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TEMPACCESSCODE:ADD" ] } ] }, "delete": { "tags": [ "Temp Access Codes" ], "summary": "Delete a temporary access code", "description": "Delete the temporary access code for the given user. Caller requires the TEMPACCESSCODE:REMOVE permission.", "operationId": "deleteTempAccessCodeUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose temporary access code will be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TEMPACCESSCODE:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/tokens/{type}": { "post": { "tags": [ "Tokens" ], "summary": "Create a token", "description": "Create a token of the given type for the given user. Caller requires the TOKENS:ADD permission.", "operationId": "createTokenUsingPOST", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user for which a token is to be created.", "required": true, "schema": { "type": "string" } }, { "name": "type", "in": "path", "description": "The type of the token to be created. Only soft tokens can be created so this value must be one of ENTRUST_SOFT_TOKEN or GOOGLE_AUTHENTICATOR.", "required": true, "schema": { "type": "string", "enum": [ "ENTRUST_PHYSICAL_TOKEN", "ENTRUST_SOFT_TOKEN", "GOOGLE_AUTHENTICATOR", "OATH_PHYSICAL_TOKEN", "ENTRUST_LEGACY_TOKEN" ] } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TokenCreateParms" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Token" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TOKENS:ADD" ] } ] } }, "/api/web/v1/users/{userid}/userlocations": { "get": { "tags": [ "User RBA Settings" ], "summary": "Get user location history", "description": "Get the location history of the specified user. Caller requires the USERRBASETTINGS:VIEW permission.", "operationId": "listUserLocationsUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose location history is to be retrieved.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/UserLocation" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERRBASETTINGS:VIEW" ] } ] }, "delete": { "tags": [ "User RBA Settings" ], "summary": "Delete user location history", "description": "Delete one or more entries from a user's location history. Caller requires the USERRBASETTINGS:REMOVE permission.", "operationId": "deleteUserLocationsUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose location history is to be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "type": "array", "description": "A list of UUIDs of location history entries that are to be removed from the user.", "items": { "type": "string" } } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERRBASETTINGS:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/userquestions": { "get": { "tags": [ "KBA" ], "summary": "Get the knowledge-based authenticator", "description": "Get the knowledge-based authenticator for the specified user. Caller requires the USERQUESTIONS:VIEW permission.", "operationId": "getUserKbaUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose KBA information is to be retrieved.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/KnowledgeBasedAuthenticator" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERQUESTIONS:VIEW" ] } ] }, "put": { "tags": [ "KBA" ], "summary": "Modify a knowledge-based authenticator", "description": "Modify a knowledge-based authenticator for the specified user. Caller requires the USERQUESTIONANSWERS:EDIT permission.", "operationId": "updateKnowledgeBasedAuthenticatorUsingPUT", "parameters": [ { "name": "userid", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/KnowledgeBasedAuthenticator" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERQUESTIONANSWERS:EDIT" ] } ] }, "post": { "tags": [ "KBA" ], "summary": "Add a knowledge-based authenticator", "description": "Add a knowledge-based authenticator for the specified user. Caller requires the USERQUESTIONANSWERS:ADD permission.", "operationId": "addKnowledgeBasedAuthenticatorUsingPOST", "parameters": [ { "name": "userid", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/KnowledgeBasedAuthenticator" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERQUESTIONANSWERS:ADD" ] } ] }, "delete": { "tags": [ "KBA" ], "summary": "Delete the knowledge-based authenticator", "description": "Delete the knowledge-based authenticator for the specified user. Caller requires the USERQUESTIONS:REMOVE permission.", "operationId": "deleteUserKbaUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose KBA information is to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERQUESTIONS:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/userquestions/{id}": { "delete": { "tags": [ "KBA" ], "summary": "Delete a question from the knowledge-based authenticator", "description": "Delete a specified question from the knowledge-based authenticator of the specified user. Caller requires the USERQUESTIONS:REMOVE permission.", "operationId": "deleteUserKbaQuestionUsingDELETE", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user from which a specific KBA question is to be deleted.", "required": true, "schema": { "type": "string" } }, { "name": "id", "in": "path", "description": "The UUID of the question to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERQUESTIONS:REMOVE" ] } ] } }, "/api/web/v1/users/{userid}/userrbasettings": { "get": { "tags": [ "User RBA Settings" ], "summary": "Get user risk-based authentication settings", "description": "Get the user risk-based authentication settings for the specified user. Caller requires the USERRBASETTINGS:VIEW permission.", "operationId": "getUserRbaSettingsUsingGET", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose RBA settings will be retrieved.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserRbaSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERRBASETTINGS:VIEW" ] } ] }, "put": { "tags": [ "User RBA Settings" ], "summary": "Update user risk-based authentication settings", "description": "Update the user risk-based authentication settings for the specified user. Caller requires the USERRBASETTINGS:EDIT permission.", "operationId": "updateUserRbaSettingsUsingPUT", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user whose RBA settings will be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserRbaSettings" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERRBASETTINGS:EDIT" ] } ] } }, "/api/web/v1/webhooks": { "get": { "tags": [ "Webhooks" ], "summary": "List webhooks", "description": "Return a list of webhooks. Caller is required to have WEBHOOKS:VIEW permission.", "operationId": "getWebhooksUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Webhook" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "WEBHOOKS:VIEW" ] } ] }, "post": { "tags": [ "Webhooks" ], "summary": "Register a webhook", "description": "Register a webhook with callback URL, webhook events etc. Caller is required to have WEBHOOKS:ADD permission.", "operationId": "createWebhookUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "WEBHOOKS:ADD" ] } ] } }, "/api/web/v1/webhooks/test/{id}": { "post": { "tags": [ "Webhooks" ], "summary": "Test a webhook", "description": "Sends a dummy payload to the registered webhook callback URL. Use this to ensure your API is ready to start accepting webhook notifications. Caller is required to have WEBHOOKS:EDIT permission.", "operationId": "testWebhookUsingPOST", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the webhook to test.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "WEBHOOKS:EDIT" ] } ] } }, "/api/web/v1/webhooks/{id}": { "get": { "tags": [ "Webhooks" ], "summary": "Get a webhook by id", "description": "Get the specified webhook. Caller is required to have WEBHOOKS:VIEW permission.", "operationId": "readWebhookUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the webhook.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "WEBHOOKS:VIEW" ] } ] }, "put": { "tags": [ "Webhooks" ], "summary": "Update a webhook", "description": "Update a webhook with callback URL, webhook events etc. Caller is required to have WEBHOOKS:EDIT permission.", "operationId": "updateWebhookUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the webhook to be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "WEBHOOKS:EDIT" ] } ] }, "delete": { "tags": [ "Webhooks" ], "summary": "Delete a webhook", "description": "Delete a registered webhook by ID. Caller is required to have WEBHOOKS:REMOVE permission.", "operationId": "deleteWebhookUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the webhook to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "WEBHOOKS:REMOVE" ] } ] } }, "/api/web/v2/authenticationflows": { "get": { "tags": [ "Resource Rules" ], "summary": "Get all authentication flows", "description": "Get all authentication flows. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "getAuthenticationFlowsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/AuthenticationFlow" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] }, "post": { "tags": [ "Resource Rules" ], "summary": "Create an authentication flow", "description": "Create an authentication flow. Caller requires the CONTEXTRULES:ADD permission.", "operationId": "createAuthenticationFlowUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthenticationFlowParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthenticationFlow" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:ADD" ] } ] } }, "/api/web/v2/authenticationflows/{id}": { "get": { "tags": [ "Resource Rules" ], "summary": "Get an authentication flow", "description": "Get the specified authentication flow. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "getAuthenticationFlowUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the authentication flow to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthenticationFlow" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] }, "put": { "tags": [ "Resource Rules" ], "summary": "Update an authentication flow", "description": "Update the specified authentication flow. Caller requires the CONTEXTRULES:EDIT permission.", "operationId": "updateAuthenticationFlowUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the authentication flow to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthenticationFlowParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthenticationFlow" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:EDIT" ] } ] }, "delete": { "tags": [ "Resource Rules" ], "summary": "Delete an authentication flow", "description": "Delete the specified authentication flow. Caller requires the CONTEXTRULES:REMOVE permission.", "operationId": "removeAuthenticationFlowUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the authentication flow to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeleteAuthenticationFlowResult" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:REMOVE" ] } ] } }, "/api/web/v2/grids/sernum/{sernum}": { "get": { "tags": [ "Grids" ], "summary": "Get a grid by serial number", "description": "Get the grid for the specified serial number. Caller requires the GRIDS:VIEW permission.", "operationId": "getGridBySerialNumberUsingGET", "parameters": [ { "name": "sernum", "in": "path", "description": "The serial number of the grid to be retrieved.", "required": true, "schema": { "type": "integer", "format": "int64" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Grid" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:VIEW" ] } ] } }, "/api/web/v2/grids/{gridid}": { "get": { "tags": [ "Grids" ], "summary": "Get a grid", "description": "Get the specified grid. Caller requires the GRIDS:VIEW permission.", "operationId": "getGridUsingGET", "parameters": [ { "name": "gridid", "in": "path", "description": "The UUID of the grid to be retrieved.", "required": true, "schema": { "type": "string" }, "example": "6c5ad3b4-888c-4d3b-88f2-8ab71ae4f917" } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Grid" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:VIEW" ] } ] }, "put": { "tags": [ "Grids" ], "summary": "Modify unassigned grid", "description": "Modify the specified unassigned grid. Caller requires the GRIDS:EDIT permission.", "operationId": "modifyUnassignedGridUsingPUT", "parameters": [ { "name": "gridid", "in": "path", "description": "The UUID of the grid to be modified.", "required": true, "schema": { "type": "string" }, "example": "6c5ad3b4-888c-4d3b-88f2-8ab71ae4f917" } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:EDIT" ] } ] }, "delete": { "tags": [ "Grids" ], "summary": "Delete a grid", "description": "Delete the specified grid. Caller requires the GRIDS:REMOVE permission.", "operationId": "deleteGridUsingDELETE", "parameters": [ { "name": "gridid", "in": "path", "description": "The UUID of the grid to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:REMOVE" ] } ] } }, "/api/web/v2/grids/{gridid}/changestate": { "put": { "tags": [ "Grids" ], "summary": "Change state of grid", "description": "Change the state of the specified grid. Caller requires the GRIDS:EDIT permission.", "operationId": "changeGridStateUsingPUT", "parameters": [ { "name": "gridid", "in": "path", "description": "The UUID of the grid whose state is to be changed.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridChangeStateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:EDIT" ] } ] } }, "/api/web/v2/gridspaged/assigned": { "post": { "tags": [ "Grids" ], "summary": "Lists a page of assigned grids", "description": "Returns assigned grids for the provided search parameters. Caller requires the GRIDS:VIEW permission. The following searchByAttributes are supported:
  • serialNumber: a numeric value. Allowed operators are: EQUALS, GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • state: ACTIVE, INACTIVE, PENDING, CANCELED. Allowed operator: EQUALS.
  • expired: 'true' is the only value allowed. Allowed operator: EQUALS.
  • createDate: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • expiryDate: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • lastUsedDate: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • userId: a String value. Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • groupId: a String value should be a UUID of an existing group. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.

The orderByAttribute supports these attribute names: serialNumber, state, createDate, expiryDate, lastUsedDate, userId.
The results will only include grids that contain data in the orderByAttribute selected.", "operationId": "assignedGridsPageUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridsPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:VIEW" ] } ] } }, "/api/web/v2/reports/auditeventspaged": { "post": { "tags": [ "Reports" ], "summary": "Lists a page of audit events", "description": "Returns audit events for the provided search parameters. Caller requires the REPORTS:VIEW permission.The following searchByAttributes are supported:
  • eventTime: a mandatory String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • outcome: SUCCESS or FAIL. Allowed operator: EQUALS.
  • category: AUTHENTICATION or MANAGEMENT. Allowed operator: EQUALS.
  • entityName: a String up to 100 characters. Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • entityType: a String up to 40 characters (e.g., USERS, GROUPS, QUESTIONS, REPORTS, ROLES). Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • entityAction: a String up to 100 characters (e.g., ADD, EDIT, REMOVE, ASSIGN, RESET). Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • resourceName: a String up to 100 characters. Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • sourceIp: a String up to 39 characters. Allowed operators: EQUALS, STARTS_WITH.
  • subjectName: a String up to 100 characters (e.g., jsmith). Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • eventType: a String up to 100 characters (e.g., AuthenticationDeniedEvent). Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • subject: Restrict events to the UUID of a specific subject. Allowed operator: EQUALS.
  • authenticator: Filter by authenticator type (e.g., PASSWORD, OTP, TOKEN, FIDO, SMARTCREDENTIALPUSH, TOKENPUSH, IDP, PASSKEY, etc.). Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.

The orderByAttribute supports these attribute names: eventTime, outcome, category, entityName, entityType, entityAction, resourceName, sourceIp, subjectName.
The results will only include audit events with data in the orderByAttribute selected. If ordering by entityName, entityType, or entityAction, then AUTHENTICATION events will not be returned.", "operationId": "auditEventPageUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuditEventPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "REPORTS:VIEW" ] } ] } }, "/api/web/v2/reports/auditeventspaged/siem": { "post": { "tags": [ "Reports" ], "summary": "Lists a page of audit events (SIEM)", "description": "Returns audit events for the provided search parameters in ascending order always. Caller requires the REPORTS:VIEW permission.The following searchByAttributes are supported:
  • startTime: a mandatory String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN_OR_EQUAL.
  • endTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-31T18:15:30). Allowed operators are: LESS_THAN_OR_EQUAL.
  • outcome: SUCCESS or FAIL. Allowed operator: EQUALS.
  • category: AUTHENTICATION or MANAGEMENT. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.

The orderByAttribute is not used even if provided. Results are returned in ascending order always (oldest to newest event)", "operationId": "siemAuditEventPageUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuditEventPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "REPORTS:VIEW" ] } ] } }, "/api/web/v2/resourcerules": { "get": { "tags": [ "Resource Rules" ], "summary": "Get all resource rules", "description": "Get all resource rules. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "getResourceRulesUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ResourceRule" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] }, "post": { "tags": [ "Resource Rules" ], "summary": "Create a resource rule", "description": "Create a resource rule for a specified resource. Caller requires the CONTEXTRULES:ADD permission.", "operationId": "createResourceRuleUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResourceRuleParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResourceRule" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:ADD" ] } ] } }, "/api/web/v2/resourcerules/resource/{id}": { "get": { "tags": [ "Resource Rules" ], "summary": "Get all resource rules for a resource", "description": "Get all resource rules for the specified resource. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "getResourceRulesForResourceUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the resource whose resource rules are to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ResourceRule" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] } }, "/api/web/v2/resourcerules/{id}": { "get": { "tags": [ "Resource Rules" ], "summary": "Get a resource rule", "description": "Get the specified resource rule. Caller requires the CONTEXTRULES:VIEW permission.", "operationId": "getResourceRuleUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the resource rule to be returned.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResourceRule" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:VIEW" ] } ] }, "put": { "tags": [ "Resource Rules" ], "summary": "Update a resource rule", "description": "Update the specified resource rule. Caller requires the CONTEXTRULES:EDIT permission.", "operationId": "updateResourceRuleUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the resource rule to be modified.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResourceRuleParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:EDIT" ] } ] }, "delete": { "tags": [ "Resource Rules" ], "summary": "Delete a resource rule", "description": "Delete the specified resource rule. Caller requires the CONTEXTRULES:REMOVE permission.", "operationId": "removeResourceRuleUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the resource rule to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "CONTEXTRULES:REMOVE" ] } ] } }, "/api/web/v2/users/{userid}/face": { "post": { "tags": [ "Face" ], "summary": "Create a Face Biometric for a user", "description": "Create a Face Biometric authenticator for the specified user. Caller requires the FACE:ADD permission.
\nThe Face Biometric can be created using either the web flow or the mobile flow.
\nIf using the web flow, the Face Biometric can optionally use the Onfido applicantId and workflowRunId to link the Face Biometric\nto the correct Onfido applicant and workflow run.
\nIf using the mobile flow, setting deliverActivationEmail to true will send an activation email to the user with instructions to\ndownload the mobile app and complete activation.
\nSetting returnQRCode to true will include a QR code in the response that can be scanned by the user to start the activation process.
\nIf using the IDaaS stored biometric web flow, the encryptedBiometricToken parameter is required and must include both the\nencrypted biometric token and the customer user ID used to create the token in Onfido.\n", "operationId": "createFaceAuthenticatorUsingPOST", "parameters": [ { "name": "userid", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FaceCreateParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FaceCreateResponse" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "FACE:ADD" ] } ] } }, "/api/web/v2/users/{userid}/grids": { "post": { "tags": [ "Grids" ], "summary": "Create a grid", "description": "Create a grid for the specified user. Caller requires the GRIDS:ADD permission.", "operationId": "createGridUsingPOST", "parameters": [ { "name": "userid", "in": "path", "description": "The UUID of the user for which a grid will be created.", "required": true, "schema": { "type": "string" }, "example": "2c422a2f-e8ae-4af8-8b03-e1ce0ddde0b0" } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GridCreateParms" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Grid" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "GRIDS:ADD" ] } ] } }, "/api/web/v3/settings/otp": { "get": { "tags": [ "Settings" ], "summary": "Get OTP authenticator settings", "description": "Get OTP authenticator settings. Caller requires the SETTINGS:VIEW permission.", "operationId": "getOTPAuthenticatorSettingsUsingGET", "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OTPAuthenticatorSettings" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:VIEW" ] } ] }, "put": { "tags": [ "Settings" ], "summary": "Update OTP authenticator settings", "description": "Update OTP authenticator settings. Caller requires the SETTINGS:EDIT permission.", "operationId": "updateOTPAuthenticatorSettingsUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OTPAuthenticatorSettings" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SETTINGS:EDIT" ] } ] } }, "/api/web/v3/users": { "post": { "tags": [ "Users" ], "summary": "Create a user", "description": "Create a user. Caller requires the USERS:ADD permission.", "operationId": "createUserUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:ADD" ] } ] } }, "/api/web/v3/users/externalid": { "post": { "tags": [ "Users" ], "summary": "Get a user by externalId", "description": "Get the user with the specified externalId.\nCaller requires the USERS:VIEW permission.", "operationId": "userByExternalIdUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserGetParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:VIEW" ] } ] } }, "/api/web/v3/users/multiple": { "put": { "tags": [ "Users" ], "summary": "Update multiple users", "description": "Update multiple users. Caller requires the USERS:EDIT permission.", "operationId": "updateUsersUsingPUT", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateUsersParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/UpdateUserResult" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] }, "post": { "tags": [ "Users" ], "summary": "Create multiple users", "description": "Create multiple users. Caller requires the USERS:ADD permission.", "operationId": "createUsersUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateUsersParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/CreateUserResult" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:ADD" ] } ] }, "delete": { "tags": [ "Users" ], "summary": "Delete multiple users", "description": "Delete multiple users. Caller requires the USERS:REMOVE permission.", "operationId": "deleteUsersUsingDELETE", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeleteUsersParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DeleteUserResult" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:REMOVE" ] } ] } }, "/api/web/v3/users/userid": { "post": { "tags": [ "Users" ], "summary": "Get a user by userid or user alias", "description": "Get the specified user by userid or user alias.\nCaller requires the USERS:VIEW permission.", "operationId": "userByUseridUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserGetParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:VIEW" ] } ] } }, "/api/web/v3/users/{id}": { "get": { "tags": [ "Users" ], "summary": "Get a user by UUID", "description": "Get the specified user by UUID.\nCaller requires the USERS:VIEW permission.", "operationId": "userUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:VIEW" ] } ] }, "put": { "tags": [ "Users" ], "summary": "Update a user", "description": "Update the specified user. Caller requires the USERS:EDIT permission.", "operationId": "updateUserUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user to be updated.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:EDIT" ] } ] }, "delete": { "tags": [ "Users" ], "summary": "Delete a user", "description": "Delete the specified user. Caller requires the USERS:REMOVE permission.", "operationId": "deleteUserUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the user to be deleted.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:REMOVE" ] } ] } }, "/api/web/v4/async/tenants/{id}/createresult": { "get": { "tags": [ "Tenants" ], "summary": "Get the result of an asynchronous tenant creation operation", "description": "Get the result of a tenant creation operation for a service provider. The results for a given operation can only be retrieved once. Caller requires the TENANTS:ADD permission from a service provider role.", "operationId": "getCreateTenantAsyncResultUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the create tenant operation whose results are to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateTenantResult" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:ADD" ] } ] } }, "/api/web/v4/async/tenants/{id}/createstatus": { "get": { "tags": [ "Tenants" ], "summary": "Get the status of an asynchronous tenant creation operation", "description": "Get the status of a tenant creation operation for a service provider. Caller requires the TENANTS:VIEW permission from a service provider role.", "operationId": "getCreateTenantAsyncStatusUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the create tenant operation whose status is be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateTenantAsyncStatus" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:VIEW" ] } ] } }, "/api/web/v4/tenants": { "post": { "tags": [ "Tenants" ], "summary": "Create a tenant", "description": "Create a new tenant for a service provider. Caller requires the TENANTS:ADD permission from a service provider role.
Notes on CreateTenantParms attributes:
adminUser (UserParms):
  • The locale attribute is ignored if provided. It defaults to English for the first super administrator.
  • The status attributes is ignored if provided. It defaults to ACTIVE for the first super administrator.
  • The userId is required.
adminApiApplication (AdminApiApplicationParms):
  • The spRoleId attribute is not supported. An error is returned if provided.
entitlements (EntitlementParms):
  • The contractMode attribute is required. It must be either TRIAL or PRODUCTION.
  • The quantity attribute is required.
  • entitlements.issuance (EntitlementParms.IssuanceParms):
  • The entitlements.issuance attribute is required if you are creating an Issuance tenant.
  • The serviceBundles attribute is required. One service bundle (of those supported by the service provider contract) must be defined.
", "operationId": "createTenantUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateTenantParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateTenantResult" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "deprecated": true, "security": [ { "AdminAPIAuthentication": [ "TENANTS:ADD" ] } ] } }, "/api/web/v4/tenants/entitlements/usage": { "post": { "tags": [ "Tenants" ], "summary": "Lists a page of entitlement usage information", "description": "Returns tenant usage information for the provided search parameters. Caller requires the TENANTS:VIEW permission. The following searchByAttributes are supported:
  • startTime: a mandatory String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • endTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
  • tenantId: The UUID of the tenant. Allowed operators are: EQUALS.
  • isTrial: true or false. Allowed operator: EQUALS.
  • usageType: the type of entitlement: USERS, ISSUANCE. Allowed operator: EQUALS.
The orderByAttribute supports these attribute names: startTime.", "operationId": "getEntitlementUsageInfoUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UsageInfoPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:VIEW" ] } ] } }, "/api/web/v4/tenants/{id}": { "get": { "tags": [ "Tenants" ], "summary": "Get a tenant", "description": "Get the specified tenant for a service provider. Caller requires the TENANTS:VIEW permission from a service provider role.", "operationId": "getTenantUsingGET", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the tenant to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Tenant" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:VIEW" ] } ] }, "delete": { "tags": [ "Tenants" ], "summary": "Delete a tenant", "description": "Delete the specified tenant for a service provider. Caller requires the TENANTS:REMOVE permission from a service provider role.", "operationId": "removeTenantUsingDELETE", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the tenant to be removed.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:REMOVE" ] } ] } }, "/api/web/v4/tenants/{id}/lock": { "put": { "tags": [ "Tenants" ], "summary": "Lock a tenant", "description": "Lock the specified tenant for a service provider. Caller requires the TENANTS:EDIT permission from a service provider role.", "operationId": "lockTenantUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the tenant to be locked.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:EDIT" ] } ] } }, "/api/web/v4/tenants/{id}/unlock": { "put": { "tags": [ "Tenants" ], "summary": "Unlock a tenant", "description": "Unlock the specified tenant for a service provider. Caller requires the TENANTS:EDIT permission from a service provider role.", "operationId": "unlockTenantUsingPUT", "parameters": [ { "name": "id", "in": "path", "description": "The UUID of the tenant to be unlocked.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:EDIT" ] } ] } }, "/api/web/v4/tenants/{tenantid}/entitlements": { "get": { "tags": [ "Tenants" ], "summary": "Get entitlements for tenant", "description": "Get all entitlements for the specified tenant of the current service provider. Caller requires the SPENTITLEMENTS:VIEW permission from a service provider role.", "operationId": "getTenantEntitlementsUsingGET", "parameters": [ { "name": "tenantid", "in": "path", "description": "The UUID of the tenant whose entitlements are to be fetched.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Entitlement" } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SPENTITLEMENTS:VIEW" ] } ] }, "put": { "tags": [ "Tenants" ], "summary": "Set an entitlement", "description": "Set the entitlement for the specified tenant. Caller requires the SPENTITLEMENTS:EDIT permission from a service provider role.", "operationId": "setTenantEntitlementUsingPUT", "parameters": [ { "name": "tenantid", "in": "path", "description": "The UUID of the tenant whose entitlement is to be set.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EntitlementParms" } } }, "required": true }, "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SPENTITLEMENTS:EDIT" ] } ] } }, "/api/web/v4/tenants/{tenantid}/entitlements/{type}": { "get": { "tags": [ "Tenants" ], "summary": "Get an entitlement", "description": "Get the specified entitlement for a tenant. Caller requires the SPENTITLEMENTS:VIEW permission from a service provider role.", "operationId": "getTenantEntitlementUsingGET", "parameters": [ { "name": "tenantid", "in": "path", "description": "The UUID of the tenant whose entitlement is to be fetched.", "required": true, "schema": { "type": "string" } }, { "name": "type", "in": "path", "description": "The type of entitlement (only USERS is supported).", "required": true, "schema": { "type": "string", "enum": [ "USERS", "TRANSACTIONS" ] } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Entitlement" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SPENTITLEMENTS:VIEW" ] } ] }, "delete": { "tags": [ "Tenants" ], "summary": "Delete an entitlement", "description": "Delete the entitlement for the specified tenant. Caller requires the SPENTITLEMENTS:REMOVE permission from a service provider role.", "operationId": "deleteTenantEntitlementUsingDELETE", "parameters": [ { "name": "tenantid", "in": "path", "description": "The UUID of the tenant whose entitlement is to be deleted.", "required": true, "schema": { "type": "string" } }, { "name": "type", "in": "path", "description": "The type of entitlement. Allowed values: SMSVOICE.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "SPENTITLEMENTS:REMOVE" ] } ] } }, "/api/web/v4/tenantspaged": { "post": { "tags": [ "Tenants" ], "summary": "Lists a page of tenants", "description": "Returns tenants for the provided search parameters. Caller requires the TENANTS:VIEW permission. The following searchByAttributes are supported:
  • hostname: a String up to 100 characters. Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • companyName: a String up to 100 characters. Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • contractMode: PRODUCTION, TRIAL, UNKNOWN. Allowed operator: EQUALS.
  • locked: true or false. Allowed operator: EQUALS.
  • serviceProvider: true or false. Allowed operator: EQUALS.
  • authenticationAccount: true or false. Allowed operator: EQUALS.
  • issuanceAccount: true or false. Allowed operator: EQUALS.
  • spIdp: true or false. Allowed operator: EQUALS.
The orderByAttribute supports these attribute names: hostname, companyName, contractMode, locked, serviceProvider, authenticationAccount, issuanceAccount, spIdp.", "operationId": "getTenantsPageUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TenantsPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:VIEW" ] } ] } }, "/api/web/v4/userspaged": { "post": { "tags": [ "Users" ], "summary": "Lists a page of users", "description": "Returns users for the provided search parameters. Caller requires the USERS:VIEW permission. The following searchByAttributes are supported:
  • userId: a String value (it matches both the User ID or any alias). Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
  • groupId: a String value should be a UUID of an existing group. Allowed operator: EQUALS.
  • roleId: a String value should be a UUID of an existing role. Allowed operator: EQUALS.
  • authenticator: a String with value ENTRUST_SOFT_TOKEN or FIDO or GOOGLE_AUTHENTICATOR or GRID or HARDWARE_TOKEN or KBA or OTP or PASSWORD or SMARTCREDENTIALPUSH or TEMP_ACCESS_CODE or FACE or MAGICLINK. Allowed operator: EQUALS, NOT_EQUALS.
  • state: ACTIVE or INACTIVE. Allowed operator: EQUALS.
  • locked: 'true' is the only value allowed. Allowed operator: EQUALS.
  • userType: a String with value LOCAL or SYNC or EXTERNAL. Allowed operator: EQUALS.
  • registrationRequired: true or false. Allowed operator: EQUALS.
  • verificationRequired: true or false. Allowed operator: EQUALS.
  • lastAuthTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL, EXISTS, NOT_EXISTS.
  • passwordExpirationTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL, EXISTS, NOT_EXISTS.
  • organizationId: a String value should be a UUID of an existing organization. Allowed operator: EQUALS.
  • passwordCompromised: true or false. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.

The orderByAttribute supports these attribute names: userId, state, lastAuthTime.

The following attributes can be optionally included in the returned User object: grids, tokens, smartCredentials, tempAccessCode, fidoTokens, userAttributeValues, userAliases, groups, oauthRoles, authenticatorLockoutStatus, organizations", "operationId": "usersPagedUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UsersPage" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "USERS:VIEW" ] } ] } }, "/api/web/v5/async/tenants": { "post": { "tags": [ "Tenants" ], "summary": "Create a tenant asynchronously", "description": "

Create a new tenant for a service provider. Caller requires the TENANTS:ADD permission from a service provider role.

Notes on CreateTenantParms attributes:

adminUser (UserParms):
  • The locale attribute is ignored if provided. It defaults to English for the first super administrator.
  • The status attributes is ignored if provided. It defaults to ACTIVE for the first super administrator.
  • The userId is required.
adminApiApplication (AdminApiApplicationParms):
  • The spRoleId attribute is not supported. An error is returned if provided.
entitlements (EntitlementParms):
  • The contractMode attribute is required. It must be either TRIAL or PRODUCTION.
  • The quantity attribute is required.
  • entitlements.issuance (EntitlementParms.IssuanceParms):
  • The entitlements.issuance attribute is required if you are creating an Issuance tenant.
  • The serviceBundles attribute is required. One service bundle (of those supported by the service provider contract) must be defined.
", "operationId": "createTenantAsyncUsingPOST", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateTenantParms" } } }, "required": true }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateTenantAsyncStatus" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "401": { "description": "Access denied", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } }, "409": { "description": "Conflict", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorInfo" } } } } }, "security": [ { "AdminAPIAuthentication": [ "TENANTS:ADD" ] } ] } } }, "components": { "schemas": { "AccountAuditEvent": { "required": [ "eventTime" ], "type": "object", "properties": { "accountId": { "type": "string", "description": "The UUID of the account containing this audit event." }, "auditDetails": { "$ref": "#/components/schemas/AuditDetails" }, "entityAction": { "type": "string", "description": "For a management event, the action that was performed." }, "entityId": { "type": "string", "description": "For a management event, the UUID of the entity that was acted upon." }, "entityName": { "type": "string", "description": "For a management event, the name of the entity that was acted upon." }, "entityType": { "type": "string", "description": "For a management event, the entity type that was acted upon." }, "eventCategory": { "type": "string", "description": "The category of the event. Values are AUTHENTICATION or MANAGEMENT.", "enum": [ "AUTHENTICATION", "MANAGEMENT", "ISSUANCE" ] }, "eventOutcome": { "type": "string", "description": "The outcome of the event. Values are success or fail.", "enum": [ "SUCCESS", "FAIL" ] }, "eventTime": { "type": "string", "description": "The time of this event.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "eventType": { "type": "string", "description": "The type of the event." }, "eventVersion": { "type": "string", "description": "Version information for future use." }, "id": { "type": "string", "description": "The UUID of this audit event." }, "message": { "type": "string", "description": "A message key describing the event." }, "requiredPermission": { "type": "string", "description": "The permission used for a management event." }, "resourceId": { "type": "string", "description": "The UUID of the resource associated with the event. For example the UUID of the application to which a user is authenticating." }, "resourceName": { "type": "string", "description": "The name of the resource." }, "serviceProviderAdminRoleId": { "type": "string", "description": "A UUID of the service provider role used for a management event." }, "serviceProviderAdminRoleName": { "type": "string", "description": "The name of the service provider role." }, "sourceIp": { "type": "string", "description": "The IP address of the client performing this event." }, "subject": { "type": "string", "description": "The UUID of the subject that performed this event. For administration events the subject will be the administrator or administration API application that performed the event. For authentication events the subject will be the user that performed the authentication." }, "subjectName": { "type": "string", "description": "The name of the subject that performed this event. For users the value will be the user's user Id. For administration API applications, the value will be the application's name." }, "subjectType": { "type": "string", "description": "The type of the subject that performed this event. Values are USER or ADMIN_API.", "enum": [ "USER", "ADMIN_API", "SERVICE_PROVIDER", "AGENT" ] }, "subscriberAdminRoleId": { "type": "string", "description": "The UUID of the subscriber/site management role used for a management event." }, "subscriberAdminRoleName": { "type": "string", "description": "The name of the subscriber/site management role." }, "token": { "type": "string", "description": "Information about what authenticator was used for an authentication event." } }, "description": "Information about an audit event returned when querying audit events." }, "AccountEntitlement": { "type": "object", "properties": { "smsVoice": { "$ref": "#/components/schemas/SmsVoice" }, "users": { "$ref": "#/components/schemas/UserEntitlement" } }, "description": "The active entitlements applicable to the subscriber." }, "AccountInfo": { "required": [ "companyName" ], "type": "object", "properties": { "companyCountry": { "type": "string", "description": "The ISO-3166-1 code of the country the company is located in.", "example": "CA" }, "companyName": { "type": "string", "description": "The name of the company the account belongs to.", "example": "Entrust" }, "companyState": { "type": "string", "description": "The ISO-3166-2 code for the state/province the company is located in.", "example": "ON" }, "legalAcknowledged": { "type": "boolean", "description": "Whether or not the legal agreement has been acknowledged for the account." } }, "description": "Account subscriber." }, "AccountInfoParms": { "type": "object", "properties": { "companyName": { "type": "string", "description": "The name of the company the account belongs to. The value must be between 1 and 100 characters." }, "legalAcknowledged": { "type": "boolean", "description": "Whether or not the legal agreement has been acknowledged for the account. This value can only be changed from false to true." } }, "description": "New account information." }, "Acr": { "required": [ "id" ], "type": "object", "properties": { "id": { "type": "string", "description": "The unique UUID assigned to the acr when it is created." }, "name": { "type": "string", "description": "The name of the acr." }, "readOnly": { "type": "boolean", "description": "A flag indicating if the authentication flow can be modified or deleted." }, "resourceRules": { "type": "array", "description": "List of resource rule names using the acr.", "items": { "type": "string", "description": "List of resource rule names using the acr." } } }, "description": "The acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs." }, "AcrParms": { "required": [ "name" ], "type": "object", "properties": { "name": { "type": "string", "description": "The name of the acr." } }, "description": "Parameters defining the new acr." }, "ActivateCompleteParms": { "type": "object", "properties": { "registrationCode": { "type": "string", "description": "The registration code displayed by the Mobile ST application needed to complete activation of the token." } }, "description": "Parameters for the activation completion including the registration code." }, "ActivateParms": { "type": "object", "properties": { "deliverActivationEmail": { "type": "boolean", "description": "A flag indicating if Identity as a Service should send an activation email including the activation information to the end user. If not specified, this attribute defaults to false." }, "returnQRCode": { "type": "boolean", "description": "A flag indicating if the QR code for offline activation is returned. The link encoded in the QR code is always returned for clients that want to encode their own QR code. If not specified, this attribute defaults to false." }, "secret": { "type": "string", "description": "The Base32-encoded secret of the token. If provided, IDaaS will use this value as the token seed and activate the token. This value is only supported for Google Authenticator. Value must contain at least 10 bytes and must not exceed 64 bytes." }, "type": { "type": "array", "description": "The list of activation types that will be performed. Allowed values are: CLASSIC (return activation values that must be manually entered into the mobile application), ONLINE (return a link that when clicked will launch the mobile application) and OFFLINE (return a QR code that can be scanned by the mobile application). If no values are specified in the list, then all activation types are performed.", "items": { "type": "string", "description": "The list of activation types that will be performed. Allowed values are: CLASSIC (return activation values that must be manually entered into the mobile application), ONLINE (return a link that when clicked will launch the mobile application) and OFFLINE (return a QR code that can be scanned by the mobile application). If no values are specified in the list, then all activation types are performed.", "enum": [ "CLASSIC", "ONLINE", "OFFLINE" ] } } }, "description": "Optional parameters specifying how the token is to be activated. If not specified, all activation types are used, the QR code is returned and the activation email is sent." }, "ActivateResult": { "type": "object", "properties": { "activationAddress": { "type": "string", "description": "The activation address for the token. This value should be entered into the Mobile ST application if you want to perform manual activaiton." }, "activationCode": { "type": "string", "description": "The activation code for the token. This value should be entered into the Mobile ST application if you want to perform manual activation" }, "activationOnlineHttpURL": { "type": "string", "description": "The HTTP activation URL. Clicking on this URL on your mobile device will redirect you to the Mobile ST application to perform activation." }, "activationOnlineURL": { "type": "string", "description": "The application specific activation URL. Clicking on this URL on your mobile device will launch the Mobile ST application to perform activation." }, "activationPassword": { "type": "string", "description": "If the Mobile ST prompts you to enter an activation password during activation, this attribute is the password you must enter." }, "activationQRCode": { "type": "string", "description": "The base-64 encoded activation QR code. This QR code can be scanned by the Mobile ST application to perform activation." }, "activationURL": { "type": "string", "description": "The URL encoded in the activation QR code." }, "serialNumber": { "type": "string", "description": "The serial number of the token." } }, "description": "The result of a token activate operation." }, "ActivateSmartCredentialParms": { "type": "object", "properties": { "additionalUserInfo": { "type": "object", "additionalProperties": { "type": "string", "description": "A map which consists of additional attributes and values to be used for smart credential encoding. Currently the only value that is supported is the value with name \"photo\" where the value is a Base-64 encoded JPEG or PNG image or a data URL of the form \"data:image/;base64,<data>\" where is jpeg or png and <data> is a Base-64 encoded JPEG or PNG image." }, "description": "A map which consists of additional attributes and values to be used for smart credential encoding. Currently the only value that is supported is the value with name \"photo\" where the value is a Base-64 encoded JPEG or PNG image or a data URL of the form \"data:image/;base64,<data>\" where is jpeg or png and <data> is a Base-64 encoded JPEG or PNG image." }, "deliverActivationEmail": { "type": "boolean", "description": "A flag indicating if the activation email should be delivered to the user. If not set, it defaults to false." }, "mobile": { "type": "boolean", "description": "A flag indicating if the target is mobile smart credential." }, "requirePassword": { "type": "array", "description": "A list of which activation types (LINK or QRCODE) should use a random password to encrypt the activation information. If the list is null or empty, QRCODE activation will require a password and LINK will not.", "items": { "type": "string", "description": "A list of which activation types (LINK or QRCODE) should use a random password to encrypt the activation information. If the list is null or empty, QRCODE activation will require a password and LINK will not.", "enum": [ "LINK", "QRCODE" ] } }, "type": { "type": "array", "description": "A list of activation types (LINK or QRCODE) to perform. If the list is null or empty, all activation types are performed", "items": { "type": "string", "description": "A list of activation types (LINK or QRCODE) to perform. If the list is null or empty, all activation types are performed", "enum": [ "LINK", "QRCODE" ] } } }, "description": "Parameters for the smart credential activation." }, "ActivateSmartCredentialResult": { "type": "object", "properties": { "activationPassword": { "type": "string", "description": "If either the QR Code URL or the Link URL were password protected, the password needed to unprotect them." }, "linkHttpURL": { "type": "string", "description": "The HTTP version of the link activation URL" }, "linkURL": { "type": "string", "description": "The link activation URL" }, "qrCode": { "type": "string", "description": "Base-64 encoded activation QR Code" }, "qrCodeURL": { "type": "string", "description": "The activation URL encoded into the QR Code" } }, "description": "Information returned from the activate smart credential operation." }, "AdditionalFeature": { "type": "object", "properties": { "enhancedGeoLocation": { "type": "boolean", "description": "Enhanced geo location additional feature.", "example": true } }, "description": "Additional feature" }, "AdminApiApplication": { "required": [ "applicationTemplate", "name" ], "type": "object", "properties": { "allowLongLivedToken": { "type": "boolean", "description": "Determines if the application can use a long-lived token for authentication.", "example": true }, "applicationTemplate": { "type": "string", "description": "The name of the application template specific to this application type.", "example": "Administration API" }, "applicationTemplateId": { "type": "string", "description": "Application template id specific to this application type.", "example": "00dc1d40-b512-4159-bccc-e8c1b4524515" }, "description": { "type": "string", "description": "Short description of application.", "example": "application for testing" }, "id": { "type": "string", "description": "Application ID.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "ipListId": { "type": "string", "description": "The UUID of the IP Addresses list.", "example": "828c4359-b367-4ac9-b164-eebc18664027" }, "lastAuthnDate": { "type": "string", "description": "Last successful authentication time to use administration api", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "logo": { "type": "string", "description": "Base64 encoded logo image." }, "name": { "type": "string", "description": "Name of application. ", "example": "adminApiApplication" }, "roleId": { "type": "string", "description": "The UUID of the Site role to be associated with the API application. Pass an empty string value to unset the site role.", "example": "53df23b1-5f57-sdc5-tr23-asd345ip6789" }, "sharedSecret": { "type": "string", "description": "Shared secret for application." }, "spRoleId": { "type": "string", "description": "The UUID of the service provider role to be associated with the API application. Pass an empty string to unset the service provider role.", "example": "53df23b1-5f57-sdc5-tr23-asd345ip6788" } }, "description": "Information returned when an Admin API application is fetched from Identity as a Service." }, "AdminApiApplicationParms": { "required": [ "name" ], "type": "object", "properties": { "allowLongLivedToken": { "type": "boolean", "description": "Determines if a long-lived token is allowed in this application.", "example": true }, "applicationTemplateId": { "type": "string", "description": "The UUID of the application template. This value is only used when creating a new application. If not specified, the default admininstration API template is used.", "example": "53df23b1-5f57-sdc5-tr23-asd345ip6789" }, "description": { "type": "string", "description": "Short description of application.", "example": "application for testing" }, "ipListId": { "type": "string", "description": "The UUID of the IP Addresses list.", "example": "828c4359-b367-4ac9-b164-eebc18664027" }, "logo": { "type": "string", "description": "Base64 encoded logo image." }, "name": { "type": "string", "description": "Name of application. ", "example": "adminApiApplication" }, "roleId": { "type": "string", "description": "The UUID of the Site role to be associated with the API application. Pass an empty string value to unset the site role. Either this value or spRoleId is required when creating the application.", "example": "53df23b1-5f57-sdc5-tr23-asd345ip6789" }, "spRoleId": { "type": "string", "description": "The UUID of the service provider role to be associated with the API application. Pass an empty string to unset the service provider role. Either this value or roleId is required when creating the application.", "example": "53df23b1-5f57-sdc5-tr23-asd345ip6788" } }, "description": "Parameters for the new application." }, "AdminApiAuthentication": { "required": [ "applicationId", "sharedSecret" ], "type": "object", "properties": { "applicationId": { "type": "string", "description": "Administration API application id", "example": "d3737e0f-4d8e-431c-b1d8-cd17ad4d633d" }, "enableWebSession": { "type": "boolean", "description": "If set to true, a session cookie named INTELLITRUST_SESSION_ID is returned with the authentication response. This cookie must be returned with all subsequent requests.", "example": true }, "sharedSecret": { "type": "string", "description": "Shared Secret", "example": "randomSharedSecret" } }, "description": "Parameters passed to authenticate to an Admin API application." }, "AdminApiAuthenticationResult": { "type": "object", "properties": { "authToken": { "type": "string", "description": "Authorization token returned after a successful authentication." }, "creationTime": { "type": "string", "description": "Creation time of the authentication token.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "expirationTime": { "type": "string", "description": "Expiry time of the authentication token.", "format": "date-time", "example": "2019-02-19T14:15:27Z" } } }, "ApplicationInfo": { "type": "object", "properties": { "applicationTemplate": { "type": "string", "description": "The template the application was created from." }, "applicationTemplateId": { "type": "string", "description": "The UUID of the template the application was created from." }, "authenticationMethod": { "type": "string", "description": "The application authentication method." }, "id": { "type": "string", "description": "The UUID of the application." }, "name": { "type": "string", "description": "The name of the application." } } }, "ApplicationResourceRule": { "required": [ "resourceRules" ], "type": "object", "properties": { "id": { "type": "string", "description": "The UUID of the application." }, "name": { "type": "string", "description": "The name of the application." }, "resourceRules": { "type": "array", "description": "List of resource rules associated to this application.", "items": { "$ref": "#/components/schemas/ResourceRuleNameId" } } }, "description": "An ApplicationResourceRule defines the resource rules used by an application." }, "ApplicationTemplate": { "required": [ "authenticationMethod", "id", "name" ], "type": "object", "properties": { "authenticationMethod": { "type": "string", "description": "The type the application template. Possible values are SAML20, RADIUS, AAAS, IDG, OIDC, AUTHAPI, ADMINAPI, SIEMAPI." }, "description": { "type": "string", "description": "The description of application template." }, "id": { "type": "string", "description": "The UUID of the application template." }, "name": { "type": "string", "description": "The name of the application template." } }, "description": "Information returned about an Identity as a Service application template." }, "AssignParms": { "type": "object", "properties": { "response": { "type": "string", "description": "When the assign operation is not being performed by an administrator, a token response from the token being assigned must be provided." }, "serialNumber": { "type": "string", "description": "When assigning a token to a known user, this argument specifies the serial number of the token being assigned." }, "tokenType": { "type": "string", "description": "When assigning a token to a user this attribute optionally specifies the type of token to be assigned. It can be a value of OATH_PHYSICAL_TOKEN or ENTRUST_LEGACY_TOKEN. This attribute is only required if the serial number is not unique." }, "userId": { "type": "string", "description": "When assigning a known token to a user, this argument specifies the user Id or user alias of the user to which the token will be assigned." } }, "description": "Token assignment parameters including the user id or user alias of the user to which the token is to be assigned." }, "AssignedTokenParms": { "type": "object", "properties": { "label": { "type": "string", "description": "Optional label to identify an assigned token: a String up to 100 characters.", "example": "PENDING" } }, "description": "Arguments specifying the changes to the token." }, "AuditDetails": { "type": "object", "properties": { "entityAttributes": { "type": "array", "description": "A list of attributes when an entity is added or removed.", "items": { "$ref": "#/components/schemas/EntityAttribute" } }, "messageTokens": { "type": "array", "description": "List of tokens referencing event attributes that can be used in the audit message.", "items": { "type": "string", "description": "List of tokens referencing event attributes that can be used in the audit message." } }, "modifiedEntityAttributes": { "type": "array", "description": "A list of attributes when an entity is modified.", "items": { "$ref": "#/components/schemas/ModifiedEntityAttribute" } } }, "description": "Additional audit details that may be included with an audit event." }, "AuditEventPage": { "required": [ "results" ], "type": "object", "properties": { "paging": { "$ref": "#/components/schemas/Paging" }, "results": { "type": "array", "description": "A single page from the list of audit events found.", "items": { "$ref": "#/components/schemas/AccountAuditEvent" } } }, "description": "Contains paging information and audit events." }, "AuthApiApplication": { "required": [ "applicationTemplate", "name" ], "type": "object", "properties": { "allowIgnoreIpAddressForRba": { "type": "boolean", "description": "Defines whether ignore ip address for rba will be allowed or not." }, "applicationTemplate": { "type": "string", "description": "Application template specific to this application type.", "example": "Authentication API" }, "applicationTemplateId": { "type": "string", "description": "Application template id specific to this application type.", "example": "00dc1d40-b512-4159-bccc-e8c1b4524515" }, "clientIpSource": { "type": "string", "description": "Indicates the source of client IP address for risk analysis", "example": "FROM_CONNECTION", "enum": [ "NOT_INCLUDED", "PROVIDED", "FROM_CONNECTION" ] }, "description": { "type": "string", "description": "Short description of application.", "example": "application for testing" }, "id": { "type": "string", "description": "Application id.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "logo": { "type": "string", "description": "Base64 encoded logo image." }, "name": { "type": "string", "description": "Name of application. ", "example": "authApiApplication" }, "passkeyEnabled": { "type": "boolean", "description": "Flag indicating if passkey authentication is allowed for this application. This flag has been deprecated and is no longer used.", "deprecated": true }, "protectedOfflineSettings": { "$ref": "#/components/schemas/ProtectedOfflineSettings" }, "userValuesEnabled": { "type": "boolean", "description": "Defines whether user values function is enabled." }, "verificationRequired": { "type": "boolean", "description": "Defines whether verification for a user must be satisfied." } }, "description": "Information returned when an Auth. API application is fetched from Identity as a Service." }, "AuthApiApplicationParms": { "required": [ "applicationTemplate", "name" ], "type": "object", "properties": { "allowIgnoreIpAddressForRba": { "type": "boolean", "description": "Flag indicates if ignore ip address for rba will be allowed or not." }, "applicationTemplate": { "type": "string", "description": "Application template specific to this application type.", "example": "Authentication API" }, "applicationTemplateId": { "type": "string", "description": "Application template id specific to this application type.", "example": "00dc1d40-b512-4159-bccc-e8c1b4524515" }, "clientIpSource": { "type": "string", "description": "Indicates the source of client IP address for risk analysis", "example": "FROM_CONNECTION", "enum": [ "NOT_INCLUDED", "PROVIDED", "FROM_CONNECTION" ] }, "description": { "type": "string", "description": "Short description of application.", "example": "application for testing" }, "id": { "type": "string", "description": "Unique UUID for the application used when creating a new application. If not specified, IDaaS will generate a random UUID. ", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "logo": { "type": "string", "description": "Base64 encoded logo image." }, "name": { "type": "string", "description": "Name of the application. ", "example": "authApiApplication" }, "passkeyEnabled": { "type": "boolean", "description": "Flag indicating if passkey authentication is allowed for this application." }, "protectedOfflineSettings": { "$ref": "#/components/schemas/ProtectedOfflineSettings" }, "userValuesEnabled": { "type": "boolean", "description": "Flag indicating if user client values is allowed for this application." }, "verificationRequired": { "type": "boolean", "description": "Defines whether verification for a user must be satisfied." } }, "description": "Parameters for the new application." }, "AuthenticationFlow": { "required": [ "id", "loginFlows", "name", "readOnly" ], "type": "object", "properties": { "applications": { "type": "array", "description": "List of applications using this authentication flow.", "items": { "$ref": "#/components/schemas/ApplicationResourceRule" } }, "id": { "type": "string", "description": "The unique UUID assigned to the authentication flow when it is created." }, "identityProviders": { "type": "array", "description": "The identity providers, both OIDC and SAML, supported when the IDP login flow is enabled--limited info is returned. This parameter should be used instead of oidcIdentityProviders.", "items": { "$ref": "#/components/schemas/IdentityProvider" } }, "idpDefault": { "type": "boolean", "description": "A flag indicating whether the authentication flow uses the tenant's default IDP. When true, domain-based IDPs are not supported." }, "idpDomainBased": { "type": "boolean", "description": "A flag indicating if the authentication flow will be using domain-based IDPs." }, "idpLoginSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the identity provider Login flow is enabled and requires a second factor. PASSTHROUGH is not supported.", "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the identity provider Login flow is enabled and requires a second factor. PASSTHROUGH is not supported.", "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "loginFlows": { "type": "array", "description": "List of login flows.", "items": { "$ref": "#/components/schemas/LoginFlow" } }, "name": { "type": "string", "description": "The name of the authentication flow." }, "namedPasswordId": { "type": "string", "description": "The Named Password Id used for password authentication." }, "oidcIdentityProviders": { "type": "array", "description": "The OIDC identity providers supported when the IDP login flow is enabled--limited info is returned. This parameter is deprecated, use identityProviders instead.", "deprecated": true, "items": { "$ref": "#/components/schemas/OidcIdentityProvider" } }, "otpDeliveryPreference": { "type": "array", "description": "The order preference to use for OTP delivery.", "items": { "$ref": "#/components/schemas/OTPPreferenceDetails" } }, "overrideOtpContacts": { "type": "boolean", "description": "A flag indicating if group based OTP policy can be overridden by the authentication flow OTP policy." }, "readOnly": { "type": "boolean", "description": "A flag indicating if the authentication flow can be modified or deleted." }, "userLoginFirstStep": { "type": "string", "description": "The authenticator type to use in the first step of a two-step authentication scenario when the User Login flow is enabled.", "enum": [ "NONE", "EXTERNAL", "PASSWORD", "KBA", "OTP", "TOKEN", "TOKENPUSH", "SMARTCREDENTIALPUSH", "IDP", "PASSKEY", "SMART_LOGIN", "USER_CERTIFICATE", "FACE", "DENY", "MAGICLINK" ] }, "userLoginSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the User Login flow is enabled.", "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the User Login flow is enabled.", "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } } }, "description": "An AuthenticationFlow defines the authentication options available for a given risk level." }, "AuthenticationFlowParms": { "required": [ "loginFlows" ], "type": "object", "properties": { "identityProviderIds": { "type": "array", "description": "The UUIDs of the identity providers, both OIDC and SAML, supported when the IDP login flow is enabled--at least one is required. This parameter should be used instead of oidcIdentityProviderIds.", "items": { "type": "string", "description": "The UUIDs of the identity providers, both OIDC and SAML, supported when the IDP login flow is enabled--at least one is required. This parameter should be used instead of oidcIdentityProviderIds." } }, "idpDefault": { "type": "boolean", "description": "A flag indicating whether the authentication flow uses the tenant's default IDP. When true, domain-based IDPs are not supported." }, "idpDomainBased": { "type": "boolean", "description": "A flag indicating if the authentication flow will be using domain-based IDPs." }, "idpLoginSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the identity provider Login flow is enabled and requires a second factor. PASSTHROUGH is not supported.", "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the identity provider Login flow is enabled and requires a second factor. PASSTHROUGH is not supported.", "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "loginFlows": { "type": "array", "description": "List of enabled login flows--at least one must be enabled. If a login flow is not provided, then it's treated as disabled. Enabled login flows must be supported by the account entitlement.", "items": { "$ref": "#/components/schemas/LoginFlow" } }, "name": { "type": "string", "description": "The name of the authentication flow." }, "namedPasswordId": { "type": "string", "description": "The Named Password Id used for password authentication." }, "oidcIdentityProviderIds": { "type": "array", "description": "The UUIDs of the OIDC identity providers supported when the IDP login flow is enabled--at least one is required. This parameter is deprecated, use identityProviderIds instead.", "deprecated": true, "items": { "type": "string", "description": "The UUIDs of the OIDC identity providers supported when the IDP login flow is enabled--at least one is required. This parameter is deprecated, use identityProviderIds instead.", "deprecated": true } }, "otpDeliveryPreference": { "type": "array", "description": "Indicates the otp delivery preference in order.", "items": { "$ref": "#/components/schemas/OTPPreferenceDetails" } }, "overrideOtpContacts": { "type": "boolean", "description": "A flag indicating if group based OTP policy can be overridden by the authentication flow." }, "userLoginFirstStep": { "type": "string", "description": "The authenticator type to use in the first step of a two-step authentication scenario when the User Login flow is enabled.", "enum": [ "NONE", "EXTERNAL", "PASSWORD", "KBA", "OTP", "TOKEN", "TOKENPUSH", "SMARTCREDENTIALPUSH", "IDP", "PASSKEY", "SMART_LOGIN", "USER_CERTIFICATE", "FACE", "DENY", "MAGICLINK" ] }, "userLoginSecondStep": { "type": "array", "description": "The list of authenticator types to use in the second step of a two-step authentication scenario when the User Login flow is enabled. Use an empty array when none is required.", "items": { "type": "string", "description": "The list of authenticator types to use in the second step of a two-step authentication scenario when the User Login flow is enabled. Use an empty array when none is required.", "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } } }, "description": "Parameters defining the new authentication flow." }, "ChangeStateParms": { "required": [ "state" ], "type": "object", "properties": { "state": { "type": "string", "description": "The new state of the token. The state can be changed from ACTIVE to INACTIVE or INACTIVE to ACTIVE.", "enum": [ "NEW", "ACTIVATING", "ACTIVE", "INACTIVE", "UNASSIGNED" ] } }, "description": "Parameters specifying the new state of the token." }, "CorsOrigin": { "required": [ "id", "origin" ], "type": "object", "properties": { "id": { "type": "string", "description": "CORS origin UUID. This value is generated when the origin is created." }, "origin": { "type": "string", "description": "Allowed CORS origin. This value can contain port. Wildcard can be used for ports but not for domains. " } }, "description": "A list of origins that cross-origin requests are allowed from. Deprecated, configure it through admin portal." }, "CreateTenantAsyncStatus": { "required": [ "id", "state" ], "type": "object", "properties": { "errorMessage": { "type": "string", "description": "The error message describing the first error encountered processing the operation." }, "id": { "type": "string", "description": "The unique UUID of the operation. Used to get status and results of operation" }, "initTime": { "type": "string", "description": "The time this operation was initialized.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "processingEndTime": { "type": "string", "description": "The time at which the operation completed processing.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "processingStartTime": { "type": "string", "description": "The time at which the operation began processing.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "processingTime": { "type": "integer", "description": "How long the operation took to complete processing in milliseconds.", "format": "int64" }, "state": { "type": "string", "description": "The state of the operation.", "enum": [ "FAILED", "CANCELLED", "COMPLETED", "AWAITING_DATA", "PROCESSING", "SCHEDULED" ] }, "subject": { "type": "string", "description": "The subject of this operation." } }, "description": "Information about the status of an asynchronous create tenant request." }, "CreateTenantParms": { "required": [ "adminUser", "tenant" ], "type": "object", "properties": { "adminApiApplication": { "$ref": "#/components/schemas/AdminApiApplicationParms" }, "adminUser": { "$ref": "#/components/schemas/UserParms" }, "deliverWelcomeEmail": { "type": "boolean", "description": "A flag indicating if a welcome email should be delivered. If not set, it defaults to false." }, "entitlements": { "$ref": "#/components/schemas/EntitlementParms" }, "tenant": { "$ref": "#/components/schemas/TenantParms" } }, "description": "Parameters used to create the new tenant." }, "CreateTenantResult": { "required": [ "adminUser", "tenant" ], "type": "object", "properties": { "adminApiApplication": { "$ref": "#/components/schemas/AdminApiApplication" }, "adminUser": { "$ref": "#/components/schemas/User" }, "tenant": { "$ref": "#/components/schemas/Tenant" } }, "description": "Information returned from a create tenant request." }, "CreateUserResult": { "required": [ "success" ], "type": "object", "properties": { "error": { "$ref": "#/components/schemas/ErrorInfo" }, "success": { "type": "boolean", "description": "Indicates if the user was successfully created (true) or not (false)." }, "user": { "$ref": "#/components/schemas/User" } }, "description": "When creating multiple users in a single request, the CreateUserResult value contains the result for a single user. It will either contain information about the user created or error information describing why the create operation failed." }, "CreateUsersParms": { "required": [ "users" ], "type": "object", "properties": { "stopOnError": { "type": "boolean", "description": "If set to true, the operation stops on the first operation that fails. Otherwise the operation continues for each specified user. If not specified, this defaults to false." }, "users": { "type": "array", "description": "The list of users to be created.", "items": { "$ref": "#/components/schemas/UserParms" } } }, "description": "The list of users to be created." }, "DateTimeContext": { "required": [ "denyAccess", "riskPoint" ], "type": "object", "properties": { "allowedDateTime": { "type": "boolean", "description": "If true, the startDateTime and endDateTime define the allowed range. If false, the startDateTime and endDateTime define the denied range." }, "allowedTime": { "type": "boolean", "description": "If true, the startTime and endTime define the allowed time range. If false, the startTime and endTime define the denied time range." }, "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "endDateTime": { "type": "string", "description": "If specifying a date range, the end date of the range.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "endTime": { "type": "string", "description": "If specifying a time range, the end time of the range. The value should be of the form hh:mm:ss", "example": "17:00:00" }, "riskPoint": { "maximum": 100, "minimum": 0, "type": "integer", "description": "The number of risk points that apply if this context applies.", "format": "int32" }, "startDateTime": { "type": "string", "description": "If specifying a date range, the start date of the range.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "startTime": { "type": "string", "description": "If specifying a time range, the start time of the range. The value should be of the form hh:mm:ss", "example": "08:00:00" }, "weekDays": { "type": "array", "description": "If specifying a time range, the days of the week to which the time range will apply.", "items": { "type": "string", "description": "If specifying a time range, the days of the week to which the time range will apply.", "enum": [ "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" ] } }, "zoneId": { "type": "string", "description": "The time zone or fixed offset in which dates and times are interpreted. For example, a value like -05:00 to specify a fixed offset of 5 hours behind UTC, or a time zone ID like America/New_York to account for regional time zone rules, including daylight saving time. Set this value if you want to interpret times (e.g., 8 AM to 5 PM) in the customer's local time zone rather than the timezone of the service. If not specified, the default is Z (UTC).", "example": "America/New_York" } }, "description": "The DateTimeContext context specifies an allowed or disallowed date or time range. Only a date range or a time range can be specified. Risk is applied to the authentication if the current time is outside an allowed range or inside a disallowed range. A date range specifies a start and end date. For example 2019/01/01 to 2019/03/01. A time range species a start and end time and days of the week. For example Monday to Friday, 8am to 5pm." }, "DeleteAuthenticationFlowResult": { "required": [ "deleted" ], "type": "object", "properties": { "deleted": { "type": "boolean", "description": "Indicates if the authentication flow was deleted.", "example": true }, "error": { "$ref": "#/components/schemas/ErrorInfo" }, "resourceRules": { "type": "array", "description": "List of resource rules using the authentication flow if the delete fails because the authentication flow is in use. It will be null in any other case.", "items": { "type": "string", "description": "List of resource rules using the authentication flow if the delete fails because the authentication flow is in use. It will be null in any other case." } } }, "description": "The DeleteAuthenticationFlowResult contains the outcome of an authentication flow delete operation. It will indicate if the operation succeeded and, if it failed, it will include error information describing why the operation failed." }, "DeleteUserParms": { "required": [ "id" ], "type": "object", "properties": { "id": { "type": "string", "description": "The id of the user to be deleted. The type of the id is specified by idType." }, "idType": { "type": "string", "description": "The type of the id identifying the user. The value can be one of UUID (the user's internal UUID), USERID (the user's userId) or EXTERNALID (the externalId of the user). If not specified, this defaults to UUID.", "enum": [ "UUID", "USERID", "EXTERNALID" ] } }, "description": "When deleting multiple users in a single request, the DeleteUserParms value contains the id of a single user to be deleted." }, "DeleteUserResult": { "required": [ "success" ], "type": "object", "properties": { "error": { "$ref": "#/components/schemas/ErrorInfo" }, "success": { "type": "boolean", "description": "Indicates if the user was successfully deleted (true) or not (false)." } }, "description": "When deleting multiple users in a single request, the DeleteUserResult value contains the result for a single user. It will indicate if the operation succeeded and if it failed will include error information describing why the operation failed." }, "DeleteUsersParms": { "required": [ "users" ], "type": "object", "properties": { "stopOnError": { "type": "boolean", "description": "If set to true, the operation stops on the first operation that fails. Otherwise the operation continues for each specified user. If not specified, this defaults to false." }, "users": { "type": "array", "description": "The list of users to be deleted.", "items": { "$ref": "#/components/schemas/DeleteUserParms" } } }, "description": "The list of UUIDs of users to be deleted." }, "DeviceCertificateContext": { "required": [ "denyAccess", "riskPoint" ], "type": "object", "properties": { "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "riskPoint": { "maximum": 100, "minimum": 0, "type": "integer", "description": "The number of risk points that apply if this context applies.", "format": "int32" } }, "description": "Device Certificate checks to see if the user presented a trusted device certificate that's valid. If not found, risk is applied." }, "DigitalId": { "type": "object", "properties": { "certificates": { "type": "array", "description": "The certificates associated with this digital id.", "items": { "$ref": "#/components/schemas/DigitalIdCert" } }, "digitalIdConfigId": { "type": "string", "description": "The UUID of the digital Id config that defines this digital Id." }, "digitalIdConfigName": { "type": "string", "description": "The name of the digital id Config that defines this digital Id." }, "digitalIdConfigType": { "type": "string", "description": "The type of this digital Id.", "enum": [ "PIV_CARDHOLDER", "PIV_CARD" ] }, "dn": { "type": "string", "description": "The current DN of the digital id." }, "id": { "type": "string", "description": "The UUID of this DigitalId." } }, "description": "Information stored about a digital id." }, "DigitalIdCert": { "type": "object", "properties": { "description": { "type": "string", "description": "The description providing the purpose of this certificate." }, "digitalIdId": { "type": "string", "description": "The UUID of the digital id to which this certificate belongs" }, "digitalIdType": { "type": "string", "description": "The type of the digital Id to which this certificate belongs.", "enum": [ "PIV_CARDHOLDER", "PIV_CARD" ] }, "id": { "type": "string", "description": "The UUID of this Digital Id Certificate." }, "issuerDN": { "type": "string", "description": "The issuer DN of this certificate." }, "notAfter": { "type": "string", "description": "The expiry date of this certificate.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "notBefore": { "type": "string", "description": "The issue date of this certificate.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "pivContainer": { "type": "string", "description": "The name of the PIV container that stores this certificate on the smart card." }, "serialNumber": { "type": "string", "description": "The serial number of this certificate." }, "status": { "type": "string", "description": "The status of this certificate. If not set, the revocation status has not been retrieved from the CA.", "enum": [ "ACTIVE", "REVOKED", "HOLD", "EXPIRED", "NOT_AVAILABLE" ] }, "subjectDN": { "type": "string", "description": "The subject DN of this certificate." } }, "description": "Information stored about a certificate associated with a digital id." }, "DigitalIdConfig": { "type": "object", "properties": { "allCAGroups": { "type": "boolean", "description": "If true, digital ids using this config will be set to have all CA groups." }, "caGroups": { "type": "array", "description": "If allCAGroups is set to false then digital ids using this config will use this specified list of CA groups.", "items": { "type": "string", "description": "If allCAGroups is set to false then digital ids using this config will use this specified list of CA groups." } }, "caId": { "type": "string", "description": "The UUID of the CA for this digital id config." }, "caName": { "type": "string", "description": "The name of the CA for this digital id config." }, "caType": { "type": "string", "description": "The CA type of this Digital Id Config.", "enum": [ "EDC", "MS", "PKIAAS" ] }, "certTemplates": { "type": "array", "description": "A list of cert templates associated with this digital id config.", "items": { "$ref": "#/components/schemas/DigitalIdConfigCertTemplate" } }, "certificateType": { "type": "string", "description": "The CA certificate type which digital ids using this config will use." }, "digitalIdConfigTemplateId": { "type": "string", "description": "When creating a digital id config, default values can be provided from this specified digital id config template." }, "directoryEntry": { "type": "boolean", "description": "A flag indicating if digital ids using this config will create directory entries in the CA." }, "dnFormat": { "type": "string", "description": "The format which digital ids using this config will use for their DN." }, "dnFormatSearchbaseIncluded": { "type": "boolean", "description": "Whether digital ids using this config should include the searchbase in their DN." }, "id": { "type": "string", "description": "The UUID of this Digital Id Config." }, "name": { "type": "string", "description": "The name of this Digital Id Config." }, "role": { "type": "string", "description": "The CA role which digital ids using this config will use." }, "searchbase": { "type": "string", "description": "The searchbase within the CA in which digital ids using this config will be created." }, "subjectAltNames": { "type": "array", "description": "A list of subjectAltNames associated with this digital id config.", "items": { "$ref": "#/components/schemas/DigitalIdConfigSubjectAltName" } }, "type": { "type": "string", "description": "The type of digital id.", "enum": [ "PIV_CARDHOLDER", "PIV_CARD" ] }, "userType": { "type": "string", "description": "The CA user type which digital ids using this config will use." }, "variables": { "type": "array", "description": "A list of variables associated with this digital id config.", "items": { "$ref": "#/components/schemas/DigitalIdConfigVariable" } } }, "description": "Information that defines how digital ids are created in the CA." }, "DigitalIdConfigCertTemplate": { "type": "object", "properties": { "digitalIdConfigId": { "type": "string", "description": "The UUID of the Digital Id Config that owns this Digital Id Config Cert Template." }, "id": { "type": "string", "description": "The UUID of the Digital Id Config Cert Template." }, "keyType": { "type": "string", "description": "The key type of the Digital Id Config Cert Template.", "enum": [ "RSA_2048", "EC_P_256" ] }, "lifetime": { "type": "integer", "description": "The lifetime (in months) of the certificate created with this Digital Id Config Cert Template.", "format": "int32" }, "name": { "type": "string", "description": "The name of the Digital Id Config Cert Template." }, "pivContainer": { "type": "string", "description": "The PIV container of the Digital Id Config Cert Template.", "enum": [ "PivAuth", "CardAuth", "DigSig", "KeyMgmt", "None" ] }, "useCaDefaultCertLifetime": { "type": "boolean", "description": "A flag indicating whether to use the CA's default certificate lifetime." } }, "description": "Information that describes a Digital Id Config Cert Template." }, "DigitalIdConfigSubjectAltName": { "type": "object", "properties": { "digitalIdConfigId": { "type": "string", "description": "The UUID of the digital id config that owns this subjectAltName." }, "id": { "type": "string", "description": "The UUID of this Digital Id Config SubjectAltName." }, "type": { "type": "string", "description": "The type of subjectAltName.", "enum": [ "EMAIL", "UPN", "IP", "DNS", "OTHER", "X400", "DN", "EDI", "URI", "REGISTERED_ID" ] }, "value": { "type": "string", "description": "The value for the subjectAltName." } }, "description": "Information that describes a Digital Id Config SubjectAltName." }, "DigitalIdConfigVariable": { "type": "object", "properties": { "digitalIdConfigId": { "type": "string", "description": "The UUID of the Digital Id Config that owns this Digital Id Config Variable." }, "id": { "type": "string", "description": "The UUID of the Digital Id Config Variable." }, "includedInDN": { "type": "boolean", "description": "A flag indicating if values for this variable are included in the Digital Id's DN when it is generated by the CA." }, "name": { "type": "string", "description": "The name of the Digital Id Config Variable." }, "type": { "type": "string", "description": "The type of the Digital Id Config Variable.", "enum": [ "CERTIFICATE", "USER", "VARIABLE", "CUSTOM" ] }, "value": { "type": "string", "description": "The value of the Digital Id Config Variable." } }, "description": "Information that describes a Digital Id Config Variable." }, "Directory": { "type": "object", "properties": { "aliasMappingName": { "type": "string", "description": "The name of the AD attribute value that will be mapped into comma seperated string value of alias", "example": "adminDescription,adminDisplayName" }, "certificate": { "type": "string", "description": "The SSL certificate to connect to the Directory with.", "format": "byte", "deprecated": true }, "directoryAttributeMappings": { "type": "array", "description": "Directory attribure mappings.", "items": { "$ref": "#/components/schemas/DirectoryAttributeMapping" } }, "directoryConnections": { "type": "array", "description": "The connections that you want to connect when syncing.", "items": { "$ref": "#/components/schemas/DirectoryConnection" } }, "directorySync": { "$ref": "#/components/schemas/DirectorySync" }, "directorySyncId": { "type": "string", "description": "The UUID of the directory sync", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "groupFilters": { "type": "array", "description": "Directory group filters.", "items": { "$ref": "#/components/schemas/GroupFilter" } }, "hostname": { "type": "string", "description": "The hostname of the Directory Can be an IP address or a hostname.", "example": "10.4.1.2 or directory.server.com", "deprecated": true }, "id": { "type": "string", "description": "The UUID of the Directory.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "name": { "type": "string", "description": "The name of the Directory.", "example": "Directory" }, "password": { "type": "string", "description": "The password to connect to the Directory with." }, "port": { "type": "integer", "description": "The port to connect to the Directory over.", "format": "int32", "example": 389, "deprecated": true }, "rootDomainNamingContext": { "type": "string", "description": "The root domain naming context of the Directory.", "example": "DC=AnyCorp,DC=biz" }, "searchBases": { "type": "array", "description": "The searchbases that you want to search when syncing.", "items": { "$ref": "#/components/schemas/SearchBase" } }, "type": { "type": "string", "description": "The type of the Directory.", "example": "AD", "enum": [ "AD", "LDAP" ] }, "useSsl": { "type": "boolean", "description": "Whether or not to connect to the Directory using an SSL certificate.", "deprecated": true }, "userName": { "type": "string", "description": "The username to connect to the Directory with. Value must be a fully distinguished name or UPN.", "example": "CN=Administrator,CN=Users,DC=AnyCorp,DC=biz or Administrator@AnyCorp.biz" } }, "description": "A Directory defines the information returned about a directory." }, "DirectoryAttributeMapping": { "type": "object", "properties": { "directoryAttributeName": { "type": "string", "description": "The name of the directory attribute being mapped.", "example": "givenName" }, "directoryId": { "type": "string", "description": "The UUID of the Directory the attribute mapping belongs to.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "id": { "type": "string", "description": "The UUID of the attribute mapping.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "userAttribute": { "$ref": "#/components/schemas/UserAttribute" }, "userAttributeId": { "type": "string", "description": "The UUID of the Identity as a Service User Attribute being mapped to.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" } }, "description": "A DirectoryAttributeMapping defines the information returned about a directory attribute mapping. A directory attribute mapping specifies which directory attribute values are mapped into which Identity as a Service user attributes." }, "DirectoryConnection": { "type": "object", "properties": { "certificate": { "type": "string", "description": "The SSL certificate to connect to the Directory with.", "format": "byte", "deprecated": true }, "directoryId": { "type": "string", "description": "The UUID of the Directory the connection belongs to.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "hostname": { "type": "string", "description": "The Directory hostname or IP address.", "example": "10.4.1.2 or directory.server.com" }, "id": { "type": "string", "description": "The UUID of the Directory connection." }, "port": { "type": "integer", "description": "The Directory port.", "format": "int32", "example": 389 }, "useSsl": { "type": "boolean", "description": "Whether or not to connect to the Directory using an SSL certificate." } }, "description": "The connections that you want to connect when syncing." }, "DirectorySync": { "type": "object", "properties": { "crawlFrequency": { "type": "integer", "description": "The rate at which the directory will be queried in milliseconds", "format": "int32", "example": 3600000 }, "directory": { "$ref": "#/components/schemas/Directory" }, "directoryId": { "type": "string", "description": "The ID of the directory." }, "directorySyncAgentId": { "type": "string", "description": "The UUID of the Directory Sync Gateway Agent.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "groupDesyncPolicy": { "type": "string", "description": "Group desynchronization will be done based on the selected option.", "example": "GROUP_DELETED", "enum": [ "GROUP_LOCALLY_MANAGED", "GROUP_DELETED" ] }, "groupNameAttribute": { "type": "string", "description": "The group name attribute" }, "groupObjectClass": { "type": "string", "description": "The Group Object Class", "example": "groupOfNames" }, "groupSynchronizationType": { "type": "string", "description": "Group synchronization will be done based on the selected option.", "example": "ALL, FILTER or NONE", "enum": [ "ALL", "FILTER", "NONE" ] }, "id": { "type": "string", "description": "The UUID of the directory.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "lastUpdate": { "type": "string", "description": "The last time the directory was updated.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "pageSize": { "type": "integer", "description": "The number of records that should returned per query. Default is 25.", "format": "int32", "example": 25 }, "state": { "type": "string", "description": "The status of the Directory Sync.", "example": "CRAWLING", "enum": [ "UNKNOWN", "ERROR", "PENDING_CHANGES", "SYNCED", "OUT_OF_SYNC", "CRAWLING", "CRAWL_COMPLETE", "NOTIFYING_GROUPS", "NOTIFYING_GROUPS_USERS", "NOTIFYING_USERS", "NOTIFY_COMPLETE", "SYNCING", "FAILED" ] }, "userDesyncPolicy": { "type": "string", "description": "User synchronization will be done based on the selected option.", "example": "USER_DELETED", "enum": [ "USER_LOCALLY_MANAGED_ENABLED", "USER_LOCALLY_MANAGED_DISABLED", "USER_DELETED" ] }, "userObjectClass": { "type": "string", "description": "The User Object Class" }, "userUniqueIdAttribute": { "type": "string", "description": "The User Unique Id Attribute" }, "waitBetweenNotifications": { "type": "integer", "description": "How long to wait between notifications in milliseconds.", "format": "int32", "example": 500 } }, "description": "A DirectorySync defines the information returned about the directory sync configuration of a directory." }, "DirectorySyncStatusInfo": { "type": "object", "properties": { "directoryName": { "type": "string", "description": "The name of the directory." }, "directoryOrSearchBaseBeingProcessed": { "type": "string", "description": "The name of the directory or searchbase is being processed." }, "errors": { "type": "string", "description": "Comma separated list of errors occurred during the AD-sync process." }, "groupsAdded": { "type": "integer", "description": "The number of groups added.", "format": "int32" }, "groupsCreateCount": { "type": "integer", "description": "The number of groups successfully created in the service database.", "format": "int32" }, "groupsDeleteCount": { "type": "integer", "description": "The number of groups successfully deleted from the service database.", "format": "int32" }, "groupsFailCount": { "type": "integer", "description": "The number of groups failed to be uploaded.", "format": "int32" }, "groupsFailed": { "type": "integer", "description": "The number of groups skipped due to errors.", "format": "int32" }, "groupsProcessedSuccessfully": { "type": "integer", "description": "The number of groups processed successfully.", "format": "int32", "deprecated": true }, "groupsRemoved": { "type": "integer", "description": "The number of groups removed.", "format": "int32" }, "groupsSyncedWithChanges": { "type": "integer", "description": "The number of groups changed.", "format": "int32" }, "groupsSyncedWithNoChanges": { "type": "integer", "description": "The number of groups synced with no changes.", "format": "int32" }, "groupsUpdateCount": { "type": "integer", "description": "The number of groups successfully updated in the service database.", "format": "int32" }, "id": { "type": "string", "description": "The UUID of the DirectorySyncStatusInfo." }, "searchbasesProcessed": { "type": "integer", "description": "The number of search bases already processed.", "format": "int32" }, "state": { "type": "string", "description": "The status of the Directory Sync processed.", "example": "CRAWLING", "enum": [ "CRAWLING", "CRAWL_COMPLETE", "ERROR", "NOTIFYING_GROUPS", "NOTIFYING_GROUPS_USERS", "NOTIFYING_USERS", "NOTIFY_COMPLETE", "OUT_OF_SYNC", "PENDING_CHANGES", "SYNCED", "UNKNOWN" ] }, "syncStarted": { "type": "string", "description": "The time when the synchronization was started.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "syncUpdated": { "type": "string", "description": "The last time the directory was updated.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "totalSearchbases": { "type": "integer", "description": "Total number of search bases to be processed.", "format": "int32" }, "usersAdded": { "type": "integer", "description": "Number of users added.", "format": "int32" }, "usersCreateCount": { "type": "integer", "description": "The number of users successfully created in the service database.", "format": "int32" }, "usersDeleteCount": { "type": "integer", "description": "The number of users successfully deleted from the service database.", "format": "int32" }, "usersFailCount": { "type": "integer", "description": "The number of users failed to be uploaded.", "format": "int32" }, "usersFailed": { "type": "integer", "description": "The number of users skipped due to errors.", "format": "int32" }, "usersProcessedSuccessfully": { "type": "integer", "description": "The number of users processed successfully.", "format": "int32", "deprecated": true }, "usersRemoved": { "type": "integer", "description": "The number of users removed.", "format": "int32" }, "usersSyncedWithChanges": { "type": "integer", "description": "The number of users synced with changes.", "format": "int32" }, "usersSyncedWithNoChanges": { "type": "integer", "description": "The number of users synced with no changes.", "format": "int32" }, "usersUpdateCount": { "type": "integer", "description": "The number of users successfully updated in the service database.", "format": "int32" } }, "description": "A DirectorySyncStatusInfo defines the information returned about the status of the last directory synchronization." }, "EmailParms": { "type": "object", "properties": { "emailAttributeName": { "type": "string", "description": "The name of the user attribute to use for email delivery. If not provided, the system-defined email attribute will be used.", "example": "external-email" } }, "description": "The parameters passed to customize email delivery to a user" }, "Entitlement": { "required": [ "endDate", "id", "quantity", "startDate", "status", "type" ], "type": "object", "properties": { "additionalFeatures": { "$ref": "#/components/schemas/AdditionalFeature" }, "contractMode": { "type": "string", "description": "The contract mode of a tenant, allowable values = 'PRODUCTION', 'TRIAL', example='TRIAL'.", "enum": [ "PRODUCTION", "TRIAL", "UNKNOWN" ] }, "contractNumber": { "type": "string", "description": "The contract number of this entitlement." }, "customerId": { "type": "string", "description": "The customer ID." }, "endDate": { "type": "string", "description": "The end date of this entitlement in UTC time.", "format": "date-time", "example": "2020-02-18T23:59:59Z" }, "entitlementId": { "type": "string", "description": "The entitlement ID." }, "flashPass": { "$ref": "#/components/schemas/MobileFlashPass" }, "fleetManagement": { "$ref": "#/components/schemas/FleetManagement" }, "gracePeriodEndDate": { "type": "string", "description": "The USERS grace period end date of this entitlement in UTC time.", "format": "date-time", "example": "2020-02-18T23:59:59Z" }, "id": { "type": "string", "description": "The unique UUID of this entitlement." }, "issuance": { "$ref": "#/components/schemas/Issuance" }, "payToPrint": { "$ref": "#/components/schemas/PayToPrint" }, "printer": { "$ref": "#/components/schemas/PrinterEntitlement" }, "quantity": { "type": "integer", "description": "The quantity of this entitlement.", "format": "int32", "example": 200 }, "remaining": { "type": "integer", "description": "The unused quantity of this entitlement (USERS type only).", "format": "int32", "example": 37 }, "smartLoginEnabled": { "type": "boolean", "description": "Whether Smart Card Smart Login is enabled or not." }, "smsVoice": { "$ref": "#/components/schemas/SmsVoice" }, "startDate": { "type": "string", "description": "The start date of this entitlement in UTC time.", "format": "date-time", "example": "2019-02-19T00:00:00Z" }, "status": { "type": "string", "description": "The status of this entitlement.", "enum": [ "ACTIVE", "INACTIVE", "TERMINATED" ] }, "subscriptionLineId": { "type": "string", "description": "The subscription line ID." }, "type": { "type": "string", "description": "The type of this entitlement.", "enum": [ "USERS", "TRANSACTIONS" ] }, "userBundles": { "type": "array", "description": "The entitlement bundles that defines the set of features available for authentication accounts.", "items": { "$ref": "#/components/schemas/ServiceBundle" } }, "usersBillingType": { "type": "string", "description": "The billing type for user entitlements. Defaults to PRE_PAID if not provided.", "example": "PRE_PAID", "enum": [ "PRE_PAID", "PAY_PER_USE" ] } } }, "EntitlementParms": { "type": "object", "properties": { "additionalFeatures": { "$ref": "#/components/schemas/AdditionalFeature" }, "contractMode": { "type": "string", "description": "The contract mode of a tenant (required during creation), allowable values = 'PRODUCTION', 'TRIAL'.", "example": "TRIAL", "enum": [ "PRODUCTION", "TRIAL", "UNKNOWN" ] }, "contractNumber": { "type": "string", "description": "The contract number." }, "customerId": { "type": "string", "description": "The customer ID." }, "endDate": { "type": "string", "description": "The date this entitlement will end. The value must be after the start date. If not specified, this value defaults to the end date of the service provider's entitlement.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "entitlementId": { "type": "string", "description": "The entitlement ID." }, "flashPass": { "$ref": "#/components/schemas/FlashPassParms" }, "fleetManagement": { "$ref": "#/components/schemas/FleetManagementParms" }, "issuance": { "$ref": "#/components/schemas/IssuanceParms" }, "printer": { "$ref": "#/components/schemas/PrinterParms" }, "quantity": { "maximum": 50000000, "minimum": 1, "type": "integer", "description": "The number of entitlements assigned to the tenant (required during creation). The service provider must have enough available entitlements to meet this request.", "format": "int32" }, "smartLoginEnabled": { "type": "boolean", "description": "Whether Smart Card Smart Login is enabled or not." }, "smsVoice": { "$ref": "#/components/schemas/SmsVoiceParms" }, "startDate": { "type": "string", "description": "The date this entitlement will start. If not specified, it defaults to the current date. This value cannot be in the future.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "status": { "type": "string", "description": "The status of this entitlement.", "enum": [ "ACTIVE", "INACTIVE", "TERMINATED" ] }, "subscriptionLineId": { "type": "string", "description": "The subscription line ID." }, "type": { "type": "string", "description": "The type of entitlement. Currently this value must be USERS. If not specified, this value defaults to USERS.", "enum": [ "USERS", "TRANSACTIONS" ] }, "usageType": { "type": "string", "description": "[DEPRECATED] The type of entitlement (ignored if type is provided). Currently this value must be USERS. If not specified, this value defaults to USERS.", "deprecated": true, "enum": [ "USERS", "TRANSACTIONS" ] }, "userBundles": { "type": "array", "description": "The entitlement bundles that defines the set of features available for authentication accounts.", "items": { "$ref": "#/components/schemas/ServiceBundle" } }, "usersBillingType": { "type": "string", "description": "The billing type for user entitlements. Defaults to PRE_PAID if not provided.", "example": "PRE_PAID", "enum": [ "PRE_PAID", "PAY_PER_USE" ] } }, "description": "Parameters passed when setting the entitlements of a tenant. Entitlements are required." }, "EntityAttribute": { "type": "object", "properties": { "name": { "type": "string", "description": "The name of the attribute." }, "value": { "type": "string", "description": "The value of the attribute." } }, "description": "Information about an attribute that was added or removed from an entity." }, "EntrustSTAuthenticatorSettings": { "type": "object", "properties": { "activationLifetime": { "minimum": 60, "type": "integer", "description": "The amount of time in seconds that an activation request is valid. Default is 300 seconds.", "format": "int32" }, "activationTypes": { "type": "array", "description": "The list of activation types that will be performed. Allowed values are: CLASSIC (return activation values that must be manually entered into the mobile application), ONLINE (return a link that when clicked will launch the mobile application) and OFFLINE (return a QR code that can be scanned by the mobile application). If no values are specified in the list then activation types are not updated.", "items": { "type": "string", "description": "The list of activation types that will be performed. Allowed values are: CLASSIC (return activation values that must be manually entered into the mobile application), ONLINE (return a link that when clicked will launch the mobile application) and OFFLINE (return a QR code that can be scanned by the mobile application). If no values are specified in the list then activation types are not updated.", "enum": [ "CLASSIC", "ONLINE", "OFFLINE" ] } }, "allowActionableNotifications": { "type": "boolean", "description": "A flag indicating if the mobile app allows the user to take action on a notification without opening the app." }, "allowDeviceBiometric": { "type": "boolean", "description": "A boolean value that specifies whether device biometric is allowed. Default is true." }, "allowUnsecureDevice": { "type": "boolean", "description": "A flag indicating if the Mobile soft token can be activated on a rooted device. Default is false." }, "appVerificationAndroidPackageName": { "type": "string", "description": "The package name of the custom Android application." }, "appVerificationIOSBundleId": { "type": "string", "description": "The bundle id of the custom IOS application." }, "appVerificationIOSTeamId": { "type": "string", "description": "The team id of the custom IOS application." }, "appVerificationRequired": { "type": "boolean", "description": "A flag indicating if app verification is required during activation." }, "facialRecognitionAllowed": { "type": "boolean", "description": "A flag indicating if the facial recognition feature supported by the Entrust Soft Token application is allowed. The default is false." }, "maxResetTimeSteps": { "maximum": 1200, "minimum": 1, "type": "integer", "description": "The maximum number of 30 second timestamps that a result response is validated. Default is 120.", "format": "int32" }, "maxTimeSteps": { "maximum": 120, "minimum": 1, "type": "integer", "description": "The maximum number of 30 second timesteps over which a response is validated. The default is 10.", "format": "int32" }, "mutualChallengeAlphabet": { "type": "string", "description": "Characters that can appear in a mutual challenge. Can contain any non-whitespace character. Default is all digits." }, "mutualChallengeEnabled": { "type": "boolean", "description": "A flag indicating if the Push Authentication Mutual Challenge is enabled. The default is false." }, "mutualChallengeForPercentOfRequests": { "maximum": 100, "minimum": 1, "type": "integer", "description": "An integer value that specifies what percent of requests have a mutual challenge. Default is 100.", "format": "int32" }, "mutualChallengeLength": { "maximum": 5, "minimum": 1, "type": "integer", "description": "The length of the mutual challenge. Default is 2.", "format": "int32" }, "mutualChallengeSize": { "maximum": 5, "minimum": 1, "type": "integer", "description": "The number of mutual challenges return in a batch. Default is 3.", "format": "int32" }, "offlineActivationPasswordLength": { "maximum": 20, "minimum": 4, "type": "integer", "description": "The length of the random password generated to encrypt an activation QR code. Default is 8.", "format": "int32" }, "onlineActivationPasswordLength": { "maximum": 32, "minimum": 16, "type": "integer", "description": "The length of the random password generated for an online activation. Default is 16.", "format": "int32" }, "otpLength": { "type": "integer", "description": "The length of the OTP generated by the soft token. The default is 8.", "format": "int32", "example": 8, "enum": [ 6, 8 ] }, "pinRequired": { "type": "boolean", "description": "A flag indicating if this token requires that a PIN be enabled on the Entrust Soft Token application. The default is true." }, "requireDeviceVerificationOnActivation": { "type": "boolean", "description": "A flag indicating if device verification is required during activation." }, "scheme": { "type": "string", "description": "Specifies the URL scheme used in soft token activation URLs. It should specify the URL scheme associated with the mobile application to be used. This value should only be changed if you are using your own mobile application written using the Entrust ST SDK. The default value is igmobileotp which corresponds to the Entrust ST application." } }, "description": "New Entrust ST Authenticator settings." }, "Error": { "required": [ "code", "message" ], "type": "object", "properties": { "code": { "type": "string", "description": "The server error code" }, "message": { "type": "string", "description": "A human-readable representation of the error" }, "target": { "type": "string", "description": "The target of the error" } } }, "ErrorInfo": { "type": "object", "properties": { "errorCode": { "type": "string", "description": "Error Codes specific to cause of failure.", "example": "invalid_user_response" }, "errorMessage": { "type": "string", "description": "Additional Error Message describing the error.", "example": "Application id cannot be null" }, "parameters": { "type": "array", "description": "Optional additional error information.", "items": { "type": "object", "description": "Optional additional error information." } } }, "description": "Object containing information about errors reported by services." }, "ExpectedLocation": { "type": "object", "properties": { "city": { "type": "string", "description": "The city name--always returned in upper-case." }, "countryCode": { "type": "string", "description": "A two-character (alpha-2) ISO 3166-1 country code." }, "id": { "type": "string", "description": "The UUID of this expected location." }, "ipAddress": { "type": "string", "description": "The IPv4 Address." }, "isp": { "type": "string", "description": "The ISP name--always returned in upper-case." }, "privateIpAddress": { "type": "boolean", "description": "Whether the IP provided is a private IP Address. The value is ignored when adding an ExpectedLocation. It is returned when getting ExpectedLocations if the location has an IP address defined" } }, "description": "Information stored for an expected location." }, "ExportCertificate": { "type": "object", "properties": { "certificate": { "type": "string", "description": "Certificate information as a PEM encoded value." } } }, "FIDOAllowedRpid": { "required": [ "hostname", "systemDefined" ], "type": "object", "properties": { "androidOrigins": { "type": "array", "description": "Collection of different android app origin configurations.", "items": { "$ref": "#/components/schemas/FIDOAndroidOriginSettings" } }, "hostname": { "type": "string", "description": "Allowed FIDO relying party ID hostname value. This value can not contain a port.", "example": "example.com" }, "iosOrigins": { "type": "array", "description": "Collection of different ios app association configurations.", "items": { "$ref": "#/components/schemas/FIDOIosOriginSettings" } }, "subdomainsAllowed": { "type": "boolean", "description": "Determines if subdomains are allowed for this relying party ID." }, "systemDefined": { "type": "boolean", "description": "Determines if the relying party ID is system defined." } }, "description": "List of allowed relying party IDs for passkey/FIDO2 registration." }, "FIDOAndroidAssetLinks": { "required": [ "relation", "target" ], "type": "object", "properties": { "relation": { "type": "array", "description": "List of relationships describing the association permissions between the website and the app.", "items": { "type": "string", "description": "List of relationships describing the association permissions between the website and the app." } }, "target": { "$ref": "#/components/schemas/FIDOAndroidAssetLinksTargets" } }, "description": "Represents the structure of 'assetlinks.json' Android association file." }, "FIDOAndroidAssetLinksTargets": { "required": [ "namespace" ], "type": "object", "properties": { "namespace": { "type": "string", "description": "The namespace string for the association.", "example": "android_app" }, "package_name": { "type": "string", "description": "The package name of the Android app.", "example": "com.example.myapp" }, "sha256_cert_fingerprints": { "type": "array", "description": "The list of SHA-256 certificate fingerprints for the signing certificates.", "example": "[C8:64:56:31:CF:2D:A9:3D:68:14:AD:9F:90:46:FC:16:3B:4E:50:4F:C7:FF:A4:8E:73:23:1B:0F:76:EC:93:B4]", "items": { "type": "string", "description": "The list of SHA-256 certificate fingerprints for the signing certificates.", "example": "[C8:64:56:31:CF:2D:A9:3D:68:14:AD:9F:90:46:FC:16:3B:4E:50:4F:C7:FF:A4:8E:73:23:1B:0F:76:EC:93:B4]" } } }, "description": "Represents the 'target' field structure of assetlinks.json file that contains namespace, package name and certificate fingerprints." }, "FIDOAndroidOriginSettings": { "required": [ "fingerprints", "packageName" ], "type": "object", "properties": { "fingerprints": { "type": "array", "description": "An array of SHA-256 fingerprints of the app's signing certificate(s).", "example": "[C8:64:56:31:CF:2D:A9:3D:68:14:AD:9F:90:46:FC:16:3B:4E:50:4F:C7:FF:A4:8E:73:23:1B:0F:76:EC:93:B4]", "items": { "type": "string", "description": "An array of SHA-256 fingerprints of the app's signing certificate(s).", "example": "[C8:64:56:31:CF:2D:A9:3D:68:14:AD:9F:90:46:FC:16:3B:4E:50:4F:C7:FF:A4:8E:73:23:1B:0F:76:EC:93:B4]" } }, "packageName": { "type": "string", "description": "Specifies the android app's package name.", "example": "com.example.myapp" } }, "description": "Represents the android origin configurations for Passkey/FIDO authenticator settings." }, "FIDOAppleAppSiteAssociation": { "required": [ "webcredentials" ], "type": "object", "properties": { "webcredentials": { "$ref": "#/components/schemas/FIDOAppleAppSiteAssociationWebcredentials" } }, "description": "Represents the structure of 'apple-app-site-association' Apple association file." }, "FIDOAppleAppSiteAssociationWebcredentials": { "required": [ "apps" ], "type": "object", "properties": { "apps": { "type": "array", "description": "A list of app IDs that can use passkey for the associated website.", "items": { "type": "string", "description": "A list of app IDs that can use passkey for the associated website." } } }, "description": "Defines the apps that can use passkey for website credentials." }, "FIDOAssociationFileRequest": { "required": [ "rpId" ], "type": "object", "properties": { "rpId": { "type": "string", "description": "The relying party ID that hosts the association file.", "example": "example.com" } }, "description": "Represents the request body for downloading association file APIs for Android and Apple." }, "FIDOAuthenticatorSettings": { "required": [ "backupEligibleCheck", "fidoRelyingPartyAllowlist", "fidoRelyingPartyAllowlistEnabled", "passkeyAuthenticatorLevel", "registrationAuthenticatorAttachment", "registrationRequireResidentKey", "registrationUserVerification", "timeout", "userPresentCheck" ], "type": "object", "properties": { "backupEligibleCheck": { "type": "boolean", "description": "A boolean value indicating if synced passkey/FIDO2 tokens should be blocked.", "default": false }, "fidoRelyingPartyAllowlist": { "type": "array", "description": "List of allowed relying party IDs for passkey/FIDO2 registration.", "items": { "$ref": "#/components/schemas/FIDOAllowedRpid" } }, "fidoRelyingPartyAllowlistEnabled": { "type": "boolean", "description": "A boolean value indicating if passkey/FIDO2 relying party allow list is enabled.", "default": false }, "passkeyAuthenticatorLevel": { "type": "string", "description": "The minimum authentication level required to use FIDO self user actions through the Authentication API." }, "registrationAuthenticatorAttachment": { "type": "string", "description": "Should the token be embedded on the device or stored externally?", "enum": [ "EITHER", "PLATFORM", "CROSS_PLATFORM" ] }, "registrationRequireResidentKey": { "type": "string", "description": "Should the User ID be stored on the Passkey/FIDO2 token?", "enum": [ "DISCOURAGED", "PREFERRED", "REQUIRED" ] }, "registrationUserVerification": { "type": "string", "description": "Should the token perform user verification?", "enum": [ "DISCOURAGED", "PREFERRED", "REQUIRED" ] }, "timeout": { "type": "integer", "description": "The time in seconds that a client will wait for the FIDO token to respond. Value must be between 5 and 300.", "format": "int32" }, "userPresentCheck": { "type": "boolean", "description": "A boolean value indicating if user presence is checked by the passkey/FIDO2 token.", "default": false } }, "description": "Settings that control the behavior of FIDO authentication." }, "FIDOAuthenticatorSettingsParms": { "type": "object", "properties": { "backupEligibleCheck": { "type": "boolean", "description": "A boolean value indicating if synced passkey/FIDO2 tokens should be blocked.", "default": false }, "fidoRelyingPartyAllowlist": { "type": "array", "description": "List of allowed relying party IDs for passkey/FIDO2 registration.", "items": { "$ref": "#/components/schemas/FIDOAllowedRpid" } }, "fidoRelyingPartyAllowlistEnabled": { "type": "boolean", "description": "A boolean value indicating if passkey/FIDO2 relying party allow list is enabled.", "default": false }, "passkeyAuthenticatorLevel": { "type": "string", "description": "The minimum authentication level required to use FIDO self user actions through the Authentication API." }, "registrationAuthenticatorAttachment": { "type": "string", "description": "Should the token be embedded on the device or stored externally?", "enum": [ "EITHER", "PLATFORM", "CROSS_PLATFORM" ] }, "registrationRequireResidentKey": { "type": "string", "description": "Should the User ID be stored on the Passkey/FIDO2 token?", "enum": [ "DISCOURAGED", "PREFERRED", "REQUIRED" ] }, "registrationUserVerification": { "type": "string", "description": "Should the token perform user verification?", "enum": [ "DISCOURAGED", "PREFERRED", "REQUIRED" ] }, "timeout": { "type": "integer", "description": "The time in seconds that a client will wait for the FIDO token to respond. Value must be between 5 and 300.", "format": "int32" }, "userPresentCheck": { "type": "boolean", "description": "A boolean value indicating if user presence is checked by the passkey/FIDO2 token.", "default": false } }, "description": "Settings that set the behavior of FIDO authentication." }, "FIDOIosOriginSettings": { "required": [ "appIdentifierPrefix", "bundleIdentifier" ], "type": "object", "properties": { "appIdentifierPrefix": { "type": "string", "description": "Specifies the Apple developer Team ID.", "example": "89D8S454P6" }, "bundleIdentifier": { "type": "string", "description": "Application's unique bundle ID to associate with the server.", "example": "com.example.myapp" } }, "description": "Represents the iOS origin configurations for Passkey/FIDO authenticator settings." }, "FIDORegisterChallenge": { "type": "object", "properties": { "challenge": { "type": "string", "description": "The registration challenge generated by Identity as a Service. This is a base-64 encoded value." }, "registeredCredentials": { "type": "array", "description": "The IDs of FIDO tokens already registered to this user. These values are base-64 encoded.", "items": { "type": "string", "description": "The IDs of FIDO tokens already registered to this user. These values are base-64 encoded." } }, "registeredCredentialsNames": { "type": "array", "description": "The names of FIDO tokens already registered to this user.", "items": { "type": "string", "description": "The names of FIDO tokens already registered to this user." } }, "registrationAuthenticatorAttachment": { "type": "string", "description": "Should the token be embedded on the device or stored externally?", "enum": [ "EITHER", "PLATFORM", "CROSS_PLATFORM" ] }, "registrationRequireResidentKey": { "type": "string", "description": "Should the User ID be stored on the Passkey/FIDO2 token?", "enum": [ "DISCOURAGED", "PREFERRED", "REQUIRED" ] }, "registrationUserVerification": { "type": "string", "description": "Should the token perform user verification?", "enum": [ "DISCOURAGED", "PREFERRED", "REQUIRED" ] }, "rpName": { "type": "string", "description": "The name of this relying party. This is the name of the Identity as a Service account." }, "timeout": { "type": "integer", "description": "The number of seconds that the client will wait for the FIDO token to respond. This field is deprecated, use 'timeoutMillis' instead.", "format": "int32", "deprecated": true }, "timeoutMillis": { "type": "integer", "description": "The time in milliseconds that the client will wait for the FIDO token to respond.", "format": "int32" }, "userDisplayName": { "type": "string", "description": "The display name of this user. It will be 'firstname lastname' of the user" }, "userId": { "type": "string", "description": "The id of this user. It will be UUID of the user base-64 encoded." }, "userName": { "type": "string", "description": "The name of this user. It will be the userId of the user." } }, "description": "A FIDORegisterChallenge defines the information returned when a user starts to register a FIDO token." }, "FIDORegisterResponse": { "type": "object", "properties": { "attestationObject": { "type": "string", "description": "The FIDO attestationObject data returned from the FIDO token. This is a base-64 encoded value." }, "clientDataJSON": { "type": "string", "description": "The FIDO clientData returned from the FIDO token. This is a base-64 encoded value." }, "name": { "type": "string", "description": "The name for the new FIDO token." }, "userIdStored": { "type": "boolean", "description": "Flag indicating if the userId was stored on the registered FIDO2 token. Defaults to false if not set.", "deprecated": true } }, "description": "FIDORegisterResponse defines the information returned from a FIDO token to complete registration." }, "FIDOToken": { "type": "object", "properties": { "allowedActions": { "type": "array", "description": "Administration actions that can be performed on this FIDO token.", "items": { "type": "string", "description": "Administration actions that can be performed on this FIDO token.", "enum": [ "DELETE", "ENABLE", "DISABLE", "RENAME" ] } }, "createDate": { "type": "string", "description": "The date on which the FIDO token was created.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "id": { "type": "string", "description": "The unique UUID assigned to the fido token when it is registered." }, "lastUsedDate": { "type": "string", "description": "The date on which this FIDO token was last used for authentication. This value will be null if the FIDO token has never been used.", "format": "date-time", "example": "2019-02-21T11:37:27Z" }, "name": { "type": "string", "description": "The name of this FIDO token." }, "origin": { "type": "string", "description": "The origin of where the FIDO token was generated." }, "relyingPartyId": { "type": "string", "description": "The relying party ID of where the FIDO token was generated." }, "state": { "type": "string", "description": "The state of this FIDO token. Only FIDO tokens in the ACTIVE state can be used for authentication.", "enum": [ "ACTIVE", "INACTIVE" ] }, "userId": { "type": "string", "description": "The user Id of the user who owns this FIDO token." }, "userIdStored": { "type": "boolean", "description": "Indicates if the userId was stored on the FIDO token." }, "userUUID": { "type": "string", "description": "The UUID of the user who owns this FIDO token." } }, "description": "A FIDOToken defines the information returned about a FIDO Token." }, "FIDOTokenParms": { "type": "object", "properties": { "name": { "type": "string", "description": "The name of this FIDO token." }, "state": { "type": "string", "description": "The state of this FIDO token. Only FIDO tokens in the ACTIVE state can be used for authentication.", "enum": [ "ACTIVE", "INACTIVE" ] } }, "description": "The parameters specifying what is to be changed." }, "FaceAccountSettings": { "required": [ "apiKey", "region", "webhookToken" ], "type": "object", "properties": { "apiKey": { "type": "string", "description": "Token used to authenticate Onfido API requests.", "example": "api_live_ca.abcd1234abcdefghijklmnopqrstuvwxyz" }, "id": { "type": "string", "description": "UUID of the Onfido account settings in IDaaS.", "example": "6784549d-433c-44ea-a42f-4701458d9245" }, "region": { "type": "string", "description": "Region of the Onfido account. Allowed values: EU, US, CA.", "example": "US", "enum": [ "EU", "US", "CA" ] }, "webhookToken": { "type": "string", "description": "Onfido webhook token used to validate incoming webhook payloads.", "example": "123456789_1aBCJP4zghytkC1tSHnTJb" } }, "description": "The new Onfido account settings to apply." }, "FaceAuthenticator": { "type": "object", "properties": { "applicantId": { "type": "string", "description": "The ID of the applicant in Onfido." }, "created": { "type": "string", "description": "Date the authenticator was created.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "expiry": { "type": "string", "description": "Date the authenticator will expire.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "id": { "type": "string", "description": "The ID of the Face Biometric." }, "lastUsed": { "type": "string", "description": "Date the authenticator was last used.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "mobile": { "type": "boolean", "description": "If the authenticator was registered on mobile." }, "platform": { "type": "string", "description": "The mobile device platform on which a Face Biometric was registered." }, "serialNumber": { "type": "string", "description": "The serial number of the Face Biometric." }, "status": { "type": "string", "description": "The status of the authenticator.", "enum": [ "ACTIVATING", "ACTIVE", "FAILED", "EXPIRED", "REVIEW", "DISABLED", "NEW" ] } }, "description": "Face Biometric information stored for a user." }, "FaceCreateParms": { "type": "object", "properties": { "applicantId": { "type": "string", "description": "The Onfido applicant UUID. Used to link the Face Biometric to the correct applicant. Applicable for server stored biometric web flows." }, "deliverActivationEmail": { "type": "boolean", "description": "If set to true, an activation email will be sent to the user. Applicable only for mobile flows." }, "encryptedBiometricToken": { "$ref": "#/components/schemas/FaceEncryptedToken" }, "returnQRCode": { "type": "boolean", "description": "If set to true, the response will include a QR code for activation. Applicable only for mobile flows." }, "workflowRunId": { "type": "string", "description": "The Onfido workflow run UUID. Used to link the Face Biometric to the correct workflow run. Applicable for server stored biometric web flows." } }, "description": "Face Biometric Parameters for a user." }, "FaceCreateResponse": { "type": "object", "properties": { "activationQRCode": { "type": "string", "description": "The QR code used to register the mobile Face Biometric." }, "activationUrl": { "type": "string", "description": "The activation URL used to register the mobile Face Biometric." }, "applicantId": { "type": "string", "description": "The ID of the applicant in Onfido." }, "created": { "type": "string", "description": "Date the authenticator was created.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "expiry": { "type": "string", "description": "Date the authenticator will expire.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "id": { "type": "string", "description": "The ID of the Face Biometric." }, "mobile": { "type": "boolean", "description": "If the authenticator was created for mobile." }, "serialNumber": { "type": "string", "description": "The serial number of the Face Biometric." }, "status": { "type": "string", "description": "The status of the authenticator.", "enum": [ "ACTIVATING", "ACTIVE", "FAILED", "EXPIRED", "REVIEW", "DISABLED", "NEW" ] } }, "description": "Parameters returned from the create Face Biometric operation." }, "FaceEncryptedToken": { "required": [ "customerUserId", "encryptedBiometricToken" ], "type": "object", "properties": { "customerUserId": { "type": "string", "description": "Unique identifier for the user. Used to associate the encrypted biometric token with a specific user in Onfido." }, "encryptedBiometricToken": { "type": "string", "description": "Base64-encoded string containing the encrypted biometric token generated by Onfido after successful user verification." } }, "description": "Face Biometric EBT information for a user." }, "FaceUpdateParms": { "type": "object", "properties": { "expiry": { "type": "string", "description": "Date the authenticator will expire.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "id": { "type": "string", "description": "The ID of the authenticator to update." }, "status": { "type": "string", "description": "The status of the authenticator.", "enum": [ "ACTIVATING", "ACTIVE", "FAILED", "EXPIRED", "REVIEW", "DISABLED", "NEW" ] } }, "description": "Face Biometric Parameters for a user." }, "FlashPassParms": { "type": "object", "properties": { "quantity": { "type": "integer", "description": "The number of FlashPass pass claims allowed during the Trial period.", "format": "int32", "example": 25, "enum": [ 25, 100 ] } }, "description": "Parameters passed when setting the Issuance entitlements of a tenant." }, "FleetManagement": { "type": "object", "properties": { "addOn": { "type": "string", "description": "Add on column to store fleetManagementOptIn flag" }, "consumed": { "type": "integer", "description": "The entitlements consumed since start date during the entitlement period.", "format": "int32" }, "endDate": { "type": "string", "description": "The date when the entitlement will end.", "format": "date-time", "example": "2020-02-19T00:00:00Z" }, "quantity": { "type": "integer", "description": "The number of FlashPass claims allowed during the period.", "format": "int32", "example": 1000 }, "startDate": { "type": "string", "description": "The date when the entitlement starts.", "format": "date-time", "example": "2019-02-19T00:00:00Z" } }, "description": "FleetManagement entitlements of a tenant." }, "FleetManagementParms": { "type": "object", "description": "Parameters passed when setting the fleet management entitlements of a tenant." }, "GeneralSettings": { "type": "object", "properties": { "adminUserAuthenticationSessionLifetime": { "maximum": 3600, "minimum": 60, "type": "integer", "description": "The amount of time in seconds admin user sessions remain active without user interaction before automatically expiring. If not specified, then authenticationSessionLifetime value is used.", "format": "int32" }, "authenticationSessionLifetime": { "maximum": 28800, "minimum": 60, "type": "integer", "description": "The amount of time in seconds standard user sessions remain active without user interaction before automatically expiring. Default is 900.", "format": "int32" }, "authenticatorActivationType": { "type": "string", "description": "A setting that indicates the type of token automatically created for the user when it is created. Choices are NONE, ENTRUST_SOFT_TOKEN or GOOGLE_AUTHENTICATOR. Default is NONE.", "enum": [ "NONE", "ENTRUST_SOFT_TOKEN", "GOOGLE_AUTHENTICATOR" ] }, "corsEnabled": { "type": "boolean", "description": "A flag that indicates if CORS is enabled for this account. Deprecated, configure it through admin portal.", "deprecated": true }, "corsOrigins": { "type": "array", "description": "A list of origins that cross-origin requests are allowed from. Deprecated, configure it through admin portal.", "deprecated": true, "items": { "$ref": "#/components/schemas/CorsOrigin" } }, "defaultGrid": { "type": "boolean", "description": "A flag that indicates if a grid card is created for the user when it is created.", "default": false }, "defaultMobileSmartCredential": { "type": "boolean", "description": "A flag that indicates whether to automatically enroll a smart credential for the user when it is created. Default is false." }, "defaultPassword": { "type": "boolean", "description": "A flag that indicates if a default password is created for the user when it is created. Default is false." }, "dynamicLinkingTransactionLifetime": { "maximum": 3600, "minimum": 60, "type": "integer", "description": "The amount of time in seconds before a dynamic linking transaction expired. Default is 300.", "format": "int32" }, "enableEnhancedAuthenticationDetails": { "type": "boolean", "description": "Indicates whether to enable Enhanced Authentication Details or not.", "example": true }, "inactivityGracePeriod": { "maximum": 2592000, "minimum": 60, "type": "integer", "description": "The amount of time in seconds that administrators can grant for users.", "format": "int32", "default": 3600 }, "lockoutCount": { "maximum": 20, "minimum": 1, "type": "integer", "description": "The number of failed authentications before a user is locked out. Default is 5.", "format": "int32" }, "lockoutLifetime": { "type": "integer", "description": "The amount of time in seconds before a user lockout expires. A value of 0 means the lockout never expires. Minimum is 0. Default is 0.", "format": "int32" }, "lockoutMode": { "type": "string", "description": "The lockout mode to use for your IntelliTrust account. The AUTHENTICATOR lockout mode means a per-authenticator lockout will be enforced. When a user locks an authenticator they can no longer use that authenticator but can still use an alternative authenticator to log in. The USER lockout mode will lock out a user if any of their authenticators have been locked.", "enum": [ "AUTHENTICATOR", "USER" ] }, "manageInactiveUsers": { "type": "boolean", "description": "Indicates whether to block users who have not authenticated for a time being.", "default": false }, "maxFIDOTokensPerUser": { "maximum": 10, "minimum": 1, "type": "integer", "description": "The maximum number of FIDO tokens that a user can have. Default is 5.", "format": "int32" }, "maxFacesPerUser": { "maximum": 10, "minimum": 1, "type": "integer", "description": "The maximum number of Face Biometrics that a user can have. Default is 5.", "format": "int32" }, "maxGridsPerUser": { "maximum": 10, "minimum": 1, "type": "integer", "description": "The maximum number of grids that a user can have. Default is 5.", "format": "int32" }, "maxNumberOfPushTransactionsQueued": { "maximum": 100, "minimum": 1, "type": "integer", "description": "Maximum number of queued push transactions. Default is 1.", "format": "int32" }, "maxSmartCredentialsPerUser": { "maximum": 10, "minimum": 1, "type": "integer", "description": "The maximum number of smart credentials that a user can have. Default is 3.", "format": "int32" }, "maxTokensPerUser": { "maximum": 10, "minimum": 1, "type": "integer", "description": "The maximum number of tokens that a user can have. Default is 5.", "format": "int32" }, "pushAuthenticationLifetime": { "maximum": 3600, "minimum": 60, "type": "integer", "description": "The amount of time in seconds before a push authentication requires expires if a response is not received from the mobile application. Default is 300.", "format": "int32" }, "pushTransactionLifetime": { "maximum": 43200, "minimum": 60, "type": "integer", "description": "The amount of time in seconds that a push transaction can be queued. Default is 60.", "format": "int32" }, "showOnboardingWizard": { "type": "boolean", "description": "Indicates whether the Get Started wizard should be shown or not.", "example": true }, "smartCredentialDefn": { "type": "string", "description": "The UUID of the Smart Credential Definition to use when a user enrolls a Smart Credential." }, "userInactivityThreshold": { "maximum": 31536000, "minimum": 604800, "type": "integer", "description": "The amount of time in seconds for a user to be inactive.", "format": "int32", "default": 2592000 } }, "description": "New general settings." }, "GoogleAuthenticatorSettings": { "type": "object", "properties": { "maxResetTimeSteps": { "maximum": 1200, "minimum": 1, "type": "integer", "description": "The maximum number of 30 second timestamps that a result response is validated. Default is 120.", "format": "int32" }, "maxTimeSteps": { "maximum": 120, "minimum": 1, "type": "integer", "description": "The maximum number of 30 second timesteps over which a response is validated. The default is 10.", "format": "int32" } }, "description": "New Google Authenticator settings." }, "Grid": { "type": "object", "properties": { "allowedActions": { "type": "array", "description": "A list of what actions are currently allowed for this grid.", "items": { "type": "string", "description": "A list of what actions are currently allowed for this grid.", "enum": [ "CANCEL", "DELETE", "ENABLE", "DISABLE", "ASSIGN", "UNASSIGN" ] } }, "assignDate": { "type": "string", "description": "For unassigned grids which were assigned to the user, the date on which the grid was assigned.", "format": "date-time", "example": "2019-02-19T13:17:27Z" }, "createDate": { "type": "string", "description": "The date on which the grid was created.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "expired": { "type": "boolean", "description": "A flag indicating if this grid is currently expired." }, "expiryDate": { "type": "string", "description": "If the grid policy defines an expiry date, the date on which this grid will expire. Expired grids cannot be used for authentication.", "format": "date-time", "example": "2019-08-19T13:15:27Z" }, "gridContents": { "type": "array", "description": "The grid contents of this grid. Only administrators with the GRIDCONTENTS:VIEW permission will receive this value.", "items": { "type": "array", "description": "The grid contents of this grid. Only administrators with the GRIDCONTENTS:VIEW permission will receive this value.", "items": { "type": "string", "description": "The grid contents of this grid. Only administrators with the GRIDCONTENTS:VIEW permission will receive this value." } } }, "groups": { "type": "array", "description": "The UUIDs of groups to which this grid belongs. This value is only used for unassigned grids. Only groups to which the current administrator has access will be returned.", "items": { "type": "string", "description": "The UUIDs of groups to which this grid belongs. This value is only used for unassigned grids. Only groups to which the current administrator has access will be returned." } }, "id": { "type": "string", "description": "The unique UUID assigned to the grid when it is created." }, "lastUsedDate": { "type": "string", "description": "The date on which this grid was last used for authentication. This value will be null if the grid has never been used.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "serialNumber": { "type": "integer", "description": "The unique numeric serial number assigned to the grid when it is created.", "format": "int64" }, "state": { "type": "string", "description": "The state of this grid. Only grids in the ACTIVE or PENDING state can be used for authentication.", "enum": [ "ACTIVE", "INACTIVE", "UNASSIGNED", "PENDING", "CANCELED" ] }, "userId": { "type": "string", "description": "The UUID of the user who owns this grid. If the grid is not assigned, this value will be null.", "example": "45f5a855-962a-4b5f-b5c5-7ceeae235875" }, "userName": { "type": "string", "description": "The user Id for this user. If the grid is not assigned, this value will be null.", "example": "john.doe" } }, "description": "A Grid defines the information returned about a Grid." }, "GridAssignParms": { "type": "object", "properties": { "emailParms": { "$ref": "#/components/schemas/EmailParms" }, "response": { "type": "string", "description": "When an end user is assigning a grid to themselves, this attribute specifies a grid challenge response proving that the user has possession of the grid being assigned." }, "serialNumber": { "type": "string", "description": "When the user to which a grid is to be assigned is known, this attribute specifies the serial number of the grid that will be assigned." }, "userId": { "type": "string", "description": "When the specified grid is known, this attribute specifies the user Id or user alias of the user to which the grid will be assigned." } }, "description": "Parameters including the user id or user alias of the user to which the grid is to be assigned." }, "GridChangeStateParms": { "type": "object", "properties": { "state": { "type": "string", "description": "The new state of the grid must be ACTIVE, INACTIVE, or CANCELED. The existing state of the grid must be ACTIVE, INACTIVE or PENDING", "enum": [ "ACTIVE", "INACTIVE", "UNASSIGNED", "PENDING", "CANCELED" ] } }, "description": "The parameters specifying the new state of the grid." }, "GridCreateParms": { "type": "object", "properties": { "emailParms": { "$ref": "#/components/schemas/EmailParms" }, "gridContent": { "type": "array", "description": "If provided, the given grid contents are used for the new Grid Card. The grid contents must match the grid settings for grid size, grid cell size and cell alphabet. The administrator must have the GRIDCONTENTS:ADD permission to set the grid contents. This argument is ignored when creating unassigned grids.", "items": { "type": "array", "description": "If provided, the given grid contents are used for the new Grid Card. The grid contents must match the grid settings for grid size, grid cell size and cell alphabet. The administrator must have the GRIDCONTENTS:ADD permission to set the grid contents. This argument is ignored when creating unassigned grids.", "items": { "type": "string", "description": "If provided, the given grid contents are used for the new Grid Card. The grid contents must match the grid settings for grid size, grid cell size and cell alphabet. The administrator must have the GRIDCONTENTS:ADD permission to set the grid contents. This argument is ignored when creating unassigned grids." } } }, "groups": { "type": "array", "description": "When creating unassigned grids the list of UUIDs of groups to which the grids will belong. If not specified, the grids will not belong to any groups.", "items": { "type": "string", "description": "When creating unassigned grids the list of UUIDs of groups to which the grids will belong. If not specified, the grids will not belong to any groups." } }, "numberOfGrids": { "maximum": 1000, "minimum": 1, "type": "integer", "description": "The number of grids to create when creating unassigned grids. If not specified, it defaults to 1.", "format": "int32", "example": 1 }, "serialNumber": { "minimum": 1, "type": "integer", "description": "If provided, the given grid serial number is used for the new Grid Card.", "format": "int64", "example": 1 }, "state": { "type": "string", "description": "The state (ACTIVE, INACTIVE, or PENDING) of the new grid. If not specified, the state defaults to PENDING. This argument is ignored when creating unassigned grids.", "enum": [ "ACTIVE", "INACTIVE", "UNASSIGNED", "PENDING", "CANCELED" ] } }, "description": "Optional parameters for the grid create operation." }, "GridExport": { "type": "object", "properties": { "content": { "type": "string", "description": "Grid information formatted as a base64 encoded String. Formatting options are controlled in grid authenticator settings." } }, "description": "Parameters returned by the grid export operation." }, "GridParms": { "type": "object", "properties": { "groups": { "type": "array", "description": "When modifying unassigned grids the list of UUIDs of groups to which the grids will belong. If an empty list is provided, the unassigned grid will not belong to any groups.", "items": { "type": "string", "description": "When modifying unassigned grids the list of UUIDs of groups to which the grids will belong. If an empty list is provided, the unassigned grid will not belong to any groups." } } }, "description": "Parameters specified what is to be changed in the grid." }, "GridProperties": { "type": "object", "properties": { "maxGridGeneratePerRequest": { "type": "integer", "description": "The maximum number of unassigned grids that can be created per request.", "format": "int32" }, "maxGridTotalUnassigned": { "type": "integer", "description": "The maximum number of unassigned grids that are allowed in the system.", "format": "int32" } }, "description": "Properties specifying restrictions on how many unassigned grids can be created." }, "GridsPage": { "required": [ "results" ], "type": "object", "properties": { "paging": { "$ref": "#/components/schemas/Paging" }, "results": { "type": "array", "description": "A single page from the list of GRIDs found.", "items": { "$ref": "#/components/schemas/Grid" } } }, "description": "Contains paging information and a page of assigned grids." }, "Group": { "required": [ "name" ], "type": "object", "properties": { "attribute": { "type": "string", "description": "The attribute of this group." }, "created": { "type": "string", "description": "When the group was created.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "directoryDesynced": { "type": "boolean", "description": "Whether the directory group is desynced. Desynced groups can be deleted.", "example": false }, "externalId": { "type": "string", "description": "The externalId of this group." }, "id": { "type": "string", "description": "The UUID of this group. This value is generated when the group is created." }, "lastModified": { "type": "string", "description": "When the group was last modified.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "name": { "type": "string", "description": "The name of this group." }, "type": { "type": "string", "description": "The type of group indicating if this group was synchronized from a directory (LDAP_AD) or was created in Identity as a Service (MGMT_UI).", "example": "MGMT_UI", "enum": [ "LDAP_AD", "MGMT_UI" ] } }, "description": "Information returned about a group." }, "GroupFilter": { "type": "object", "properties": { "directoryId": { "type": "string", "description": "The UUID of the Directory the group filter belongs to.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "id": { "type": "string", "description": "The UUID of the group filter.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "name": { "type": "string", "description": "The name of the group to filter on.", "example": "Engineering" } }, "description": "A GroupFilter defines the information returned about a directory group filter." }, "GroupId": { "required": [ "id" ], "type": "object", "properties": { "id": { "type": "string", "description": "The name or externalId of a group." } }, "description": "The externalId of the group to fetch." }, "GroupParms": { "type": "object", "properties": { "attribute": { "type": "string", "description": "The optional attribute of this group. Specify an empty string to remove the existing value of the attribute." }, "externalId": { "type": "string", "description": "The optional externalId of this group. Specify an empty string to remove the existing value of the externalId." }, "name": { "type": "string", "description": "The name of this group. This value is required when creating a group." } }, "description": "Parameters including the name of the new group." }, "GroupsPage": { "required": [ "results" ], "type": "object", "properties": { "paging": { "$ref": "#/components/schemas/Paging" }, "results": { "type": "array", "description": "A single page from the list of Groups found.", "items": { "$ref": "#/components/schemas/Group" } } }, "description": "Contains paging information and a page of groups." }, "IdentityProvider": { "type": "object", "properties": { "authenticationEnabled": { "type": "boolean", "description": "A flag indicating if the external identity provider can be used for user authentication.", "example": true }, "buttonImage": { "type": "string", "description": "The URI of the logo to display on the login button for this external identity provider.", "example": "https://account.mycompany.com/images/logo.png" }, "buttonText": { "type": "string", "description": "The unique text to display on the login button for this external identity provider.", "example": "Sign in With MyCompany Co." }, "createUser": { "type": "boolean", "description": "A flag indicating if the user should be created after authenticating to the external identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true.", "example": true }, "defaultProvider": { "type": "boolean", "description": "A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time." }, "domains": { "type": "string", "description": "The space separated list of domains associated with the external identity provider for use with user authentication.", "example": "test.com sample.com" }, "id": { "type": "string", "description": "The UUID of the external identity provider.", "example": "6784549d-433c-44ea-a42f-4701458dg245" }, "issuer": { "type": "string", "description": "The issuer URI for the external OIDC identity provider or the issuer, or IDP Entity ID, for the external SAML identity provider.", "example": "https://accounts.mycompany.com" }, "name": { "type": "string", "description": "The unique name of the external identity provider.", "example": "MyCompany Co." }, "protocol": { "type": "string", "description": "The type of the external identity provider.", "example": "OIDC", "enum": [ "OIDC", "SAML" ] }, "spId": { "type": "string", "description": "The client identifier provided by the external OIDC identity provider or the SP entity ID provided to the external SAML identity provider.", "example": "client123" }, "type": { "type": "string", "description": "The type of the external identity provider.", "example": "GENERIC" }, "verificationCertificate2DN": { "type": "string", "description": "The verification certificate2 DN used with the external identity provider." }, "verificationCertificate2ExpiryDate": { "type": "string", "description": "The verification certificate2 expiry date used with the external identity provider.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "verificationCertificateDN": { "type": "string", "description": "The verification certificate DN used with the external identity provider." }, "verificationCertificateExpiryDate": { "type": "string", "description": "The verification certificate expiry date used with the external identity provider.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "verificationEnabled": { "type": "boolean", "description": "A flag indicating if the external identity provider can be used for user verification.", "example": true } }, "description": "An IdentityProvider defines the information returned about an external identity provider for use with user authentication or user verification." }, "IdentityProviderExternalGroupMapping": { "required": [ "externalGroupId", "groupId" ], "type": "object", "properties": { "externalGroupId": { "type": "string", "description": "The external group name/ID returned from the identity provider.", "example": "admin-group" }, "groupId": { "type": "string", "description": "The Authorization Group UUID this external group maps to." }, "id": { "type": "string", "description": "The UUID of the identity provider external group mapping. This value is generated once the mapping is created.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "identityProviderId": { "type": "string", "description": "The ID of the identity provider this external group mapping belongs to.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" } }, "description": "A IdentityProviderExternalGroupMapping maps a group name/ID returned from an external identity provider to an Authorization Group for matching purposes." }, "IpContext": { "required": [ "denyAccess", "riskPoint" ], "type": "object", "properties": { "allowedIpList": { "type": "string", "description": "The UUID of an existing IP List that defines IPs that can access the resource. Risk applies if the given IP address is not found in the IP List. If specified, the allowed IP List takes precedence over the denied IP List." }, "allowedIpRanges": { "type": "array", "description": "List of IP Address ranges (in CIDR notation) that are allowed access the resource. Risk applies if the given IP address is not in one of the allowed IP ranges. If specified, the allowed IP values take precedence over the denied IP values.", "items": { "type": "string", "description": "List of IP Address ranges (in CIDR notation) that are allowed access the resource. Risk applies if the given IP address is not in one of the allowed IP ranges. If specified, the allowed IP values take precedence over the denied IP values." } }, "deniedIpList": { "type": "string", "description": "The UUID of an existing IP List that defines IPs that cannot access the resource. Risk applies if the given IP address is found in the IP List. The denied IP List is ignored if an allowed IP List is specified." }, "deniedIpRanges": { "type": "array", "description": "List of IP Address ranges (in CIDR notation) that cannot access the resource. Risk applies if the given IP address is in one of the denied IP ranges. The denied IP values are ignored if allowed IP ranges are specified.", "items": { "type": "string", "description": "List of IP Address ranges (in CIDR notation) that cannot access the resource. Risk applies if the given IP address is in one of the denied IP ranges. The denied IP values are ignored if allowed IP ranges are specified." } }, "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "riskPoint": { "maximum": 100, "minimum": 0, "type": "integer", "description": "The number of risk points that apply if this context applies.", "format": "int32" }, "type": { "type": "string", "description": "The type of IpContext. If not specified, this value defaults to CUSTOM.", "enum": [ "CUSTOM", "IPLIST" ] } }, "description": "The IP context specifies allowed or denied IP address ranges or lists. Risk is applied to the authentication if the current IP address does not match an allowed IP address range/list or does match a denied IP address range/list." }, "IpLocation": { "type": "object", "properties": { "cityName": { "type": "string", "description": "The city name--always returned in upper-case." }, "countryCode": { "type": "string", "description": "A two-character (alpha-2) ISO 3166-1 country code." }, "ipAddress": { "type": "string", "description": "The IPv4 Address." }, "isp": { "type": "string", "description": "The ISP name--always returned in upper-case." }, "latitude": { "type": "number", "description": "The latitude.", "format": "float" }, "longitude": { "type": "number", "description": "The longitude.", "format": "float" }, "privateIpAddress": { "type": "boolean", "description": "Whether the IP provided is a private IP Address. The value is only available when resolving an IP address to an IpLocation." } }, "description": "The IP address for which the IP location information is to be returned." }, "Issuance": { "required": [ "serviceBundles" ], "type": "object", "properties": { "addOn": { "type": "string", "description": "Add on column to store printer cert flag" }, "consumed": { "type": "integer", "description": "The entitlements consumed since start date during a Trial period.", "format": "int32" }, "endDate": { "type": "string", "description": "The date when the Trial period will end. This value is not returned if the account status is PRODUCTION.", "format": "date-time", "example": "2019-02-19T00:00:00Z" }, "quantity": { "type": "integer", "description": "The number of print jobs allowed during the Trial period. This value is not returned if the account status is PRODUCTION.", "format": "int32", "example": 25 }, "serviceBundles": { "type": "array", "description": "The service bundles supported.", "items": { "$ref": "#/components/schemas/ServiceBundle" } }, "startDate": { "type": "string", "description": "The date when the Trial period starts. This value is not returned if the account status is PRODUCTION.", "format": "date-time", "example": "2019-02-19T00:00:00Z" } }, "description": "Issuance entitlements of a tenant." }, "IssuanceParms": { "type": "object", "properties": { "addOn": { "type": "string", "description": "Add on column to store printer cert flag" }, "endDate": { "type": "string", "description": "The date when the Trial period will end. The value must be after the start date. If specified, this value cannot be more than 30 days after start date.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "quantity": { "type": "integer", "description": "The number of print jobs allowed during the Trial period (required during creation).", "format": "int32", "example": 25, "enum": [ 25, 100 ] }, "serviceBundles": { "type": "array", "description": "The service bundles supported. At least one bundle must be defined.", "items": { "$ref": "#/components/schemas/ServiceBundle" } }, "startDate": { "type": "string", "description": "The date when the Trial period starts. This value cannot be in the future. If not specified, it defaults to the current date.", "format": "date-time", "example": "2019-02-19T13:15:27Z" } }, "description": "Parameters passed when setting the Issuance entitlements of a tenant." }, "KbaContext": { "required": [ "denyAccess" ], "type": "object", "properties": { "challengeSize": { "type": "integer", "description": "Number of questions that the user must answer. If not provided, the default QA challenge size in the KBA settings is used.", "format": "int32" }, "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "wrongAnswersAllowed": { "type": "integer", "description": "Number of questions that the user could answer incorrectly and still be considered a valid response. If not provided, the default wrong answers allowed in the KBA settings is used.", "format": "int32" } }, "description": "The KBA context allows the settings for knowledge-based authentication to be overridden for a particular resource rule. For example, a different challenge size can be specified." }, "KnowledgeBasedAuthenticator": { "required": [ "userQuestions" ], "type": "object", "properties": { "maximumNumberOfQuestions": { "type": "integer", "description": "The maximum number of questions a user can answer for KBA. If zero, then KBA is disabled. This value is not used when adding or updating a KBA. If provided, it will be ignored.", "format": "int32" }, "maximumResponseSize": { "type": "integer", "description": "The maximum number of characters in an answer. This value is not used when adding or updating a KBA. If provided, it will be ignored.", "format": "int32" }, "minimumNumberOfQuestions": { "type": "integer", "description": "The minimum number of questions a user must answer to perform KBA. Defaults to the maximum Q&A challenge size setting. This value is not used when adding or updating a KBA. If provided, it will be ignored.", "format": "int32" }, "userQuestions": { "type": "array", "description": "The list of question/answer pairs stored for a user. This is the only attribute required when adding or updating a KBA.", "items": { "$ref": "#/components/schemas/UserQuestion" } } }, "description": "KBA information stored for a user." }, "LocationContext": { "required": [ "allowed", "anonymousAllowed", "countryCodes", "denyAccess", "riskPoint" ], "type": "object", "properties": { "allowed": { "type": "boolean", "description": "If true, the list of countries defines allowed countries. If false, the list of countries defines denied countries." }, "anonymousAllowed": { "type": "boolean", "description": "If true, then allows anonymous/TOR IP addresses. If false, then denies anonymous/TOR IP addresses." }, "countryCodes": { "type": "array", "description": "List of country codes (ISO alpha-2) that can access(allowed=true) or not access (allowed=false).", "items": { "type": "string", "description": "List of country codes (ISO alpha-2) that can access(allowed=true) or not access (allowed=false)." } }, "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "riskPoint": { "maximum": 100, "minimum": 0, "type": "integer", "description": "The number of risk points that apply if this context applies.", "format": "int32" } }, "description": "The location context specifies allowed or denied country codes. Risk is applied to the authentication if the location of the current IP address does not match an allowed country or matches a disallowed country." }, "LocationHistoryContext": { "required": [ "denyAccess", "riskPoint" ], "type": "object", "properties": { "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "riskPoint": { "maximum": 100, "minimum": 0, "type": "integer", "description": "The number of risk points that apply if this context applies.", "format": "int32" } }, "description": "Location history checks to see if the location of the current IP address matches a location from a previous authentication. If the current location does not match history, risk is applied." }, "LoginFlow": { "required": [ "enabled", "loginFlowType" ], "type": "object", "properties": { "enabled": { "type": "boolean", "description": "Whether the login flow is enabled or not.", "example": true }, "loginFlowType": { "type": "string", "description": "Identifies the login flow type.", "enum": [ "USER_LOGIN", "SMART_LOGIN", "IDP_LOGIN", "PASSKEY_LOGIN", "USER_CERTIFICATE_LOGIN" ] } }, "description": "An LoginFlow defines an authentication option available in the authentication flow." }, "MachineAuthenticator": { "type": "object", "properties": { "fingerprint": { "type": "string", "description": "The device fingerprint if it's required during Machine authentication. It will always be null when returned from IDaaS as part of the response body.", "example": "{\"platform\":\"web\",\"version\":\"2.0.0\",\"attributes\":{\"osName\":\"Mac OS\"}}" }, "machineNonce": { "type": "string", "description": "machineNonce", "example": "07ZeToA3YfoATTxoU6h2x==" }, "sequenceNonce": { "type": "string", "description": "sequenceNonce", "example": "03ReToA37851tyVU8f3y==" } }, "description": "Machine authenticator required to complete authentication challenge" }, "MachineAuthenticatorRegistration": { "required": [ "label" ], "type": "object", "properties": { "fingerprint": { "type": "string", "description": "The device fingerprint. It must be a valid fingerprint as produced by Entrust SDK.", "example": "{\"platform\":\"web\",\"version\":\"2.0.0\",\"attributes\":{\"osName\":\"Mac OS\"}}" }, "label": { "type": "string", "description": "Identifies the device/machine from the end-user point of view.", "example": "MachineAuthenticatorLabel" } }, "description": "Register a machine authenticator for authentication to Identity as a Service" }, "MachineAuthenticatorRegistrationResult": { "type": "object", "properties": { "machineAuthenticator": { "$ref": "#/components/schemas/MachineAuthenticator" }, "userMachineAuthenticator": { "$ref": "#/components/schemas/UserMachineAuthenticator" } } }, "MachineContext": { "required": [ "denyAccess", "riskLimit", "riskPoint" ], "type": "object", "properties": { "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "riskLimit": { "type": "integer", "description": "The risk points apply if the machine authenticator risk is below or equal to this value.", "format": "int32" }, "riskPoint": { "maximum": 100, "minimum": 0, "type": "integer", "description": "The number of risk points that apply if this context applies.", "format": "int32" } }, "description": "Represents a Machine Authenticator authentication context. When defined, a Machine Authentication authenticator is expected in the authentication request. Risk will apply if the machine authentication authenticator is not present or if the risk for the machine authentication authentication is greater than the risk limit define for the Machine context." }, "MagicLink": { "type": "object", "properties": { "created": { "type": "string", "description": "The date and time the Magic Link was created.", "format": "date-time", "example": "2023-10-01T12:00:00Z" }, "email": { "type": "string", "description": "The email address the Magic Link was delivered to." }, "expiry": { "type": "string", "description": "The date and time the Magic Link will expire.", "format": "date-time", "example": "2023-10-01T12:30:00Z" }, "redirectUrl": { "type": "string", "description": "The redirect URL to be used after the Magic Link is clicked.", "example": "https://example.com/redirect" }, "type": { "type": "string", "description": "The type of Magic Link that was sent.", "example": "AUTHENTICATION/REGISTRATION/PASSWORD_RESET." } }, "description": "Magic Link authenticator information." }, "MagicLinkCreateParms": { "type": "object", "properties": { "autoSend": { "type": "boolean", "description": "Automatically send the Magic Link if the user has a default email or one is specified that matches a configured email.", "example": true }, "email": { "type": "string", "description": "The email to send the Magic Link to if it exists.", "example": "support@mycompany.com" }, "redirectUrl": { "type": "string", "description": "Automatically redirect the user to an external URL after completing registration or password reset. The URL must match one of the allowed URLs.", "example": "https://mycompany.com" }, "type": { "type": "string", "description": "The type of magic link to create. If not specified, defaults to REGISTRATION.", "example": "REGISTRATION/PASSWORD_RESET" } }, "description": "Magic link Parameters for a user." }, "MagicLinkResponse": { "type": "object", "properties": { "expiryDate": { "type": "string", "description": "Expiry date of the Magic Link.", "format": "date-time", "example": "2023-01-01T12:12:12Z" }, "url": { "type": "string", "description": "The generated Magic Link. This value will only be returned if the administrator has the MAGICLINKCONTENTS:VIEW permission and autoSend is set to false.", "example": "https://mycompany.com/#/?magicToken=1a2b3c4d5e6f7g8h9i" } }, "description": "Parameters returned from the create Magic Link operation." }, "MobileFlashPass": { "type": "object", "properties": { "consumed": { "type": "integer", "description": "The entitlements consumed since start date during the entitlement period.", "format": "int32" }, "endDate": { "type": "string", "description": "The date when the entitlement will end.", "format": "date-time", "example": "2020-02-19T00:00:00Z" }, "quantity": { "type": "integer", "description": "The number of FlashPass claims allowed during the period.", "format": "int32", "example": 1000 }, "startDate": { "type": "string", "description": "The date when the entitlement starts.", "format": "date-time", "example": "2019-02-19T00:00:00Z" } }, "description": "MobileFlashPass entitlements of a tenant." }, "ModifiedEntityAttribute": { "type": "object", "properties": { "name": { "type": "string", "description": "The name of the attribute." }, "newValue": { "type": "string", "description": "The new value of the attribute." }, "oldValue": { "type": "string", "description": "The old value of the attribute." } }, "description": "Information about an attribute that was modified for an entity." }, "OAuthRole": { "required": [ "ancestorIds", "descendantIds", "id", "inheritedResourceServerScopeIds", "name", "resourceServerScopeIds" ], "type": "object", "properties": { "ancestorIds": { "type": "array", "description": "The set of ancestor oauth role ids.", "items": { "type": "string", "description": "The set of ancestor oauth role ids." } }, "descendantIds": { "type": "array", "description": "The set of descendant oauth role ids.", "items": { "type": "string", "description": "The set of descendant oauth role ids." } }, "description": { "type": "string", "description": "The description of this oauth role." }, "id": { "type": "string", "description": "The UUID of this oauth role. This value is generated when the oauth role is created." }, "inheritedResourceServerScopeIds": { "type": "array", "description": "The set of resource server scopes ids associated with this oauth role based on inheritance from its ancestors.", "items": { "type": "string", "description": "The set of resource server scopes ids associated with this oauth role based on inheritance from its ancestors." } }, "name": { "type": "string", "description": "The name of this oauth role." }, "parentId": { "type": "string", "description": "The UUID of the parent of this oauth role, if one exists." }, "resourceServerScopeIds": { "type": "array", "description": "The set of resource server scopes ids associated with this oauth role.", "items": { "type": "string", "description": "The set of resource server scopes ids associated with this oauth role." } } }, "description": "A list of all oauth roles to which this user belongs." }, "OTP": { "type": "object", "properties": { "exp": { "type": "integer", "description": "The authorization token expiry time.", "format": "int64" }, "otp": { "type": "string", "description": "The OTP." }, "otpDeliveryType": { "type": "string", "description": "The OTP delivery type used. The value is null if OTP delivery was not performed", "enum": [ "EMAIL", "SMS", "VOICE", "WECHAT", "WHATSAPP" ] }, "otpExpiryDate": { "type": "string", "description": "The OTP Expiry Date.", "format": "date-time", "example": "2019-02-19T13:17:27Z" }, "token": { "type": "string", "description": "The authorization token representing the OTP authentication challenge to complete." } }, "description": "An OTP defines the information returned about an OTP." }, "OTPAuthenticatorSettings": { "type": "object", "properties": { "defaultDeliveryEnabled": { "type": "boolean", "description": "Indicates whether client applications can delivery OTP to default delivery contact or can enforce users to choose an OTP delivery.", "example": true }, "deliveryMethods": { "type": "array", "description": "The allowed OTP delivery mechanisms in order of preference. Default is SMS, followed by Email, and Voice. ", "deprecated": true, "items": { "$ref": "#/components/schemas/OTPDeliveryMethod" } }, "includeOtpExpiryDate": { "type": "boolean", "description": "Indicates whether the OTP expiry date will be included in the OTP SMS message", "example": true }, "otpAlphabet": { "type": "string", "description": "Characters that can appear in a RANDOM OTP. Can contain any non-whitespace character. Default is all digits. " }, "otpDefaultDelivery": { "type": "string", "description": "The default OTP delivery mechanism. This attribute is deprecated, use the deliveryMethods attribute.", "deprecated": true, "enum": [ "EMAIL", "SMS", "VOICE", "WECHAT", "WHATSAPP", "NONE" ] }, "otpDefaultDeliveryAttribute": { "type": "string", "description": "Id of the default OTP delivery attribute. Deprecated : Use default attribute specific to delivery mechanism instead eg. otpSmsDefaultDeliveryAttribute, otpEmailDefaultDeliveryAttribute", "example": "360e0c3d-27d7-405b-81db-0524fa8f41bd", "deprecated": true }, "otpDeliveryPreference": { "type": "array", "description": "Indicates the order preference to use for OTP delivery.", "items": { "$ref": "#/components/schemas/OTPPreferenceDetails" } }, "otpEmailDefaultDeliveryAttribute": { "type": "string", "description": "Id of the default Email OTP delivery attribute.", "example": "360e0c3d-27d7-405b-81db-0524fa8f41bd", "deprecated": true }, "otpLength": { "maximum": 100, "minimum": 4, "type": "integer", "description": "The length of an OTP. Default is 8.", "format": "int32" }, "otpLifetime": { "maximum": 3600, "minimum": 60, "type": "integer", "description": "The lifetime of an OTP in seconds. Default is 300.", "format": "int32" }, "otpSMSFormat": { "type": "string", "description": "The format of SMS messages when delivering an OTP SMS message. Default is SERVICENAME_OTP.", "enum": [ "SERVICENAME_OTP", "OTP_SERVICENAME" ] }, "otpSmsDefaultDeliveryAttribute": { "type": "string", "description": "Id of the default SMS OTP delivery attribute.", "example": "360e0c3d-27d7-405b-81db-0524fa8f41bd", "deprecated": true }, "otpType": { "type": "string", "description": "The type of OTP generated. Choices are RANDOM or MEMO_PASSCODE. Default is RANDOM", "enum": [ "RANDOM", "MEMO_PASSCODE" ] }, "otpVoiceDefaultDeliveryAttribute": { "type": "string", "description": "Id of the default Voice OTP delivery attribute.", "example": "360e0c3d-27d7-405b-81db-0524fa8f41bd", "deprecated": true }, "otpWechatDefaultDeliveryAttribute": { "type": "string", "description": "Id of the default Wechat OTP delivery attribute.", "example": "360e0c3d-27d7-405b-81db-0524fa8f41bd", "deprecated": true }, "otpWhatsappDefaultDeliveryAttribute": { "type": "string", "description": "Id of the default Whatsapp OTP delivery attribute.", "example": "360e0c3d-27d7-405b-81db-0524fa8f41bd", "deprecated": true }, "showOtpDeliveryContact": { "type": "boolean", "description": "Indicates whether masked OTP contact attribute values are included in authentication API." } }, "description": "New OTP authenticator settings." }, "OTPCreateParms": { "required": [ "applicationId", "userId" ], "type": "object", "properties": { "applicationId": { "type": "string", "description": "Unique identifier of the Identity as a Service Authentication API application", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "clientIp": { "type": "string", "description": "Provided client IP address." }, "deliverOTP": { "type": "boolean", "description": "Whether to deliver the OTP. If not specified, this defaults to true." }, "otpDeliveryType": { "type": "string", "description": "Defines how a user receives their one-time passcode (Email, Text message (SMS), or Voice message (VOICE)).", "example": "EMAIL/SMS/VOICE", "enum": [ "EMAIL", "SMS", "VOICE", "WECHAT", "WHATSAPP" ] }, "returnOTP": { "type": "boolean", "description": "Whether to return the OTP. If not specified, this defaults to false." }, "transactionDetails": { "type": "array", "description": "Defines transaction details to be associated with the OTP.", "items": { "$ref": "#/components/schemas/TransactionDetail" } }, "userId": { "type": "string", "description": "User ID (containing the user ID or a user alias) of the Identity as a Service user the OTP is being created for.", "example": "alice" } }, "description": "The OTP to create." }, "OTPDeliveryMethod": { "type": "object", "properties": { "enabled": { "type": "boolean", "description": "Whether the method is enabled.", "example": true }, "name": { "type": "string", "description": "The OTP delivery method type.", "example": "EMAIL", "enum": [ "EMAIL", "SMS", "VOICE", "WECHAT", "WHATSAPP" ] } }, "description": "OTPDeliveryMethod" }, "OTPPreferenceDetails": { "required": [ "type" ], "type": "object", "properties": { "contactAttributes": { "type": "array", "description": "A list of uuids of the otp contact attributes in order which indicates the OTP contacts preference.", "items": { "type": "string", "description": "A list of uuids of the otp contact attributes in order which indicates the OTP contacts preference." } }, "type": { "type": "string", "description": "Indicates the type of the otp preference details.", "example": "SMS", "enum": [ "EMAIL", "SMS", "VOICE", "WECHAT", "WHATSAPP", "NONE" ] } }, "description": "Settings that control the behavior of OTP authentication." }, "OTPVerificationAuthenticateResponse": { "required": [ "attemptsLeft", "challengeId", "success" ], "type": "object", "properties": { "attemptsLeft": { "type": "integer", "description": "The number of attempts left for authentication failure", "format": "int32", "example": 5 }, "challengeId": { "type": "string", "description": "The challenge Id of the user's input", "example": "74750999-a59f-4b84-aa26-687d36f5001f" }, "errorCode": { "type": "string", "description": "The error message during the authentication", "example": "invalid_otp" }, "success": { "type": "boolean", "description": "A boolean value which indicates if the authentication is successful", "example": true } }, "description": "Response from contact verification" }, "OTPVerificationAuthenticateValue": { "required": [ "challengeId", "challengeResponse" ], "type": "object", "properties": { "challengeId": { "type": "string", "description": "The unique challenge response identifier used for authentication", "example": "74750999-a59f-4b84-aa26-687d36f5001f" }, "challengeResponse": { "type": "string", "description": "The otp response", "example": "0000" } }, "description": "Information passed in when authenticating the contact verification challenge." }, "OTPVerificationChallengeResponse": { "required": [ "challengeId" ], "type": "object", "properties": { "challengeId": { "type": "string", "description": "The unique challenge response identifier which will be used for authentication.", "example": "74750999-a59f-4b84-aa26-687d36f5001f" } }, "description": "Challenge response returned by the contact verification challenge request" }, "OTPVerificationChallengeValue": { "required": [ "type", "value" ], "type": "object", "properties": { "type": { "type": "string", "description": "Type of contact delivery. Only supported for OTP contact attributes.", "example": "OTP_EMAIL", "enum": [ "NONE", "OTP_EMAIL", "OTP_SMS", "OTP_VOICE", "OTP_WECHAT", "OTP_WHATSAPP" ] }, "value": { "type": "string", "description": "The exact email or phone number that the OTP will be sent to.", "example": "example@mycompany.com" } }, "description": "Information passed when sending contact verification challenge request" }, "OidcConfigurationParms": { "required": [ "issuerUrl" ], "type": "object", "properties": { "issuerUrl": { "type": "string", "description": "The issuer URL of the OIDC/OAuth identity provider.", "example": "https://entrust.us.trustedauth.com/api/oidc" } }, "description": "OidcConfigurationParms" }, "OidcConfigurationResponse": { "type": "object", "properties": { "authorizationEndpoint": { "type": "string", "description": "The authorization endpoint of the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/authorize" }, "claimsSupported": { "type": "array", "description": "A list of claims supported by the external OIDC identity provider.", "items": { "type": "string", "description": "A list of claims supported by the external OIDC identity provider." } }, "jwksUri": { "type": "string", "description": "The JWKS URI endpoint of the external OIDC identity provider used to verify a token signature.", "example": "https://account.mycompany.com/oauth/keys" }, "requireUserinfoSignature": { "type": "boolean", "description": "A flag indicating if the user information endpoint of the external OIDC identity provider should be signed and verified.", "example": true }, "revocationEndpoint": { "type": "string", "description": "The revocation endpoint of the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/revoke" }, "scopesSupported": { "type": "array", "description": "A list of scopes supported by the external OIDC identity provider.", "example": "openid email profile", "items": { "type": "string", "description": "A list of scopes supported by the external OIDC identity provider.", "example": "openid email profile" } }, "tokenEndpoint": { "type": "string", "description": "The token endpoint of the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/token" }, "userinfoEndpoint": { "type": "string", "description": "The user information endpoint of the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/userinfo" } }, "description": "An OidcConfigurationResponse defines the external OpenID Connect identity provider configuration." }, "OidcIdentityProvider": { "type": "object", "properties": { "acrValues": { "type": "string", "description": "The space separated list of authentication context request values to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "level1 level2" }, "amrValues": { "type": "string", "description": "The space separated list of authentication method request values to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "level1 level2" }, "authenticationEnabled": { "type": "boolean", "description": "A flag indicating if the external OIDC identity provider can be used for user authentication.", "example": true }, "authorizationEndpoint": { "type": "string", "description": "The authorization endpoint for the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/authorize" }, "buttonImage": { "type": "string", "description": "The URI of the logo to display on the login button for this external OIDC identity provider.", "example": "https://account.mycompany.com/images/logo.png" }, "buttonText": { "type": "string", "description": "The unique text to display on the login button for this external OIDC identity provider.", "example": "Sign in With MyCompany Co." }, "clientAuthenticationMethod": { "type": "string", "description": "The client authentication method to use with the external OIDC identity provider.", "example": "ClientAuthenticationMethod.CLIENT_SECRET_BASIC", "enum": [ "CLIENT_SECRET_BASIC", "CLIENT_SECRET_POST" ] }, "clientId": { "type": "string", "description": "The client identifier provided by the external OIDC identity provider.", "example": "client123" }, "clientSecret": { "type": "string", "description": "The client secret provided by the external OIDC identity provider. Currently this value is not returned.", "example": "cl1en7S3cr3t!" }, "createUser": { "type": "boolean", "description": "A flag indicating if the user should be created after authenticating to the external OIDC identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true.", "example": true }, "defaultProvider": { "type": "boolean", "description": "A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time." }, "domains": { "type": "string", "description": "The space separated list of domains associated with the external OIDC identity provider for use with user authentication.", "example": "test.com sample.com" }, "externalGroupMappings": { "type": "array", "description": "The association between a group claim returned from the external OIDC identity provider and authorization groups. This mapping is used to associate OIDC identity provider external groups when a user is created or modified based on user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true and groupMapping is present.", "items": { "$ref": "#/components/schemas/IdentityProviderExternalGroupMapping" } }, "fields": { "type": "string", "description": "The value of user fields that need to be set the external OIDC identity provider when acquiring user information. This value is used with a TWITTER IDP.", "example": "email,name,first_name,last_name" }, "groupIds": { "type": "array", "description": "The UUIDs of groups that will be assigned to users created after an external OIDC identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value is used if createUser is true.", "items": { "type": "string", "description": "The UUIDs of groups that will be assigned to users created after an external OIDC identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value is used if createUser is true." } }, "groupMapping": { "type": "string", "description": "The association between a specified claim returned from the external OIDC identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true." }, "id": { "type": "string", "description": "The UUID of the external OIDC identity provider.", "example": "6784549d-433c-44ea-a42f-4701458dg245" }, "idTokenClaims": { "type": "string", "description": "The space separated list of id token claims to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "groups upn" }, "issuer": { "type": "string", "description": "The issuer URI for the external OIDC identity provider.", "example": "https://accounts.mycompany.com" }, "jwksUri": { "type": "string", "description": "The JWKS URI endpoint for the external OIDC identity provider used to verify a token signature.", "example": "https://account.mycompany.com/oauth/discovery/keys" }, "maxAge": { "maximum": 2592000, "minimum": -1, "type": "integer", "description": "The max age to request as part of the external OIDC identity provider user authentication or user verification request. If -1, the value will not be included in the request.", "format": "int32", "example": 300 }, "name": { "type": "string", "description": "The unique name of the external OIDC identity provider.", "example": "MyCompany Co." }, "organizationIds": { "type": "array", "description": "The UUIDs of organizations that will be assigned to users created after an external OIDC identity provider user authentication. If configured, the full set of organizations must be configured. This value is used if createUser is true.", "items": { "type": "string", "description": "The UUIDs of organizations that will be assigned to users created after an external OIDC identity provider user authentication. If configured, the full set of organizations must be configured. This value is used if createUser is true." } }, "requireUserinfoSignature": { "type": "boolean", "description": "A flag indicating if the user information endpoint of the external OIDC identity provider should be signed and verified.", "example": true }, "revocationEndpoint": { "type": "string", "description": "The revocation endpoint for the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/revoke" }, "roleId": { "type": "string", "description": "The UUID of the role that will be assigned to users created after an external OIDC identity provider user authentication. An empty string means the user will not be assigned a role by default. This role acts as the default if role mapping is empty. This value can only be set if createUser is true." }, "roleMapping": { "type": "string", "description": "The association between a specified claim returned from the external OIDC identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true." }, "scopes": { "type": "string", "description": "The space separated list of scopes to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "openid email" }, "tokenEndpoint": { "type": "string", "description": "The token endpoint for the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/token" }, "type": { "type": "string", "description": "The type of the external OIDC identity provider. Once created, this value cannot be updated.", "example": "FACEBOOK", "enum": [ "FACEBOOK", "GENERIC", "GOOGLE", "IDV", "MICROSOFT", "SP", "TWITTER" ] }, "updateUser": { "type": "boolean", "description": "A flag indicating if the user should be updated after authenticating to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true.", "example": true }, "updateUserVerification": { "type": "boolean", "description": "A flag indicating if the user should be updated after user verification to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if verificationEnabled is true.", "example": true }, "userAttributeId": { "type": "string", "description": "The IDaaS user attribute ID used to find IDaaS users associated with an external OIDC identity provider user authentication. This value is used if authenticationEnabled is true." }, "userAttributeMappings": { "type": "array", "description": "The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value is used if createUser, updateUser, or updateVerificationUser is true.", "items": { "$ref": "#/components/schemas/OidcIdentityProviderAttributeMapping" } }, "userAuthMatchMappings": { "type": "array", "description": "The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user authentication. If configured, the full set of mappings must be configured. This value is used if authenticationEnabled is true.", "items": { "$ref": "#/components/schemas/OidcIdentityProviderUserAuthMatchMapping" } }, "userClaim": { "type": "string", "description": "The external OIDC identity provider claim used to find IDaaS users associated with an external OIDC identity provider user authentication. This value is used if authenticationEnabled is true." }, "userVerMatchMappings": { "type": "array", "description": "The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value is used if verificationEnabled is true.", "items": { "$ref": "#/components/schemas/OidcIdentityProviderUserVerMatchMapping" } }, "userinfoClaims": { "type": "string", "description": "The space separated list of user information claims to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "groups upn" }, "userinfoEndpoint": { "type": "string", "description": "The user information endpoint for the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/userinfo" }, "verificationEnabled": { "type": "boolean", "description": "A flag indicating if the external OIDC identity provider can be used for user verification.", "example": true } }, "description": "An OidcIdentityProvider defines the information returned about an external OpenID Connect identity provider for use with user authentication or user verification." }, "OidcIdentityProviderAttributeMapping": { "required": [ "claim", "userAttributeId" ], "type": "object", "properties": { "claim": { "type": "string", "description": "The name of the claim being mapped. This value must be provided when creating or modifying an attribute mapping.", "example": "email" }, "id": { "type": "string", "description": "The UUID of the OIDC identity provider attribute mapping.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "oidcIdentityProviderId": { "type": "string", "description": "The UUID of the OIDC identity provider the attribute mapping belongs to.", "example": "6881549d-433c-44ea-a42f-4705c26f3245" }, "userAttribute": { "$ref": "#/components/schemas/UserAttribute" }, "userAttributeId": { "type": "string", "description": "The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying an attribute mapping.", "example": "6981549d-433c-44ea-a42f-4705c26f3245" } }, "description": "An OidcIdentityProviderAttributeMapping maps a claim returned from an external OIDC identity provider user authentication or user verification to an IDaaS user attribute." }, "OidcIdentityProviderParms": { "type": "object", "properties": { "acrValues": { "type": "string", "description": "The space separated list of authentication context request values to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "level1 level2" }, "amrValues": { "type": "string", "description": "The space separated list of authentication method request values to request as part of the external OIDC identity provider user authentication or user verification request. This is required when creating an IDV IDP.", "example": "level1 level2" }, "authenticationEnabled": { "type": "boolean", "description": "A flag indicating if the external OIDC identity provider can be used for user authentication. If enabled, userAttributeId and userClaim are required.", "example": true, "default": false }, "authorizationEndpoint": { "type": "string", "description": "The authorization endpoint for the external OIDC identity provider. This value is required when creating an IDP.", "example": "https://account.mycompany.com/oauth/authorize" }, "buttonImage": { "type": "string", "description": "The URI of the logo to display on the login button for this external OIDC identity provider.", "example": "https://account.mycompany.com/images/logo.png" }, "buttonText": { "type": "string", "description": "The unique text to display on the login button for this external OIDC identity provider. This value is required when creating an IDP.", "example": "Sign in With MyCompany Co." }, "clientAuthenticationMethod": { "type": "string", "description": "The client authentication method to use with the external OIDC identity provider. The default value is ClientAuthenticationMethod.CLIENT_SECRET_BASIC.", "example": "ClientAuthenticationMethod.CLIENT_SECRET_BASIC", "enum": [ "CLIENT_SECRET_BASIC", "CLIENT_SECRET_POST" ] }, "clientId": { "type": "string", "description": "The client identifier provided by the external OIDC identity provider. This value is required when creating an IDP.", "example": "client123" }, "clientSecret": { "type": "string", "description": "The client secret provided by the external OIDC identity provider. This value is required when creating an IDP.", "example": "cl1en7S3cr3t!" }, "createUser": { "type": "boolean", "description": "A flag indicating if the user should be created after authenticating to the external OIDC identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true.", "example": true, "default": false }, "defaultProvider": { "type": "boolean", "description": "A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time." }, "domains": { "type": "string", "description": "The space separated list of domains associated with the external OIDC identity provider for use with user authentication.", "example": "test.com sample.com" }, "externalGroupMappings": { "type": "array", "description": "The association between a group claim returned from the external OIDC identity provider and authorization groups. This mapping is used to associate OIDC identity provider external groups when a user is created or modified based on user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true and groupMapping is present.", "items": { "$ref": "#/components/schemas/IdentityProviderExternalGroupMapping" } }, "fields": { "type": "string", "description": "The value of user fields that need to be set the external OIDC identity provider when acquiring user information. This value is required when creating a TWITTER IDP.", "example": "email,name,first_name,last_name" }, "groupIds": { "type": "array", "description": "The UUIDs of groups that will be assigned to users created after an external OIDC identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value can only be set if createUser is true.", "items": { "type": "string", "description": "The UUIDs of groups that will be assigned to users created after an external OIDC identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value can only be set if createUser is true." } }, "groupMapping": { "type": "string", "description": "The association between a specified claim returned from the external OIDC identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true." }, "idTokenClaims": { "type": "string", "description": "The space separated list of id token claims to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "groups upn" }, "issuer": { "type": "string", "description": "The issuer URI for the external OIDC identity provider. This value is required when creating an IDP.", "example": "https://accounts.mycompany.com" }, "jwksUri": { "type": "string", "description": "The JWKS URI endpoint for the external OIDC identity provider used to verify a token signature. This value is required when creating an IDP except for TWITTER.", "example": "https://account.mycompany.com/oauth/discovery/keys" }, "maxAge": { "maximum": 2592000, "minimum": -1, "type": "integer", "description": "The max age to request as part of the external OIDC identity provider user authentication or user verification request. If -1, the value will not be included in the request.", "format": "int32", "example": 300, "default": -1 }, "name": { "type": "string", "description": "The unique name of the external OIDC identity provider. This value is required when creating an IDP.", "example": "MyCompany Co." }, "organizationIds": { "type": "array", "description": "The UUIDs of organizations that will be assigned to users created after an external OIDC identity provider user authentication. If configured, the full set of organizations must be configured. This value can only be set if createUser is true.", "items": { "type": "string", "description": "The UUIDs of organizations that will be assigned to users created after an external OIDC identity provider user authentication. If configured, the full set of organizations must be configured. This value can only be set if createUser is true." } }, "requireUserinfoSignature": { "type": "boolean", "description": "A flag indicating if the user information endpoint of the external OIDC identity provider should be signed and verified.", "example": true, "default": false }, "revocationEndpoint": { "type": "string", "description": "The revocation endpoint for the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/revoke" }, "roleId": { "type": "string", "description": "The UUID of the role that will be assigned to users created after an external OIDC identity provider user authentication. An empty string means the user will not be assigned a role by default. This role acts as the default if role mapping is empty. This value can only be set if createUser is true." }, "roleMapping": { "type": "string", "description": "The association between a specified claim returned from the external OIDC identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true." }, "scopes": { "type": "string", "description": "The space separated list of scopes to request as part of the external OIDC identity provider user authentication or user verification request. This value is required when creating an IDP except for TWITTER.", "example": "openid email" }, "tokenEndpoint": { "type": "string", "description": "The token endpoint for the external OIDC identity provider. This value is required when creating an IDP.", "example": "https://account.mycompany.com/oauth/token" }, "type": { "type": "string", "description": "The type of the external OIDC identity provider. Once created, this value cannot be updated. This value is required when creating an IDP.", "example": "FACEBOOK", "enum": [ "FACEBOOK", "GENERIC", "GOOGLE", "IDV", "MICROSOFT", "SP", "TWITTER" ] }, "updateUser": { "type": "boolean", "description": "A flag indicating if the user should be updated after authenticating to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true.", "example": true, "default": false }, "updateUserVerification": { "type": "boolean", "description": "A flag indicating if the user should be updated after user verification to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if verificationEnabled is true.", "example": true, "default": false }, "userAttributeId": { "type": "string", "description": "The IDaaS user attribute ID used to find IDaaS users associated with an external OIDC identity provider user authentication. This value can only be set if authenticationEnabled is true." }, "userAttributeMappings": { "type": "array", "description": "The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if createUser, updateUser, or updateVerificationUser is true.", "items": { "$ref": "#/components/schemas/OidcIdentityProviderAttributeMapping" } }, "userAuthMatchMappings": { "type": "array", "description": "The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user authentication. If configured, the full set of mappings must be configured. This value can only be set if authenticationEnabled is true.", "items": { "$ref": "#/components/schemas/OidcIdentityProviderUserAuthMatchMapping" } }, "userClaim": { "type": "string", "description": "The external OIDC identity provider claim used to find IDaaS users associated with an external OIDC identity provider user authentication. This value can only be set if authenticationEnabled is true." }, "userVerMatchMappings": { "type": "array", "description": "The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if verificationEnabled is true.", "items": { "$ref": "#/components/schemas/OidcIdentityProviderUserVerMatchMapping" } }, "userinfoClaims": { "type": "string", "description": "The space separated list of user information claims to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "groups upn" }, "userinfoEndpoint": { "type": "string", "description": "The user information endpoint for the external OIDC identity provider.", "example": "https://account.mycompany.com/oauth/userinfo" }, "verificationEnabled": { "type": "boolean", "description": "A flag indicating if the external OIDC identity provider can be used for user verification. If enabled, userVerMatchMappings is required.", "example": true, "default": false } }, "description": "An OidcIdentityProviderParms defines the information passed to Identity as a Service when creating or modifying an external OpenID Connect identity provider for use with user authentication or user verification." }, "OidcIdentityProviderUserAuthMatchMapping": { "required": [ "claim", "userAttributeId" ], "type": "object", "properties": { "claim": { "type": "string", "description": "The name of the claim being mapped. This value must be provided when creating or modifying a user authentication match mapping.", "example": "email" }, "id": { "type": "string", "description": "The UUID of the OIDC identity provider user authentication match mapping.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "oidcIdentityProviderId": { "type": "string", "description": "The UUID of the OIDC identity provider the user authentication match mapping belongs to.", "example": "6881549d-433c-44ea-a42f-4705c26f3245" }, "userAttribute": { "$ref": "#/components/schemas/UserAttribute" }, "userAttributeId": { "type": "string", "description": "The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying a user authentication match mapping.", "example": "6981549d-433c-44ea-a42f-4705c26f3245" } }, "description": "An OidcIdentityProviderUserAuthMatchMapping maps a claim returned from an external OIDC identity provide user authentication to an IDaaS User user attribute for matching purposes." }, "OidcIdentityProviderUserVerMatchMapping": { "required": [ "claim", "userAttributeId" ], "type": "object", "properties": { "claim": { "type": "string", "description": "The name of the claim being mapped. This value must be provided when creating or modifying a user verification match mapping.", "example": "email" }, "id": { "type": "string", "description": "The UUID of the OIDC identity provider user verification match mapping.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "oidcIdentityProviderId": { "type": "string", "description": "The UUID of the OIDC identity provider the user verification match mapping belongs to.", "example": "6881549d-433c-44ea-a42f-4705c26f3245" }, "userAttribute": { "$ref": "#/components/schemas/UserAttribute" }, "userAttributeId": { "type": "string", "description": "The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying a user verification match mapping.", "example": "6981549d-433c-44ea-a42f-4705c26f3245" } }, "description": "An OidcIdentityProviderUserVerMatchMapping maps a claim returned from an external OIDC identity provide user verification to an IDaaS User user attribute for matching purposes." }, "OrderByAttribute": { "required": [ "ascending", "name" ], "type": "object", "properties": { "ascending": { "type": "boolean", "description": "Identifies whether to order results in ascending order." }, "name": { "type": "string", "description": "Identifies the attribute." } }, "description": "An attribute used to sort the result from a search." }, "Organization": { "required": [ "displayName", "id", "name" ], "type": "object", "properties": { "description": { "type": "string", "description": "The description of the organization." }, "displayName": { "type": "string", "description": "The display name of the organization." }, "id": { "type": "string", "description": "The unique UUID assigned to the organization when it is created." }, "logoUri": { "type": "string", "description": "The URI of the logo to display when showing organizations.", "example": "https://account.mycompany.com/images/logo.png" }, "name": { "type": "string", "description": "The name of the organization." } }, "description": "Organization defines the attributes of an organization used in B2B scenarios." }, "OrganizationPage": { "required": [ "results" ], "type": "object", "properties": { "paging": { "$ref": "#/components/schemas/Paging" }, "results": { "type": "array", "description": "A single page from the list of Organizations found.", "items": { "$ref": "#/components/schemas/Organization" } } }, "description": "Contains paging information and a page of organizations." }, "OrganizationParms": { "type": "object", "properties": { "description": { "type": "string", "description": "The description of the organization." }, "displayName": { "type": "string", "description": "The display name of the organization. This value must be provided when creating an organization." }, "logoUri": { "type": "string", "description": "The URI of the logo to display when showing organizations.", "example": "https://account.mycompany.com/images/logo.png" }, "name": { "type": "string", "description": "The name of the organization. This value must be provided when creating an organization." } }, "description": "Parameters defining the new organization." }, "Paging": { "required": [ "limit" ], "type": "object", "properties": { "limit": { "maximum": 100, "minimum": 1, "type": "integer", "description": "The page limit used (1-100)", "format": "int32" }, "nextCursor": { "type": "string", "description": "The cursor pointing to the next page." }, "prevCursor": { "type": "string", "description": "The cursor pointing to the previous page." } }, "description": "Contains navigation information." }, "PasswordResetSettings": { "type": "object", "properties": { "allowIgnoreIpAddressForRba": { "type": "boolean", "description": "Flag indicates if ignore ip address for rba will be allowed or not." }, "authenticators": { "type": "array", "description": "The list of second factor authenticator types that can be used during a password reset operation.", "example": [ "OTP", "TOKEN" ], "items": { "type": "string", "description": "The list of second factor authenticator types that can be used during a password reset operation.", "example": "[\"OTP\",\"TOKEN\"]", "enum": [ "MACHINE", "PASSWORD", "EXTERNAL", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "SMARTCREDENTIALPUSH", "PASSWORD_AND_SECONDFACTOR", "SMART_LOGIN", "IDP", "PASSKEY", "IDP_AND_SECONDFACTOR", "USER_CERTIFICATE", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "challengeSize": { "type": "integer", "description": "For a KBA authenticator, it is the number of questions that the user must answer--not supported if these settings are part of a Group Policy (not the Global Policy).", "format": "int32", "example": 4, "deprecated": true }, "emailAccount": { "type": "boolean", "description": "Indicates whether an email should be sent to notify the user account has been locked, unlocked, or an attempt of unlock has occurred.", "example": false }, "emailOtpEnabled": { "type": "boolean", "description": "Indicates if OTP can be sent to email.", "example": true }, "enabled": { "type": "boolean", "description": "Indicates whether password reset is enabled.", "example": true }, "groups": { "type": "array", "description": "Groups that can perform a password reset operation--not supported if these settings are part of a Group Policy (not the Global Policy).", "deprecated": true, "items": { "$ref": "#/components/schemas/Group" } }, "id": { "type": "string", "description": "ID of the password reset settings." }, "namedPasswordId": { "type": "string", "description": "The ID of the named password." }, "twoSecondFactorRequired": { "type": "boolean", "description": "Indicates whether two forms of second factor authentication must be completed before a password reset operation can be done.", "example": true }, "unlockAccount": { "type": "boolean", "description": "Indicates whether the user account should be unlocked after a password reset operation is completed.", "example": false }, "version": { "type": "integer", "description": "Indicates the version of this model.", "format": "int32", "example": 1 }, "wrongAnswersAllowed": { "type": "integer", "description": "For a KBA authenticator, it is the number of questions that the user could answer incorrectly and still be considered a valid response--not supported if these settings are part of a Group Policy (not the Global Policy).", "format": "int32", "example": 1, "deprecated": true } }, "description": "Settings used to manage the Password Reset functionality." }, "PayToPrint": { "type": "object", "properties": { "addOn": { "type": "string", "description": "Add on column to store PayToPrint addon" }, "consumed": { "type": "integer", "description": "The entitlements consumed since start date during the entitlement period.", "format": "int32" }, "endDate": { "type": "string", "description": "The date when the entitlement will end.", "format": "date-time", "example": "2020-02-19T00:00:00Z" }, "quantity": { "type": "integer", "description": "The number of PayToPrint prints allowed during the period.", "format": "int32", "example": 1000 }, "startDate": { "type": "string", "description": "The date when the entitlement starts.", "format": "date-time", "example": "2019-02-19T00:00:00Z" } }, "description": "PayToPrint entitlements of a tenant." }, "Permission": { "required": [ "actionType", "entityType", "id", "roleType" ], "type": "object", "properties": { "actionType": { "type": "string", "description": "The action to which this permission applies.", "enum": [ "VIEW", "ADD", "EDIT", "REMOVE", "ALL" ] }, "entityType": { "type": "string", "description": "The entity to which this permission applies.", "enum": [ "ALL", "SUBSCRIBERS", "USERS", "APPLICATIONS", "TOKENS", "ROLES", "SPROLES", "CONTEXTRULES", "AUTHORIZATIONGROUPS", "USERATTRIBUTES", "USERATTRIBUTEVALUES", "AGENTS", "GROUPS", "SETTINGS", "DIRECTORIES", "DIRECTORYSYNC", "DIRECTORYCONNECTIONS", "TEMPLATES", "USERSITEROLES", "REPORTS", "BULKUSERS", "BULKGROUPS", "USERPASSWORDS", "SERVICEPROVIDERS", "SERVICEPROVIDERACCOUNTS", "USERMACHINES", "CAS", "BULKHARDWARETOKENS", "BULKSMARTCARDS", "DIGITALIDCONFIGS", "DIGITALIDCONFIGVARIABLES", "DIGITALIDCONFIGCERTTEMPS", "DIGITALIDCONFIGSANS", "SCDEFNS", "SCDEFNPIVAPPLETCONFIGS", "SCDEFNVARIABLES", "SMARTCREDENTIALS", "SMARTCREDENTIALSSIGNATURE", "USERSPROLES", "EXPECTEDLOCATIONS", "USERLOCATIONS", "USERRBASETTINGS", "SPCLIENTCREDENTIALS", "SPMANAGEMENTPLATFORM", "ENTITLEMENTS", "QUESTIONS", "USERQUESTIONS", "USERQUESTIONANSWERS", "USERKBACHALLENGES", "WORDSYNONYMS", "GATEWAYS", "GATEWAYCSRS", "SPUSERMGMT", "BULKIDENTITYGUARD", "TEMPACCESSCODES", "TEMPACCESSCODECONTENTS", "GRIDS", "GRIDCONTENTS", "FIDOTOKENS", "EXPORTREPORTS", "CUSTOMIZATIONVARIABLES", "BLACKLISTEDPASSWORDS", "SPENTITLEMENTS", "CREATETENANT", "TENANTS", "ARCHIVES", "CERTIFICATES", "INTELLITRUSTDESKTOPS", "ACTIVESYNC", "PRINTERS", "ISSUANCE", "OTPS", "AD_CONNECTOR_DIRECTORIES", "AZURE_DIRECTORIES", "SCHEDULEDTASKS", "CREDENTIALDESIGNS", "ENROLLMENTS", "BULKENROLLMENTS", "EMAILTEMPLATES", "EMAILVARIABLES", "SENDEMAIL", "SENDSCIM", "SENDAZUREAD", "DIRECTORYPASSWORD", "TRANSACTIONITEMS", "TRANSACTIONRULES", "ENROLLMENTDESIGNS", "HIGH_AVAILABILITY_GROUPS", "PKIAASCREDENTIALS", "DIGITALIDCERTIFICATES", "PIVCONTENTSIGNER", "RESOURCESERVERAPIS", "RESOURCESERVERSCOPES", "USEROAUTHTOKENS", "GROUPPOLICIES", "OAUTHROLES", "IDENTITYPROVIDERS", "SMARTCARDS", "IPLISTS", "DOMAINCONTROLLERCERTS", "OTPPROVIDERS", "PREFERREDOTPPROVIDERS", "SPIDENTITYPROVIDERS", "PUSHCREDENTIALS", "DIRECTORYSEARCHATTRIBUTES", "DIRECTORYATTRIBUTES", "RISKENGINES", "SCIMPROVISIONINGS", "RATELIMITING", "CLAIMS", "CONTACTVERIFICATION", "HOSTNAMESETTINGS", "MAGICLINKS", "MAGICLINKCONTENTS", "AUTHENTICATIONFLOWS", "FACE", "TOKENACTIVATIONCONTENTS", "PASSTHROUGH", "POLICYOVERRIDE", "ORGANIZATIONS", "WEBHOOKS", "WEBHOOK_NOTIFICATION", "VCDEFNS", "VCS", "PLAYINTEGRITYCREDENTIALS", "VPDEFNS", "ACRS", "FLEET_MANAGEMENT_ALERT", "VERIFYUSER", "USER_PRINTER_PREFERENCE", "NAMEDPASSWORDS" ] }, "id": { "type": "string", "description": "The UUID of this permission." }, "roleType": { "type": "string", "description": "The role type to which this permission applies.", "enum": [ "SITE_ADMINISTRATOR", "ACCOUNT_MANAGER" ] } }, "description": "Details about a permission assign to a role." }, "PrinterEntitlement": { "type": "object", "properties": { "consumed": { "type": "integer", "description": "The entitlements consumed since start date during the entitlement period.", "format": "int32" }, "endDate": { "type": "string", "description": "The date when the entitlement will end.", "format": "date-time", "example": "2020-02-19T00:00:00Z" }, "quantity": { "type": "integer", "description": "The number of FlashPass claims allowed during the period.", "format": "int32", "example": 1000 }, "startDate": { "type": "string", "description": "The date when the entitlement starts.", "format": "date-time", "example": "2019-02-19T00:00:00Z" } }, "description": "Printer entitlements of a tenant." }, "PrinterParms": { "type": "object", "description": "Parameters passed when setting the Printer entitlements of a tenant." }, "ProtectedOfflineSettings": { "type": "object", "properties": { "protectedOfflineOTPMaxClients": { "type": "integer", "description": "Maximum number of IntelliTrust Desktops (or clients in general) that are allowed to be registered with a token for downloading OTPs.", "format": "int32" }, "protectedOfflineOTPMaxRefill": { "type": "integer", "description": "Maximum number of hours' worth of offline OTPs that a client is allowed to possess.", "format": "int32" }, "protectedOfflineOTPMinorRefill": { "type": "integer", "description": "Default number of hours' worth of offline OTPs that is returned.", "format": "int32" }, "protectedOfflineOTPProtection": { "type": "string", "description": "This controls the length of the private salt and is measured in bits. The values map as follows: Normal = 14, Strong = 17, and Very Strong = 20", "enum": [ "NORMAL", "STRONG", "VERYSTRONG" ] }, "protectedOfflineOTPSupport": { "type": "boolean", "description": "Defines whether tokens can be used offline." } }, "description": "Offline token settings to support offline token feature for IntelliTrust Desktop applications." }, "ResetParms": { "type": "object", "properties": { "response": { "type": "string", "description": "An optional token response used to reset the token." } }, "description": "Parameters needed to reset the token." }, "ResourceRule": { "required": [ "disableSSO", "groups", "name", "skipSecondFactorIfUserNotExist", "strictAccess" ], "type": "object", "properties": { "acrFilter": { "type": "string", "description": "Identifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list.", "enum": [ "NA", "NONE", "ANY", "SPECIFIC" ] }, "acrs": { "type": "array", "description": "The acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs.", "items": { "$ref": "#/components/schemas/Acr" } }, "apiVersion": { "type": "integer", "description": "The resource rules API version used to create or last update this resource rule. If the resource rule is at version 2, then it cannot be updated using a version 1 API.", "format": "int32", "readOnly": true, "enum": [ 1, 2 ] }, "dateTimeContext": { "$ref": "#/components/schemas/DateTimeContext" }, "description": { "type": "string", "description": "The description of the resource rule." }, "deviceCertificateContext": { "$ref": "#/components/schemas/DeviceCertificateContext" }, "disableSSO": { "type": "boolean", "description": "A flag indicating if single-sign on is disabled for this resource rule." }, "domainIdpFilter": { "type": "string", "description": "Identifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list.", "enum": [ "NA", "NONE", "ANY", "SPECIFIC" ] }, "domainIdps": { "type": "array", "description": "The domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers.", "items": { "$ref": "#/components/schemas/IdentityProvider" } }, "enabled": { "type": "boolean", "description": "A flag indicating if this resource rule is enabled or not. Only enabled resource rules are considered during authentication." }, "groups": { "type": "array", "description": "The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. A resource rule must specify at least one group which can be the default All Groups if you want the resource rule to apply to all users.", "items": { "$ref": "#/components/schemas/Group" } }, "highRiskAuthenticationFlow": { "$ref": "#/components/schemas/AuthenticationFlow" }, "highRiskEnableSmartLogin": { "type": "boolean", "description": "A flag indicating if Smart Login is enabled for High risk. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true }, "highRiskFirstStep": { "type": "string", "description": "The authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "EXTERNAL", "PASSWORD", "KBA", "OTP", "TOKEN", "TOKENPUSH", "SMARTCREDENTIALPUSH", "IDP", "PASSKEY", "SMART_LOGIN", "USER_CERTIFICATE", "FACE", "DENY", "MAGICLINK" ] }, "highRiskSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "id": { "type": "string", "description": "The unique UUID assigned to the resource rule when it is created." }, "ipContext": { "$ref": "#/components/schemas/IpContext" }, "kbaContext": { "$ref": "#/components/schemas/KbaContext" }, "locationContext": { "$ref": "#/components/schemas/LocationContext" }, "locationHistoryContext": { "$ref": "#/components/schemas/LocationHistoryContext" }, "lowRiskAuthenticationFlow": { "$ref": "#/components/schemas/AuthenticationFlow" }, "lowRiskEnableSmartLogin": { "type": "boolean", "description": "A flag indicating if Smart Login is enabled for Low risk. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true }, "lowRiskFirstStep": { "type": "string", "description": "The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "EXTERNAL", "PASSWORD", "KBA", "OTP", "TOKEN", "TOKENPUSH", "SMARTCREDENTIALPUSH", "IDP", "PASSKEY", "SMART_LOGIN", "USER_CERTIFICATE", "FACE", "DENY", "MAGICLINK" ] }, "lowRiskSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "lowRiskThreshold": { "maximum": 100, "minimum": 0, "type": "integer", "description": "Risk scores below this value are considered Low risk.", "format": "int32" }, "machineContext": { "$ref": "#/components/schemas/MachineContext" }, "mediumRiskAuthenticationFlow": { "$ref": "#/components/schemas/AuthenticationFlow" }, "mediumRiskEnableSmartLogin": { "type": "boolean", "description": "A flag indicating if Smart Login is enabled for Medium risk. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true }, "mediumRiskFirstStep": { "type": "string", "description": "The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "EXTERNAL", "PASSWORD", "KBA", "OTP", "TOKEN", "TOKENPUSH", "SMARTCREDENTIALPUSH", "IDP", "PASSKEY", "SMART_LOGIN", "USER_CERTIFICATE", "FACE", "DENY", "MAGICLINK" ] }, "mediumRiskSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "mediumRiskThreshold": { "maximum": 100, "minimum": 0, "type": "integer", "description": "Risk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk.", "format": "int32" }, "name": { "type": "string", "description": "The name of the resource rule." }, "resourceId": { "type": "string", "description": "The UUID of the resource to which this resource rule is assigned." }, "resourceName": { "type": "string", "description": "The name of the resource to which this resource rule is assigned." }, "riskEngineContexts": { "type": "array", "description": "If risk engine rules are defined, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk.", "items": { "$ref": "#/components/schemas/TransactionContext" } }, "skipSecondFactorIfUserNotExist": { "type": "boolean", "description": "A flag indicating if second factor can be skipped if the user does not exist and the first factor is EXTERNAL." }, "strictAccess": { "type": "boolean", "description": "A flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access.", "example": true }, "systemResourceContext": { "type": "boolean", "description": "A flag indicating if this resource rule is associated with a system resource including the Admin and User portals. A resource rule for a system resource cannot be deleted. They can only be disabled if there is at least one enabled resource rule for the resource." }, "transactionContexts": { "type": "array", "description": "If transaction details are specified during an authentication request, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed.", "items": { "$ref": "#/components/schemas/TransactionContext" } }, "travelVelocityContext": { "$ref": "#/components/schemas/TravelVelocityContext" } }, "description": "A ResourceRule defines the information returned about a resource rule. A resource rule is used to determine what authentication is used to authenticate to the specified resource (aka application)." }, "ResourceRuleNameId": { "required": [ "id", "name" ], "type": "object", "properties": { "id": { "type": "string", "description": "The unique UUID assigned to the resource rule when it is created." }, "name": { "type": "string", "description": "The name of the resource rule." } }, "description": "A ResourceRuleNameId contains a resource rule name and unique id." }, "ResourceRuleParms": { "type": "object", "properties": { "acrFilter": { "type": "string", "description": "Identifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list.", "enum": [ "NA", "NONE", "ANY", "SPECIFIC" ] }, "acrIds": { "type": "array", "description": "The UUIDs of acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. If acrFilter is set to SPECIFIC, at least one acrId should be specified otherwise the resource rule will never apply.", "items": { "type": "string", "description": "The UUIDs of acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. If acrFilter is set to SPECIFIC, at least one acrId should be specified otherwise the resource rule will never apply." } }, "dateTimeContext": { "$ref": "#/components/schemas/DateTimeContext" }, "description": { "type": "string", "description": "The description of the resource rule." }, "deviceCertificateContext": { "$ref": "#/components/schemas/DeviceCertificateContext" }, "disableSSO": { "type": "boolean", "description": "A flag indicating if single-sign on is disabled for this resource rule." }, "domainIdpFilter": { "type": "string", "description": "Identifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list.", "enum": [ "NA", "NONE", "ANY", "SPECIFIC" ] }, "domainIdpIds": { "type": "array", "description": "The UUIDs of domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers. If domainIdpFilter is set to SPECIFIC, at least one domainIdpId should be specified otherwise the resource rule will never apply.", "items": { "type": "string", "description": "The UUIDs of domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers. If domainIdpFilter is set to SPECIFIC, at least one domainIdpId should be specified otherwise the resource rule will never apply." } }, "enabled": { "type": "boolean", "description": "A flag indicating if this resource rule is enabled or not. Only enabled resource rules are considered during authentication." }, "groupIds": { "type": "array", "description": "The UUIDs of groups associated with this resource rule. The resource rule will only apply to users in one of the specified groups. When creating a resource rule, if no groupsIds are specified, the resource rule will apply to all users.", "items": { "type": "string", "description": "The UUIDs of groups associated with this resource rule. The resource rule will only apply to users in one of the specified groups. When creating a resource rule, if no groupsIds are specified, the resource rule will apply to all users." } }, "groups": { "type": "array", "description": "The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. If no groups are specified, the resource rule applies to all users. This attribute is ignored if the groupIds attribute is specified. The groupIds attribute should be used instead.", "deprecated": true, "items": { "$ref": "#/components/schemas/Group" } }, "highRiskAuthenticationFlow": { "type": "string", "description": "The UUID of the authentication flow to use when the risk score is High. Required with v2 APIs." }, "highRiskEnableSmartLogin": { "type": "boolean", "description": "A flag indicating if Smart Login is enabled for High risk.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true }, "highRiskFirstStep": { "type": "string", "description": "The authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. Only the values NONE, EXTERNAL, PASSWORD or DENY should be used for highRiskFirstStep. Other values are defined for backwards compatibility. Some values are not supported by all application types.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "EXTERNAL", "PASSWORD", "KBA", "OTP", "TOKEN", "TOKENPUSH", "SMARTCREDENTIALPUSH", "IDP", "PASSKEY", "SMART_LOGIN", "USER_CERTIFICATE", "FACE", "DENY", "MAGICLINK" ] }, "highRiskSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. Some values are not supported by all application types.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. Some values are not supported by all application types.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "ipContext": { "$ref": "#/components/schemas/IpContext" }, "kbaContext": { "$ref": "#/components/schemas/KbaContext" }, "locationContext": { "$ref": "#/components/schemas/LocationContext" }, "locationHistoryContext": { "$ref": "#/components/schemas/LocationHistoryContext" }, "lowRiskAuthenticationFlow": { "type": "string", "description": "The UUID of the authentication flow to use when the risk score is Low. Required with v2 APIs." }, "lowRiskEnableSmartLogin": { "type": "boolean", "description": "A flag indicating if Smart Login is enabled for Low risk.This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true }, "lowRiskFirstStep": { "type": "string", "description": "The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low. Only the values NONE, EXTERNAL, PASSWORD should be used for lowRiskFirstStep. The value DENY can only be specified for low risk authentication when using Smart Login, otherwise DENY can only be specified for medium or high risk values. Other values are defined for backwards compatibility. Some values are not supported by all application types. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "EXTERNAL", "PASSWORD", "KBA", "OTP", "TOKEN", "TOKENPUSH", "SMARTCREDENTIALPUSH", "IDP", "PASSKEY", "SMART_LOGIN", "USER_CERTIFICATE", "FACE", "DENY", "MAGICLINK" ] }, "lowRiskSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. Some values are not supported by all application types. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. Some values are not supported by all application types. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "lowRiskThreshold": { "maximum": 100, "minimum": 0, "type": "integer", "description": "Risk scores below this value are considered Low risk.", "format": "int32" }, "machineContext": { "$ref": "#/components/schemas/MachineContext" }, "mediumRiskAuthenticationFlow": { "type": "string", "description": "The UUID of the authentication flow to use when the risk score is Medium. Required with v2 APIs." }, "mediumRiskEnableSmartLogin": { "type": "boolean", "description": "A flag indicating if Smart Login is enabled for Medium risk.This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true }, "mediumRiskFirstStep": { "type": "string", "description": "The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. Only the values NONE, EXTERNAL, PASSWORD or DENY should be used for mediumRiskFirstStep. Other values are defined for backwards compatibility. Some values are not supported by all application types. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "EXTERNAL", "PASSWORD", "KBA", "OTP", "TOKEN", "TOKENPUSH", "SMARTCREDENTIALPUSH", "IDP", "PASSKEY", "SMART_LOGIN", "USER_CERTIFICATE", "FACE", "DENY", "MAGICLINK" ] }, "mediumRiskSecondStep": { "type": "array", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. Some values are not supported by all application types.This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "items": { "type": "string", "description": "The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. Some values are not supported by all application types.This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.", "deprecated": true, "enum": [ "NONE", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "USER_CERTIFICATE", "SMARTCREDENTIALPUSH", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "mediumRiskThreshold": { "maximum": 100, "minimum": 0, "type": "integer", "description": "Risk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk.", "format": "int32" }, "name": { "type": "string", "description": "The name of the resource rule." }, "removeDateTimeContext": { "type": "boolean", "description": "When updating a resource rule, if removeDateTimeContext is set to true, the existing date time context is removed. This attribute is ignored when creating a resource rule." }, "removeDeviceCertificateContext": { "type": "boolean", "description": "When updating a resource rule, if removeDeviceCertificateContext is set to true, the existing device certificate context is removed. This attribute is ignored when creating a resource rule." }, "removeIPContext": { "type": "boolean", "description": "When updating a resource rule, if removeIPContext is set to true, the existing IP context is removed. This attribute is ignored when creating a resource rule." }, "removeKBAContext": { "type": "boolean", "description": "When updating a resource rule, if removeKBAContext is set to true, the existing KBA context is removed. This attribute is ignored when creating a resource rule." }, "removeLocationContext": { "type": "boolean", "description": "When updating a resource rule, if removeLocationContext is set to true, the existing location context is removed. This attribute is ignored when creating a resource rule." }, "removeLocationHistoryContext": { "type": "boolean", "description": "When updating a resource rule, if removeLocationHistoryContext is set to true, the existing location history context is removed. This attribute is ignored when creating a resource rule." }, "removeMachineContext": { "type": "boolean", "description": "When updating a resource rule, if removeMachineContext is set to true, the existing machine context is removed. This attribute is ignored when creating a resource rule." }, "removeTravelVelocityContext": { "type": "boolean", "description": "When updating a resource rule, if removeTravelVelocityContext is set to true, the existing travel velocity context is removed. This attribute is ignored when creating a resource rule." }, "resourceId": { "type": "string", "description": "The UUID of the resource to which this resource rule is assigned. This value is only used when creating a resource rule." }, "riskEngineContexts": { "type": "array", "description": "If risk engine rules are defined, the transaction contexts specify the level at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk. If set to null, no changes are made. If set to an empty set, transaction contexts are removed.", "items": { "$ref": "#/components/schemas/TransactionContext" } }, "skipSecondFactorIfUserNotExist": { "type": "boolean", "description": "A flag indicating if second factor will be skipped if user doesn't exist when the first factor was EXTERNAL." }, "strictAccess": { "type": "boolean", "description": "A flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access.", "example": true }, "transactionContexts": { "type": "array", "description": "If transaction details are specified during an authentication request, the transaction contexts specify the level at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed. If set to null, no changes are made. If set to an empty set, transaction contexts are removed.", "items": { "$ref": "#/components/schemas/TransactionContext" } }, "travelVelocityContext": { "$ref": "#/components/schemas/TravelVelocityContext" } }, "description": "Parameters defining the new resource rule including the resource to which it applies." }, "Role": { "required": [ "name", "roleType" ], "type": "object", "properties": { "allRoles": { "type": "boolean", "description": "A flag indicating if administrators with this role can manage all roles and all users." }, "defaultRole": { "type": "boolean", "description": "A flag indicating if this role is one of the default roles." }, "description": { "type": "string", "description": "The description of the role." }, "groupIds": { "type": "array", "description": "The UUIDs of groups associated with this role when Group Management is DEFINED. This attribute is ignored if Group Management is ALL or OWN.", "items": { "type": "string", "description": "The UUIDs of groups associated with this role when Group Management is DEFINED. This attribute is ignored if Group Management is ALL or OWN." } }, "groupManagement": { "type": "string", "description": "The type of the group management. Defaults to ALL if not provided.", "enum": [ "ALL", "DEFINED", "OWN" ] }, "id": { "type": "string", "description": "The UUID of the role." }, "managedRoles": { "type": "array", "description": "If allRoles is false, this attribute lists the roles and administrators in these roles that can be administered by administrators with this role. Administrators will also be able to manage end users.", "items": { "$ref": "#/components/schemas/Role" } }, "name": { "type": "string", "description": "The name of the role." }, "permissions": { "type": "array", "description": "A list of the permissions assigned to this role.", "items": { "$ref": "#/components/schemas/Permission" } }, "roleType": { "type": "string", "description": "The type of the role.", "enum": [ "SITE_ADMINISTRATOR", "ACCOUNT_MANAGER" ] }, "superAdministrator": { "type": "boolean", "description": "A flag indicating if this role is a super administrator." } }, "description": "Information about a role." }, "RoleUser": { "required": [ "roleName" ], "type": "object", "properties": { "defaultRole": { "type": "boolean", "description": "A flag indicating if this role is one of the default roles." }, "id": { "type": "string", "description": "The UUID of the role." }, "roleDescription": { "type": "string", "description": "The description of the role." }, "roleName": { "type": "string", "description": "The name of the role" }, "usersInRole": { "type": "integer", "description": "The number of users in this role.", "format": "int32" } }, "description": "The role information returned from a list role operation." }, "SCDefn": { "type": "object", "properties": { "cardDigitalIdConfigRequired": { "type": "boolean", "description": "A flag indicating if smart credentials using this SC definition must have a card digital id config defined." }, "cardHolderDigitalIdConfigRequired": { "type": "boolean", "description": "A flag indicating if smart credentials using this SC definition must have a card holder digital id config defined." }, "cardPinDigits": { "type": "string", "description": "Requirements for digits in card PINs for smart credentials for this SC Defn.", "enum": [ "ALLOWED", "REQUIRED", "NOT_ALLOWED", "NOT_SET" ] }, "cardPinLength": { "type": "integer", "description": "The length of card PINs generated for smart credentials for this SC Defn.", "format": "int32" }, "cardPinLower": { "type": "string", "description": "Requirements for lowercase letters in card PINs for smart credentials for this SC Defn.", "enum": [ "ALLOWED", "REQUIRED", "NOT_ALLOWED", "NOT_SET" ] }, "cardPinMaxAttempts": { "type": "integer", "description": "The maximum number of times a wrong PIN can be entered incorrectly before it locks out the smart credential.", "format": "int32" }, "cardPinMaxLength": { "type": "integer", "description": "The maximum PIN length of card PINs for smart credentials for this SC Defn.", "format": "int32" }, "cardPinMaxUsesAfterAdminReset": { "type": "integer", "description": "The maximum number of times a PIN can be used before it must be changed after it is set by an administrator.", "format": "int32" }, "cardPinMinLength": { "type": "integer", "description": "The minimum PIN length of card PINs for smart credentials for this SC Defn.", "format": "int32" }, "cardPinSpecial": { "type": "string", "description": "Requirements for special characters in card PINs for smart credentials for this SC Defn.", "enum": [ "ALLOWED", "REQUIRED", "NOT_ALLOWED", "NOT_SET" ] }, "cardPinUpper": { "type": "string", "description": "Requirements for uppercase letters in card PINs for smart credentials for this SC Defn.", "enum": [ "ALLOWED", "REQUIRED", "NOT_ALLOWED", "NOT_SET" ] }, "defaultCardDigitalIdConfigId": { "type": "string", "description": "The UUID of the default card digital id config. If not set, there is no default." }, "defaultCardHolderDigitalIdConfigId": { "type": "string", "description": "The UUID of the default card holder digital id config. If not set, there is no default." }, "defaultSCDefn": { "type": "boolean", "description": "A flag indicating if this is the default SC Defn." }, "id": { "type": "string", "description": "The UUID of this SC Defn." }, "lifetime": { "type": "integer", "description": "The lifetime (in months) of smart credentials created for this SC Defn.", "format": "int32" }, "name": { "type": "string", "description": "The name of this SC Defn." }, "pivAppletConfigId": { "type": "string", "description": "The UUID of the PIV applet configuration associated with this smart credential definition." }, "pivContentSignerCAId": { "type": "string", "description": "The UUID of the CA that defines the PIV Content Signer for this SC definition. If not set, the PIV Content Signer is derived from the digital id configs." }, "variables": { "type": "array", "description": "Smart Credential Definition Variables defined for this SC Defn.", "items": { "$ref": "#/components/schemas/SCDefnVariable" } } }, "description": "Information returned about a smart credential definition." }, "SCDefnGetParms": { "required": [ "name" ], "type": "object", "properties": { "name": { "type": "string", "description": "The name of the smart credential definition to be retrieved." } }, "description": "Parameters to get Smart Credential Definitions by Name." }, "SCDefnVariable": { "type": "object", "properties": { "defaultValue": { "type": "string", "description": "The default value of this variable." }, "displayable": { "type": "boolean", "description": "A flag indicating if values for this variable should be displayed." }, "generate": { "type": "boolean", "description": "A flag indicating if the initial value for this variable should be generated." }, "generateLength": { "type": "integer", "description": "A length value used when generating values for this variable.", "format": "int32" }, "id": { "type": "string", "description": "The UUID of this SC Defn Variable." }, "modifiable": { "type": "boolean", "description": "A flag indicating if values for this variable can be modified." }, "name": { "type": "string", "description": "The name of this SC Defn Variable." }, "order": { "type": "integer", "description": "A value that specifies the order of this variable with respect to the other variables in the SC Defn.", "format": "int32" }, "prompt": { "type": "string", "description": "Optional prompt to be used when prompting for a value for this variable." }, "required": { "type": "boolean", "description": "A flag indicating if a value is required for this variable." }, "restrictionDigits": { "type": "string", "description": "A value specifying restrictions on digits appearing in values of this variable.", "enum": [ "ALLOWED", "REQUIRED", "NOT_ALLOWED", "NOT_SET" ] }, "restrictionLower": { "type": "string", "description": "A value specifying restrictions on lowercase characters appearing in values of this variable.", "enum": [ "ALLOWED", "REQUIRED", "NOT_ALLOWED", "NOT_SET" ] }, "restrictionMax": { "type": "integer", "description": "A value indicating a maximum for values of this variable. How this is enforced depends on the variable type.", "format": "int32" }, "restrictionMin": { "type": "integer", "description": "A value indicating a minimum for values of this variable. How this is enforced depends on the variable type.", "format": "int32" }, "restrictionRegex": { "type": "string", "description": "A value specifying a regex that values of this variable must match." }, "restrictionSpecial": { "type": "string", "description": "A value specifying restrictions on special characters appearing in values of this variable.", "enum": [ "ALLOWED", "REQUIRED", "NOT_ALLOWED", "NOT_SET" ] }, "restrictionUpper": { "type": "string", "description": "A value specifying restrictions on uppercase characters appearing in values of this variable.", "enum": [ "ALLOWED", "REQUIRED", "NOT_ALLOWED", "NOT_SET" ] }, "scDefnId": { "type": "string", "description": "The UUID of the SC Defn that owns this variable definition." }, "type": { "type": "string", "description": "The type of this variable.", "enum": [ "STRING", "BOOLEAN", "INTEGER", "UUID" ] }, "uniqueness": { "type": "string", "description": "A flag indicating if values of this variable must be unique and if so within what scope.", "enum": [ "GLOBAL", "USER", "NONE" ] }, "uniquenessScopeId": { "type": "string", "description": "A value that allows a variable to be defined unique in the scope of another variable." } }, "description": "SC Defn Variables define the details about variables defined in the SC Defn." }, "SCVariableValue": { "type": "object", "properties": { "scDefnVariable": { "$ref": "#/components/schemas/SCDefnVariable" }, "scDefnVariableId": { "type": "string", "description": "The UUID of the SC Defn Variable that defines the variable." }, "value": { "type": "string", "description": "The variable value." } }, "description": "SCVariableValues store variable values for a smart credential." }, "SamlConfigurationParms": { "required": [ "federationMetadataUrl" ], "type": "object", "properties": { "federationMetadataUrl": { "type": "string", "description": "The federation metadata URL of the SAML identity provider.", "example": "https://entrust.us.trustedauth.com/api/saml/metadata/12345678-1234-1234-1234-123456789012" } }, "description": "SamlConfigurationParms" }, "SamlConfigurationResponse": { "type": "object", "properties": { "claims": { "type": "array", "description": "The list of claim attributes the SAML identity provider offers.", "items": { "$ref": "#/components/schemas/SamlInfoClaim" } }, "issuer": { "type": "string", "description": "The entity ID of the SAML identity provider configuration.", "example": "saml-idp-12345" }, "sloUrl": { "type": "string", "description": "The Single Logout URL of the SAML identity provider configuration.", "example": "https://sso.example.com/saml/logout" }, "ssoUrl": { "type": "string", "description": "The Single Sign-on URL of the SAML identity provider configuration.", "example": "https://sso.example.com/saml/login" } }, "description": "A SamlConfigurationResponse defines the external SAML identity provider configuration." }, "SamlIdentityProvider": { "type": "object", "properties": { "acrValues": { "type": "string", "description": "The space separated list of authentication context request values to request as part of the external SAML identity provider user authentication or user verification request.", "example": "level1 level2" }, "acsUrl": { "type": "string", "description": "The assertion consumer service URL provided to the external SAML identity provider. Leave empty to use default value.", "example": "https://test.us.trustedauth.com/api/saml/SAML2/ACS" }, "authenticationEnabled": { "type": "boolean", "description": "A flag indicating if the external SAML identity provider can be used for user authentication.", "example": true }, "buttonImage": { "type": "string", "description": "The URI of the logo to display on the login button for this external SAML identity provider.", "example": "https://account.mycompany.com/images/logo.png" }, "buttonText": { "type": "string", "description": "The unique text to display on the login button for this external SAML identity provider.", "example": "Sign in With MyCompany Co." }, "createUser": { "type": "boolean", "description": "A flag indicating if the user should be created after authenticating to the external SAML identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true.", "example": true }, "defaultProvider": { "type": "boolean", "description": "A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time." }, "domains": { "type": "string", "description": "The space separated list of domains associated with the external SAML identity provider for use with user authentication.", "example": "test.com sample.com" }, "externalGroupMappings": { "type": "array", "description": "The association between a group claim returned from the external SAML identity provider and authorization groups. This mapping is used to associate SAML identity provider external groups when a user is created or modified based on user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true and groupMapping is present.", "items": { "$ref": "#/components/schemas/IdentityProviderExternalGroupMapping" } }, "forceAuthn": { "type": "boolean", "description": "A flag indicating if a force authentication should always be requested as part of the external SAML identity provider user authentication or user verification request.", "example": false }, "groupIds": { "type": "array", "description": "The UUIDs of groups that will be assigned to users created after an external SAML identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value is used if createUser is true.", "items": { "type": "string", "description": "The UUIDs of groups that will be assigned to users created after an external SAML identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value is used if createUser is true." } }, "groupMapping": { "type": "string", "description": "The association between a specified claim returned from the external SAML identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true." }, "id": { "type": "string", "description": "The UUID of the external SAML identity provider.", "example": "6784549d-433c-44ea-a42f-4701458dg245" }, "issuer": { "type": "string", "description": "The issuer, or IDP Entity ID, for the external SAML identity provider.", "example": "https://accounts.mycompany.com" }, "name": { "type": "string", "description": "The unique name of the external SAML identity provider.", "example": "MyCompany Co." }, "nameIdPolicyFormat": { "type": "string", "description": "The name ID policy format to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "organizationIds": { "type": "array", "description": "The UUIDs of organizations that will be assigned to users created after an external SAML identity provider user authentication. If configured, the full set of organizations must be configured. This value is used if createUser is true.", "items": { "type": "string", "description": "The UUIDs of organizations that will be assigned to users created after an external SAML identity provider user authentication. If configured, the full set of organizations must be configured. This value is used if createUser is true." } }, "requireAssertionSignature": { "type": "boolean", "description": "A flag indicating if the SAML Assertion of the external SAML identity provider should be signed and verified.", "example": true }, "requireResponseSignature": { "type": "boolean", "description": "A flag indicating if the SAML Response of the external SAML identity provider should be signed and verified.", "example": true }, "roleId": { "type": "string", "description": "The UUID of the role that will be assigned to users created after an external SAML identity provider user authentication. An empty string means the user will not be assigned a role by default. This role acts as the default if role mapping is empty. This value can only be set if createUser is true." }, "roleMapping": { "type": "string", "description": "The association between a specified claim returned from the external SAML identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true." }, "sloEndpoint": { "type": "string", "description": "The single logout endpoint for the external SAML identity provider.", "example": "https://account.mycompany.com/saml/slo" }, "spEntityId": { "type": "string", "description": "The SP entity ID provided to the external SAML identity provider.", "example": "client123" }, "ssoEndpoint": { "type": "string", "description": "The single signon endpoint for the external SAML identity provider.", "example": "https://account.mycompany.com/saml/sso" }, "type": { "type": "string", "description": "The type of the external SAML identity provider. Once created, this value cannot be updated.", "example": "GENERIC", "enum": [ "GENERIC" ] }, "updateUser": { "type": "boolean", "description": "A flag indicating if the user should be updated after authenticating to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true.", "example": true }, "updateUserVerification": { "type": "boolean", "description": "A flag indicating if the user should be updated after user verification to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if verificationEnabled is true.", "example": true }, "userAttributeId": { "type": "string", "description": "The IDaaS user attribute ID used to find IDaaS users associated with an external SAML identity provider user authentication. This value is used if authenticationEnabled is true." }, "userAttributeMappings": { "type": "array", "description": "The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value is used if createUser, updateUser, or updateVerificationUser is true.", "items": { "$ref": "#/components/schemas/SamlIdentityProviderAttributeMapping" } }, "userAuthMatchMappings": { "type": "array", "description": "The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user authentication. If configured, the full set of mappings must be configured. This value is used if authenticationEnabled is true.", "items": { "$ref": "#/components/schemas/SamlIdentityProviderUserAuthMatchMapping" } }, "userClaim": { "type": "string", "description": "The external SAML identity provider claim (attribute) used to find IDaaS users associated with an external SAML identity provider user authentication. This value is used if authenticationEnabled is true." }, "userNameFormat": { "type": "string", "description": "If user name parameter is set to NameID, the value of the format of this value.", "example": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "userNameParameter": { "type": "string", "description": "The name of the parameter to include with the SAML authentication request that will contain the value of the user's userid. Set the value to NameID to pass this value as part of the SAML Request message.", "example": "username" }, "userVerMatchMappings": { "type": "array", "description": "The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value is used if verificationEnabled is true.", "items": { "$ref": "#/components/schemas/SamlIdentityProviderUserVerMatchMapping" } }, "verificationCertificate": { "type": "string", "description": "The verification certificate used with the external SAML identity provider.", "format": "byte" }, "verificationCertificate2": { "type": "string", "description": "The verification certificate2 used with the external SAML identity provider.", "format": "byte" }, "verificationCertificate2DN": { "type": "string", "description": "The verification certificate2 DN used with the external SAML identity provider." }, "verificationCertificate2ExpiryDate": { "type": "string", "description": "The verification certificate2 expiry date used with the external SAML identity provider.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "verificationCertificateDN": { "type": "string", "description": "The verification certificate DN used with the external SAML identity provider." }, "verificationCertificateExpiryDate": { "type": "string", "description": "The verification certificate expiry date used with the external SAML identity provider.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "verificationEnabled": { "type": "boolean", "description": "A flag indicating if the external SAML identity provider can be used for user verification.", "example": true } }, "description": "An SamlIdentityProvider defines the information returned about an external SAML identity provider for use with user authentication or user verification." }, "SamlIdentityProviderAttributeMapping": { "required": [ "claim", "userAttributeId" ], "type": "object", "properties": { "claim": { "type": "string", "description": "The name of the claim (attribute) being mapped. This value must be provided when creating or modifying an attribute mapping.", "example": "email" }, "id": { "type": "string", "description": "The UUID of the SAML identity provider attribute mapping.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "samlIdentityProviderId": { "type": "string", "description": "The UUID of the SAML identity provider the attribute mapping belongs to.", "example": "6881549d-433c-44ea-a42f-4705c26f3245" }, "userAttribute": { "$ref": "#/components/schemas/UserAttribute" }, "userAttributeId": { "type": "string", "description": "The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying an attribute mapping.", "example": "6981549d-433c-44ea-a42f-4705c26f3245" } }, "description": "An SamlIdentityProviderAttributeMapping maps a claim (attribute) returned from an external SAML identity provider user authentication or user verification to an IDaaS user attribute." }, "SamlIdentityProviderParms": { "type": "object", "properties": { "acrValues": { "type": "string", "description": "The space separated list of authentication context request values to request as part of the external SAML identity provider user authentication or user verification request.", "example": "level1 level2" }, "acsUrl": { "type": "string", "description": "The assertion consumer service URL provided to the external SAML identity provider. Leave empty to use default value.", "example": "https://test.us.trustedauth.com/api/saml/SAML2/ACS" }, "authenticationEnabled": { "type": "boolean", "description": "A flag indicating if the external SAML identity provider can be used for user authentication. If enabled, userAttributeId and userClaim are required.", "example": true, "default": false }, "buttonImage": { "type": "string", "description": "The URI of the logo to display on the login button for this external SAML identity provider.", "example": "https://account.mycompany.com/images/logo.png" }, "buttonText": { "type": "string", "description": "The unique text to display on the login button for this external SAML identity provider. This value is required when creating an IDP.", "example": "Sign in With MyCompany Co." }, "createUser": { "type": "boolean", "description": "A flag indicating if the user should be created after authenticating to the external SAML identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true.", "example": true, "default": false }, "defaultProvider": { "type": "boolean", "description": "A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time." }, "domains": { "type": "string", "description": "The space separated list of domains associated with the external SAML identity provider for use with user authentication.", "example": "test.com sample.com" }, "externalGroupMappings": { "type": "array", "description": "The association between a group claim returned from the external SAML identity provider and authorization groups. This mapping is used to associate SAML identity provider external groups when a user is created or modified based on user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true and groupMapping is present.", "items": { "$ref": "#/components/schemas/IdentityProviderExternalGroupMapping" } }, "forceAuthn": { "type": "boolean", "description": "A flag indicating if a force authentication should always be requested as part of the external SAML identity provider user authentication or user verification request.", "example": false }, "groupIds": { "type": "array", "description": "The UUIDs of groups that will be assigned to users created after an external SAML identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value can only be set if createUser is true.", "items": { "type": "string", "description": "The UUIDs of groups that will be assigned to users created after an external SAML identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value can only be set if createUser is true." } }, "groupMapping": { "type": "string", "description": "The association between a specified claim returned from the external SAML identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true." }, "issuer": { "type": "string", "description": "The issuer, or IDP Entity ID, for the external SAML identity provider.", "example": "https://accounts.mycompany.com" }, "name": { "type": "string", "description": "The unique name of the external SAML identity provider. This value is required when creating an IDP.", "example": "MyCompany Co." }, "nameIdPolicyFormat": { "type": "string", "description": "The name ID policy format to request as part of the external OIDC identity provider user authentication or user verification request.", "example": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "organizationIds": { "type": "array", "description": "The UUIDs of organizations that will be assigned to users created after an external SAML identity provider user authentication. If configured, the full set of organizations must be configured. This value can only be set if createUser is true.", "items": { "type": "string", "description": "The UUIDs of organizations that will be assigned to users created after an external SAML identity provider user authentication. If configured, the full set of organizations must be configured. This value can only be set if createUser is true." } }, "requireAssertionSignature": { "type": "boolean", "description": "A flag indicating if the SAML Assertion of the external SAML identity provider should be signed and verified.", "example": true, "default": false }, "requireResponseSignature": { "type": "boolean", "description": "A flag indicating if the SAML Response of the external SAML identity provider should be signed and verified.", "example": true, "default": false }, "roleId": { "type": "string", "description": "The UUID of the role that will be assigned to users created after an external SAML identity provider user authentication. An empty string means the user will not be assigned a role by default. This role acts as the default if role mapping is empty. This value can only be set if createUser is true." }, "roleMapping": { "type": "string", "description": "The association between a specified claim returned from the external SAML identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true." }, "sloEndpoint": { "type": "string", "description": "The single logout endpoint for the external SAML identity provider.", "example": "https://account.mycompany.com/saml/slo" }, "spEntityId": { "type": "string", "description": "The SP entity ID provided to the external SAML identity provider. This value is required when creating an IDP.", "example": "client123" }, "ssoEndpoint": { "type": "string", "description": "The single signon endpoint for the external SAML identity provider. This value is required when creating an IDP.", "example": "https://account.mycompany.com/saml/sso" }, "type": { "type": "string", "description": "The type of the external SAML identity provider. Once created, this value cannot be updated. This value is required when creating an IDP.", "example": "GENERIC", "enum": [ "GENERIC" ] }, "updateUser": { "type": "boolean", "description": "A flag indicating if the user should be updated after authenticating to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true.", "example": true, "default": false }, "updateUserVerification": { "type": "boolean", "description": "A flag indicating if the user should be updated after user verification to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if verificationEnabled is true.", "example": true, "default": false }, "userAttributeId": { "type": "string", "description": "The IDaaS user attribute ID used to find IDaaS users associated with an external SAML identity provider user authentication. This value can only be set if authenticationEnabled is true." }, "userAttributeMappings": { "type": "array", "description": "The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if createUser, updateUser, or updateVerificationUser is true.", "items": { "$ref": "#/components/schemas/SamlIdentityProviderAttributeMapping" } }, "userAuthMatchMappings": { "type": "array", "description": "The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user authentication. If configured, the full set of mappings must be configured. This value can only be set if authenticationEnabled is true.", "items": { "$ref": "#/components/schemas/SamlIdentityProviderUserAuthMatchMapping" } }, "userClaim": { "type": "string", "description": "The external SAML identity provider claim (attribute) used to find IDaaS users associated with an external SAML identity provider user authentication. This value can only be set if authenticationEnabled is true." }, "userNameFormat": { "type": "string", "description": "If user name parameter is set to NameID, the value of the format of this value.", "example": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "userNameParameter": { "type": "string", "description": "The name of the parameter to include with the SAML authentication request that will contain the value of the user's userid. Set the value to NameID to pass this value as part of the SAML Request message.", "example": "username" }, "userVerMatchMappings": { "type": "array", "description": "The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if verificationEnabled is true.", "items": { "$ref": "#/components/schemas/SamlIdentityProviderUserVerMatchMapping" } }, "verificationCertificate": { "type": "string", "description": "The verification certificate used with the external SAML identity provider.", "format": "byte" }, "verificationCertificate2": { "type": "string", "description": "The verification certificate2 used with the external SAML identity provider.", "format": "byte" }, "verificationEnabled": { "type": "boolean", "description": "A flag indicating if the external SAML identity provider can be used for user verification. If enabled, userVerMatchMappings is required.", "example": true, "default": false } }, "description": "An SamlIdentityProviderParms defines the information passed to Identity as a Service when creating or modifying an external SAML identity provider for use with user authentication or user verification." }, "SamlIdentityProviderUserAuthMatchMapping": { "required": [ "claim", "userAttributeId" ], "type": "object", "properties": { "claim": { "type": "string", "description": "The name of the claim (attribute) being mapped. This value must be provided when creating or modifying a user authentication match mapping.", "example": "email" }, "id": { "type": "string", "description": "The UUID of the SAML identity provider user authentication match mapping.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "samlIdentityProviderId": { "type": "string", "description": "The UUID of the SAML identity provider the user authentication match mapping belongs to.", "example": "6881549d-433c-44ea-a42f-4705c26f3245" }, "userAttribute": { "$ref": "#/components/schemas/UserAttribute" }, "userAttributeId": { "type": "string", "description": "The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying a user authentication match mapping.", "example": "6981549d-433c-44ea-a42f-4705c26f3245" } }, "description": "An SamlIdentityProviderUserAuthMatchMapping maps a claim (attribute) returned from an external SAML identity provide user authentication to an IDaaS User user attribute for matching purposes." }, "SamlIdentityProviderUserVerMatchMapping": { "required": [ "claim", "userAttributeId" ], "type": "object", "properties": { "claim": { "type": "string", "description": "The name of the claim (attribute) being mapped. This value must be provided when creating or modifying a user verification match mapping.", "example": "email" }, "id": { "type": "string", "description": "The UUID of the SAML identity provider user verification match mapping.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "samlIdentityProviderId": { "type": "string", "description": "The UUID of the SAML identity provider the user verification match mapping belongs to.", "example": "6881549d-433c-44ea-a42f-4705c26f3245" }, "userAttribute": { "$ref": "#/components/schemas/UserAttribute" }, "userAttributeId": { "type": "string", "description": "The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying a user verification match mapping.", "example": "6981549d-433c-44ea-a42f-4705c26f3245" } }, "description": "An SamlIdentityProviderUserVerMatchMapping maps a claim (attribute) returned from an external SAML identity provide user verification to an IDaaS User user attribute for matching purposes." }, "SamlInfoClaim": { "type": "object", "properties": { "displayName": { "type": "string", "description": "The name of the claim attribute.", "example": "email" }, "uri": { "type": "string", "description": "The URI of the claim attribute.", "example": "https://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" } }, "description": "The list of claim attributes the SAML identity provider offers." }, "SearchBase": { "type": "object", "properties": { "directoryId": { "type": "string", "description": "The UUID of the Directory the seachbase belongs to.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "emptySearchBase": { "type": "boolean", "description": "Whether or not an empty searchbase is empty?" }, "id": { "type": "string", "description": "The UUID of the searchbase.", "example": "6781549d-433c-44ea-a42f-4705c26f3245" }, "node": { "type": "string", "description": "The searchbase node.", "example": "DC=Users" }, "subsearchbasesIncluded": { "type": "boolean", "description": "Whether or not a sub-tree is included?" } }, "description": "A SearchBase defines the information returned about a directory search base." }, "SearchByAttribute": { "required": [ "name", "operator" ], "type": "object", "properties": { "name": { "type": "string", "description": "Identifies the attribute we are searching for." }, "operator": { "type": "string", "description": "Identifies the operator.", "enum": [ "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "STARTS_WITH", "ENDS_WITH", "GREATER_THAN", "GREATER_THAN_OR_EQUAL", "LESS_THAN", "LESS_THAN_OR_EQUAL", "IN", "EXISTS", "NOT_EXISTS" ] }, "value": { "type": "string", "description": "Identifies the value of the attribute we are searching for." } }, "description": "An attribute used during paging and/or searching." }, "SearchParms": { "type": "object", "properties": { "attributes": { "type": "array", "description": "Users search only: additional, non-core attributes to include in the returned object. Attribute names are specific to the returned object.", "items": { "type": "string", "description": "Users search only: additional, non-core attributes to include in the returned object. Attribute names are specific to the returned object." } }, "cursor": { "type": "string", "description": "Identifies the page to return when paging over a result set--if present, search by / order by attributes are ignored." }, "limit": { "maximum": 100, "minimum": 1, "type": "integer", "description": "Identifies the maximum number of items to include in a page (1-100).", "format": "int32" }, "orderByAttribute": { "$ref": "#/components/schemas/OrderByAttribute" }, "searchByAttributes": { "type": "array", "description": "Identifies attributes for searching purposes. Some end-points have pre-defined values and ignore this attribute.", "items": { "$ref": "#/components/schemas/SearchByAttribute" } } }, "description": "Parameters specifying search attributes or a cursor to get results from a previous search." }, "ServiceBundle": { "required": [ "bundleType" ], "type": "object", "properties": { "bundleType": { "type": "string", "description": "Identifies the bundle.", "example": "ADVANCED", "enum": [ "ADVANCED", "ESSENTIALS", "PROFESSIONAL", "ENTERPRISE", "API", "STANDARD", "PLUS", "PREMIUM", "CONSUMER" ] }, "rank": { "type": "integer", "description": "A number that allows to sort bundles of the same category by precedence. Read-only currently.", "format": "int32", "example": 1000 }, "usageReportId": { "type": "string", "description": "An identifier used to report usage for this bundle.", "example": "SIG_CTR-474988" } }, "description": "A bundle identifies a set of capabilities available to a tenant." }, "SmartCredential": { "required": [ "deviceVerified" ], "type": "object", "properties": { "allowedActions": { "type": "array", "description": "A list of administration actions currently allowed for this smart credential.", "items": { "type": "string", "description": "A list of administration actions currently allowed for this smart credential.", "enum": [ "ACTIVATE", "REACTIVATE", "UPDATE", "UNASSIGN", "UNBLOCK", "ENABLE", "DISABLE", "DELETE", "VIEW_CERTIFICATES" ] } }, "cardDigitalConfig": { "$ref": "#/components/schemas/DigitalIdConfig" }, "cardDigitalConfigId": { "type": "string", "description": "The UUID of the Card Digital Id config of this smart credential. If not set, the smart credential will not have a Card Digital Id." }, "cardDigitalConfigRequired": { "type": "boolean", "description": "Indicates if the card digitalid config is required or not." }, "cardHolderDigitalConfig": { "$ref": "#/components/schemas/DigitalIdConfig" }, "cardHolderDigitalConfigId": { "type": "string", "description": "The UUID of the Card Holder Digital Id config of this smart credential. If not set, the smart credential will not have a Card Holder Digital Id." }, "cardHolderDigitalConfigRequired": { "type": "boolean", "description": "Indicates if the card holder digitalid config is required or not." }, "certificates": { "type": "array", "description": "A list of certificates associated with this smart credential.", "items": { "$ref": "#/components/schemas/DigitalIdCert" } }, "chipId": { "type": "string", "description": "The chip id of the smart card set when the smart credential is encoded." }, "deviceVerified": { "type": "boolean", "description": "A flag indicating if the smart credential is enrolled on a verified device." }, "digitalIds": { "type": "array", "description": "A list of digital ids associated with this smart credential.", "items": { "$ref": "#/components/schemas/DigitalId" } }, "encodeMsg": { "type": "string", "description": "For smart credentials that have failed to encode, the encode message stores a message providing information about the failure." }, "encodeState": { "type": "string", "description": "The encode state of a smart credential indicates if encoding has started, completed successfully or failed.", "enum": [ "ENCODE_START", "ENCODE_DONE", "ENCODE_ERROR" ] }, "enrollState": { "type": "string", "description": "The enrollment state of a smart credential indicates if all of the necessary enrollment values have been collected. Only smart credentials in the ENROLLED state can be activated.", "enum": [ "ENROLLING", "ENROLLED" ] }, "expiryDate": { "type": "string", "description": "For issued smart credentials, the expiry date is the date on which the smart credential will expire.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "id": { "type": "string", "description": "The unique UUID assigned to the smart credential when it is created." }, "issueDate": { "type": "string", "description": "The date on which the smart credential was issued.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "notifyEnabled": { "type": "boolean", "description": "A flag indicating if notification is enabled for this smart credential." }, "platform": { "type": "string", "description": "The platform of the Mobile SC application on which this smart credential was encoded." }, "scDefnId": { "type": "string", "description": "The UUID of the Smart Credential Definition that defines this smart credential." }, "scDefnName": { "type": "string", "description": "The name of the smart credential definition of this smart credential." }, "serialNumber": { "type": "string", "description": "The unique serial number of the smart credential generated when it is created." }, "state": { "type": "string", "description": "The state of the smart credential. Only smart credentials in the ACTIVE state can be used for authentication.", "enum": [ "ACTIVE", "INACTIVE" ] }, "userId": { "type": "string", "description": "The UUID of the user that owns this smart credential." }, "userUserId": { "type": "string", "description": "The user Id of the user that owns this smart credential." }, "variableValues": { "type": "array", "description": "Variable values for this smart credential", "items": { "$ref": "#/components/schemas/SCVariableValue" } }, "version": { "type": "string", "description": "The version of the Mobile SC application on which this smart credential was encoded." } }, "description": "Information returned from the service about a smart credential." }, "SmartCredentialChangeStateParms": { "type": "object", "properties": { "state": { "type": "string", "description": "The new state of the smart credential.", "enum": [ "ACTIVE", "INACTIVE" ] } }, "description": "Parameters specifying the new state for the smart credential." }, "SmartCredentialCompleteSignParms": { "type": "object", "properties": { "cancelTransaction": { "type": "boolean", "description": "For smart credential push Signature the transaction can be canceled by setting cancel to true." }, "transactionId": { "type": "string", "description": "The transactionId for smart credential complete sign operation." } }, "description": "Parameters for the smart credential complete sign operation." }, "SmartCredentialCompleteSignResponse": { "type": "object", "properties": { "certChain": { "type": "array", "description": "The smart credential complete sign base-64 encoded certificate Chain.", "items": { "type": "string", "description": "The smart credential complete sign base-64 encoded certificate Chain." } }, "digestSignature": { "type": "string", "description": "The smart credential complete sign response digestSignature." }, "status": { "type": "string", "description": "The smart credential complete sign response status.", "enum": [ "CONFIRM", "CONCERN", "CANCEL", "NO_RESPONSE" ] } }, "description": "Information returned from the smart credential complete sign operation." }, "SmartCredentialParms": { "type": "object", "properties": { "cardDigitalConfigId": { "type": "string", "description": "The UUID of the Card Digital Id config of this smart credential. It can be specified in either the create or update operations. If not set, the smart credential will not have a Card Digital Id." }, "cardHolderDigitalConfigId": { "type": "string", "description": "The UUID of the Card Holder Digital Id config of this smart credential. It can be specified in either the create or update operations. If not set, the smart credential will not have a Card Holder Digital Id." }, "scDefnId": { "type": "string", "description": "The UUID of the Smart Credential Definition that defines this smart credential. It must be specified when the smart credential is created and can be updated for an existing smart credential." }, "state": { "type": "string", "description": "The state of the smart credential. Only smart credentials in the ACTIVE state can be used for authentication.", "enum": [ "ACTIVE", "INACTIVE" ] }, "userId": { "type": "string", "description": "The UUID of the user that owns this smart credential. This value must be specified when the smart credential is created and is read-only after that." }, "variableValues": { "type": "array", "description": "When creating or modifying a smart credential, the variable values specify a list of variable values to be set.", "items": { "$ref": "#/components/schemas/SCVariableValue" } } }, "description": "Parameters for the smart credential to be created including the UUID of the user for which the smart credential will be created." }, "SmartCredentialStartSignParms": { "type": "object", "properties": { "digest": { "type": "string", "description": "The digest value that will be signed by the smart credential." }, "digestHashAlg": { "type": "string", "description": "The hashing algorithm that will be used to sign the digest value. It must be one of the values \"SHA-1\", \"SHA-224\", \"SHA-256\", \"SHA-384\", \"SHA-512\".", "example": "SHA-256" }, "digestKey": { "type": "string", "description": "Specify which key on the smart credential is used to sign the digest. If not specified it defaults to PIV_AUTHENTICATION.", "example": "DIGITAL_SIGNATURE", "enum": [ "PIV_AUTHENTICATION", "DIGITAL_SIGNATURE", "CARD_AUTHENTICATION" ] }, "summary": { "type": "string", "description": "The smart credential push signature challenge that appears in the user's mobile application.", "example": "You have requested to Sign the loan application." } }, "description": "Parameters for the smart credential start sign operation." }, "SmartCredentialStartSignResponse": { "type": "object", "properties": { "transactionId": { "type": "string", "description": "The smart credential push signature transactionId returned from the start sign operation." } }, "description": "Information returned from the smart credential start sign operation." }, "SmartCredentialUnblockParms": { "type": "object", "properties": { "challenge": { "type": "string", "description": "The smart credential unblock challenge generated from the smart credential." } }, "description": "Parameters for the smart credential unblock operation." }, "SmartCredentialUnblockResponse": { "type": "object", "properties": { "response": { "type": "string", "description": "The smart credential unblock response that needs to be provided to the smart credential to allowed it to complete the unblock operation." } }, "description": "Information returned from the smart credential unblock operation." }, "SmsVoice": { "type": "object", "properties": { "allotment": { "type": "integer", "description": "The number of entitlements allotted to the current account. If the account is an SP then entitlements can be allocated to child accounts.", "format": "int32", "example": 400 }, "consumed": { "type": "integer", "description": "The entitlements consumed since start date during the entitlement period.", "format": "int32" }, "endDate": { "type": "string", "description": "The date when the entitlement will end.", "format": "date-time", "example": "2020-02-19T00:00:00Z" }, "gracePeriodEndDate": { "type": "string", "description": "The date when the grace period for the entitlement will end.", "format": "date-time", "example": "2020-02-19T00:00:00Z" }, "overageType": { "type": "string", "description": "The overage type of this entitlement.", "example": "YES", "enum": [ "YES", "NO", "UNLIMITED" ] }, "quantity": { "type": "integer", "description": "The number of SMS/Voice credits allowed during the period.", "format": "int32", "example": 1000 }, "renewalQuantity": { "type": "integer", "description": "The number of SMS/Voice credits allowed when the entitlement is renewed.", "format": "int32", "example": 1000 }, "startDate": { "type": "string", "description": "The date when the entitlement starts.", "format": "date-time", "example": "2019-02-19T00:00:00Z" } }, "description": "Sms/Voice entitlements of a tenant." }, "SmsVoiceParms": { "type": "object", "properties": { "deleteEntitlement": { "type": "boolean", "description": "If set to true when updating an SMSVOICE entitlement, the existing entitlement is removed. This attribute is ignored when creating an SMSVOICE entitlement." }, "endDate": { "type": "string", "description": "The date when the entitlement period will end. The value must be after the start date. ", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "quantity": { "type": "integer", "description": "The number of SMS/Voice credits allowed during the entitlement period.", "format": "int32", "example": 1000 }, "renewalQuantity": { "type": "integer", "description": "The number of SMS/Voice credits allowed when the entitlement is renewed.", "format": "int32", "example": 1000 }, "startDate": { "type": "string", "description": "The date when the entitlement period starts. This value cannot be in the future. If not specified, it defaults to the current date.", "format": "date-time", "example": "2019-02-19T13:15:27Z" } }, "description": "Parameters passed when setting the SMS/Voice entitlements of a tenant." }, "SpIdentityProvider": { "required": [ "enabled", "name" ], "type": "object", "properties": { "clientId": { "type": "string", "description": "The client id of this tenant management." }, "defaultMaxAge": { "type": "integer", "description": "The default max age of this tenant management.", "format": "int32" }, "displayConsent": { "type": "boolean", "description": "Whether this tenant management should display consent." }, "enabled": { "type": "boolean", "description": "Whether tenant management is enabled." }, "initiateLoginUri": { "type": "string", "description": "The initiate login URI of this tenant management." }, "name": { "type": "string", "description": "The name of this tenant management." }, "signingKeyId": { "type": "string", "description": "The signing key of this tenant management." } }, "description": "A tenant management configuration." }, "SpIdentityProviderParms": { "required": [ "enabled" ], "type": "object", "properties": { "createDefaultResourceRule": { "type": "boolean", "description": "Whether an initial default resource rule accessible to all users should be created for this tenant management. This is only used if tenant management was previously disabled. If not set, it defaults to false." }, "defaultMaxAge": { "type": "integer", "description": "The default max age of this tenant management. If not set, it is not used.", "format": "int32" }, "disableSSODefaultResourceRule": { "type": "boolean", "description": "If an initial default resource rule is enabled, whether to disable SSO. This is only used if an initial default resource rule is being enabled. If not set, it defaults to false." }, "displayConsent": { "type": "boolean", "description": "Whether this tenant management should display consent. If not set, it defaults to false." }, "enabled": { "type": "boolean", "description": "Whether tenant management is enabled." }, "signingKeyId": { "type": "string", "description": "The signing key of this tenant management." } }, "description": "Parameters passed when setting tenant management." }, "SyncUser": { "required": [ "status", "userId", "uuid" ], "type": "object", "properties": { "directoryId": { "type": "string", "description": "The directory Id for this user." }, "directoryUuid": { "type": "string", "description": "The directory uuid for this user." }, "searchBaseId": { "type": "string", "description": "The searchBase Id for this user." }, "status": { "type": "string", "description": "The outcome of the synchronization.", "enum": [ "CONVERTED", "CREATED", "DELETED", "LOCALIZED_ENABLED", "LOCALIZED_DISABLED", "UPDATED" ] }, "userId": { "type": "string", "description": "The user Id for this user." }, "uuid": { "type": "string", "description": "The uuid for this user." } }, "description": "The values associated with a synchronized user. This structure is returned when synchronizing a user." }, "SyncUserParms": { "required": [ "directoryId", "id" ], "type": "object", "properties": { "directoryId": { "type": "string", "description": "The directory id for this synchronization. This value is required", "example": "993dd9b4-e25c-433b-aac6-868b596763a6" }, "id": { "type": "string", "description": "The id of the user to be synchronized. The type of the id is specified by idType.", "example": "jsmith" }, "idType": { "type": "string", "description": "The type of the id identifying the user. The value can be one of UUID (the user's internal UUID) or USERID (the user's userId). The value of EXTERNALID is currently not supported. If not specified, this defaults to USERID.", "enum": [ "UUID", "USERID", "EXTERNALID" ] } }, "description": "Parameters for synchronization." }, "TempAccessCode": { "type": "object", "properties": { "code": { "type": "string", "description": "The actual temporary access code. This value will only be returned if the administrator has the TEMPACCESSCODECONTENTS:VIEW permission." }, "createDate": { "type": "string", "description": "The date on which this temporary access code was created.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "expired": { "type": "boolean", "description": "A flag indicating if this temporary access code is expired now." }, "expiryDate": { "type": "string", "description": "The expiry date of this temporary access code. If not set, it never expires.", "format": "date-time", "example": "2019-03-19T13:15:27Z" }, "id": { "type": "string", "description": "The unique UUID assigned to the temporary access code when it is created." }, "maxUses": { "type": "integer", "description": "The maximum number of times this temporary access code can be used. If not set, there are no limits.", "format": "int32" }, "numUses": { "type": "integer", "description": "The number of times this temporary access code has been used.", "format": "int32" } }, "description": "Information returned from the service about a temporary access code." }, "Tenant": { "required": [ "authenticationAccount", "companyName", "hostname", "id", "issuanceAccount", "locked", "serviceProvider", "spIdp" ], "type": "object", "properties": { "authenticationAccount": { "type": "boolean", "description": "A flag indicating if this tenant is an authentication account." }, "companyName": { "type": "string", "description": "The name of the company that owns this tenant.", "example": "MyCompany Corp." }, "contractMode": { "type": "string", "description": "The contract mode of a tenant, allowable values = 'PRODUCTION', 'TRIAL', example='TRIAL'.", "enum": [ "PRODUCTION", "TRIAL", "UNKNOWN" ] }, "hostname": { "type": "string", "description": "The hostname of the tenant.", "example": "mycompany.us.trustedauth.com" }, "id": { "type": "string", "description": "The UUID of this tenant within the service provider." }, "issuanceAccount": { "type": "boolean", "description": "A flag indicating if this tenant is an issuance account." }, "locked": { "type": "boolean", "description": "A flag indicating if this tenant has been locked." }, "otpProviderId": { "type": "string", "description": "The ID of the preferred OTP provider associated with this tenant, if any. Only visible to root tenant." }, "previousHostname": { "type": "string", "description": "The previous hostname of the tenant.", "example": "mycompany.us.trustedauth.com" }, "serviceProvider": { "type": "boolean", "description": "A flag indicating if this child tenant is a service provider." }, "spIdp": { "type": "boolean", "description": "A flag indicating if this tenant is enabled for tenant management authentication." } }, "description": "Information returned about a tenant of a service provider." }, "TenantParms": { "required": [ "companyName", "domain" ], "type": "object", "properties": { "authenticationAccount": { "type": "boolean", "description": "When creating a new tenant as a child of the root service provider set this to true if the tenant is to be an authentication service. If not specified, it defaults to true. You cannot set the authenticate and issuance values to both true or both false. A child of a non-root service provider inherits the value of its service provider and if specified, this value is ignored.", "example": true }, "companyCountry": { "type": "string", "description": "The country two-letter code (ISO 3166-1) of the location of the company that will own this account.", "example": "ca" }, "companyName": { "type": "string", "description": "The name of the company that will own this account. This value is required.", "example": "MyCompany Corp." }, "companyState": { "type": "string", "description": "The province/state two-letter code (postal abbreviation) of the location of the company that will own this account. This value is required for companies in the United States or Canada when the companyCountry attribute is provided.", "example": "ON" }, "domain": { "type": "string", "description": "The domain for this account. This value is required when creating a tenant", "example": "mycompany" }, "issuanceAccount": { "type": "boolean", "description": "When creating a new tenant as a child of the root service provider set this to true if the tenant is to be an issuance service. If not specified, it defaults to false. You cannot set the authenticate and issuance values to both true or both false. A child of a non-root service provider inherits the value of its service provider and if specified, this value is ignored.", "example": false }, "serviceProvider": { "type": "boolean", "description": "When creating a new tenant set this to true if the tenant is to be a service provider.", "example": true } }, "description": "Parameters passed when creating a tenant." }, "TenantsPage": { "required": [ "results" ], "type": "object", "properties": { "paging": { "$ref": "#/components/schemas/Paging" }, "results": { "type": "array", "description": "A single page with the list of tenants found.", "items": { "$ref": "#/components/schemas/Tenant" } } }, "description": "Contains paging information and the results from a tenants search." }, "Token": { "required": [ "appVerified", "deviceVerified" ], "type": "object", "properties": { "algorithmType": { "type": "string", "description": "The algorithm type used by the token that was created or loaded into the system to generate OTP values.", "enum": [ "AT", "OATH_HOTP", "OATH_OCRA", "OATH_TOTP", "VENDOR" ] }, "allowedActions": { "type": "array", "description": "Actions that can be performed on this token.", "items": { "type": "string", "description": "Actions that can be performed on this token.", "enum": [ "ACTIVATE", "REACTIVATE", "ACTIVATE_COMPLETE", "DELETE", "UNLOCK", "ENABLE", "DISABLE", "RESET", "ASSIGN", "UNASSIGN" ] } }, "appVerified": { "type": "boolean", "description": "A flag indicating if the token was activated on a verified app." }, "description": { "type": "string", "description": "Optional text describing this token." }, "deviceVerified": { "type": "boolean", "description": "A flag indicating if the token is activated on a verified device." }, "groups": { "type": "array", "description": "The UUIDs of groups to which this token belongs. This value is only used for unassigned tokens. Only groups to which the current administrator has access will be returned.", "items": { "type": "string", "description": "The UUIDs of groups to which this token belongs. This value is only used for unassigned tokens. Only groups to which the current administrator has access will be returned." } }, "id": { "type": "string", "description": "The unique UUID assigned to the token when it is created." }, "identityVerificationStatus": { "type": "string", "description": "The identity verification status of the token.", "enum": [ "NOT_REQUIRED", "REQUIRED", "PENDING", "VERIFIED", "FAILED" ] }, "label": { "type": "string", "description": "Optional label to identify an assigned token: a String up to 100 characters.", "example": "PENDING" }, "lastUsedDate": { "type": "string", "description": "The date on which the token was last used for authentication. This value will be null if the token has never been used.", "format": "date-time", "example": "2019-02-20T10:05:27Z" }, "loadDate": { "type": "string", "description": "The date on which the token was created or loaded into the system.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "logo": { "type": "string", "description": "Base-64 encoded logo. If a custom logo is provided by the customer it is returned. Otherwise a system default logo is returned." }, "name": { "type": "string", "description": "An optional name for the token." }, "platform": { "type": "string", "description": "The mobile device platform on which an Entrust Soft Token was activated." }, "registeredForTransactions": { "type": "boolean", "description": "A flag indicating if the Entrust Soft Token has registered for transactions. Only tokens that are registered can perform token push authentication." }, "serialNumber": { "type": "string", "description": "The serial number of the token either generated when the token was created or loaded into the system." }, "state": { "type": "string", "description": "The state of the token. For most tokens, only tokens in the ACTIVE state can be used for authentication. Google Authenticator tokens in the ACTIVATING state can also be used for authentication.", "enum": [ "NEW", "ACTIVATING", "ACTIVE", "INACTIVE", "UNASSIGNED" ] }, "supportsChallengeResponse": { "type": "boolean", "description": "A flag indicating if the Token supports challenge response processing.", "example": false }, "supportsResponse": { "type": "boolean", "description": "A flag indicating if the Token supports response processing.", "example": true }, "supportsSignature": { "type": "boolean", "description": "A flag indicating if the Token supports signature processing.", "example": false }, "supportsUnlock": { "type": "boolean", "description": "A flag indicating if the Token supports unlock processing.", "example": true }, "supportsUnlockTOTP": { "type": "boolean", "description": "A flag indicating if the Token supports unlock using TOTP processing.", "example": false }, "type": { "type": "string", "description": "The type of token specified when the token was created or loaded into the system.", "enum": [ "ENTRUST_PHYSICAL_TOKEN", "ENTRUST_SOFT_TOKEN", "GOOGLE_AUTHENTICATOR", "OATH_PHYSICAL_TOKEN", "ENTRUST_LEGACY_TOKEN" ] }, "userId": { "type": "string", "description": "If the token is assigned to a user, this value specifies that user's user id." } }, "description": "Information returned from the service about a token." }, "TokenCreateParms": { "type": "object", "properties": { "activateParms": { "$ref": "#/components/schemas/ActivateParms" } }, "description": "Optional arguments specifying if the new token is automatically activated. If these arguments are not specified, the token is activated using activation defaults." }, "TokenParms": { "type": "object", "properties": { "groups": { "type": "array", "description": "When modifying unassigned tokens the list of UUIDs of groups to which the tokens will belong. If an empty list is provided, the unassigned token will not belong to any groups.", "items": { "type": "string", "description": "When modifying unassigned tokens the list of UUIDs of groups to which the tokens will belong. If an empty list is provided, the unassigned token will not belong to any groups." } } }, "description": "Arguments specified changes to the token." }, "TokensPage": { "required": [ "results" ], "type": "object", "properties": { "paging": { "$ref": "#/components/schemas/Paging" }, "results": { "type": "array", "description": "A single page with the list of assigned tokens found.", "items": { "$ref": "#/components/schemas/Token" } } }, "description": "Contains paging information and the results from an assigned tokens search." }, "TransactionContext": { "required": [ "denyAccess", "name", "riskLimit", "riskPoint", "transactionRuleRisks" ], "type": "object", "properties": { "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "name": { "type": "string", "description": "The name of this transaction context." }, "riskLimit": { "type": "integer", "description": "The risk points apply if the accumulated risk of each configured transaction rule is above this value.", "format": "int32" }, "riskPoint": { "maximum": 100, "minimum": 0, "type": "integer", "description": "The number of risk points that apply if this context applies.", "format": "int32" }, "transactionRuleRisks": { "type": "array", "description": "The transaction rules associated with this context.", "items": { "$ref": "#/components/schemas/TransactionRuleRisk" } } }, "description": "The transaction context specifies transaction rules. Risk is applied to the authentication 1if the accumulated risk score of the transaction rules is above the risk limit." }, "TransactionDetail": { "type": "object", "properties": { "detail": { "type": "string", "description": "The transaction detail name.", "example": "Amount" }, "usage": { "type": "array", "items": { "type": "string", "description": "The transaction detail usage. If not provided, the attribute supports all usages. RBA indicates that the detail is used for risk-based authentication; TVS indicates that the detail is used for transaction verification.", "example": "RBA", "enum": [ "RBA", "TVS" ] } }, "value": { "type": "string", "description": "The transaction detail value.", "example": "$10,001" } }, "description": "Transaction detail item and its value used with push authenticators and with offline transaction verification." }, "TransactionRuleDescription": { "required": [ "description", "id", "name" ], "type": "object", "properties": { "description": { "type": "string", "description": "The description of this transaction rule." }, "id": { "type": "string", "description": "The UUID of this transaction rule." }, "name": { "type": "string", "description": "The name of this transaction rule." } }, "description": "Information stored for a transaction rule description." }, "TransactionRuleRisk": { "required": [ "riskScore", "transactionRuleId" ], "type": "object", "properties": { "riskScore": { "maximum": 100, "minimum": 1, "type": "integer", "description": "The risk score that applies if this transaction rule is triggered.", "format": "int32" }, "transactionRuleId": { "type": "string", "description": "The id of the transaction rule associated with this risk definition." } }, "description": "Information associated with the risk of a specific transaction rule within a transaction context." }, "TravelVelocityContext": { "required": [ "denyAccess", "riskPoint" ], "type": "object", "properties": { "denyAccess": { "type": "boolean", "description": "If true, the resource rule evaluating the context will return Access Denied." }, "riskPoint": { "maximum": 100, "minimum": 0, "type": "integer", "description": "The number of risk points that apply if this context applies.", "format": "int32" } }, "description": "Travel velocity checks to see if the time between authentications at different locations means the user has traveled faster than a given velocity. If the velocity is exceeded, risk applies." }, "UnlockParms": { "required": [ "unlockChallenge" ], "type": "object", "properties": { "unlockChallenge": { "type": "string", "description": "The unlock challenge generated by the token when it is locked." } }, "description": "Parameters specifying parameters for the token unlock operation." }, "UnlockResult": { "required": [ "unlockCode" ], "type": "object", "properties": { "unlockCode": { "type": "string", "description": "The unlock code generated by the service in response to the unlock challenge. This value should be entered into the token to complete the unlock." } }, "description": "The response returned from a token unlock operation." }, "UnsyncUserParms": { "required": [ "id" ], "type": "object", "properties": { "id": { "type": "string", "description": "The id of the user to be unsynchronized. The type of the id is specified by idType.", "example": "jsmith" }, "idType": { "type": "string", "description": "The type of the id identifying the user. The value can be one of UUID (the user's internal UUID) or USERID (the user's userId). The value of EXTERNALID is currently not supported. If not specified, this defaults to USERID.", "enum": [ "UUID", "USERID", "EXTERNALID" ] } }, "description": "Parameters for unsynchronization." }, "UpdateUserParms": { "required": [ "id", "parms" ], "type": "object", "properties": { "id": { "type": "string", "description": "The id of the user to be updated. The type of the id is specified by idType." }, "idType": { "type": "string", "description": "The type of the id identifying the user. The value can be one of UUID (the user's internal UUID), USERID (the user's userId) or EXTERNALID (the externalId of the user). If not specified, this defaults to UUID.", "enum": [ "UUID", "USERID", "EXTERNALID" ] }, "parms": { "$ref": "#/components/schemas/UserParms" } }, "description": "When updating multiple users in a single request, the UpdateUserParms value contains the update parameters for a single user. It will include the id of the user to be updated and the parameters to be changed for that user." }, "UpdateUserResult": { "required": [ "success" ], "type": "object", "properties": { "error": { "$ref": "#/components/schemas/ErrorInfo" }, "success": { "type": "boolean", "description": "Indicates if the user was successfully updated (true) or not (false)." } }, "description": "When updating multiple users in a single request, the UpdateUserResult value contains the result for a single user. It will indicate if the operation succeeded and if it failed will include error information describing why the operation failed." }, "UpdateUsersParms": { "required": [ "users" ], "type": "object", "properties": { "stopOnError": { "type": "boolean", "description": "If set to true, the operation stops on the first operation that fails. Otherwise the operation continues for each specified user. If not specified, this defaults to false." }, "users": { "type": "array", "description": "The list of users to be updated.", "items": { "$ref": "#/components/schemas/UpdateUserParms" } } }, "description": "The list of users to update and the parameters to change for each user." }, "UsageInfo": { "required": [ "aggregationPeriod", "count", "endTime", "id", "startTime", "tenantId", "trial", "usageType" ], "type": "object", "properties": { "aggregationPeriod": { "type": "string", "description": "The aggregation period used.", "example": "DAILY", "enum": [ "DAILY", "WEEKLY", "MONTHLY" ] }, "bundleType": { "type": "string", "description": "The service bundle." }, "count": { "type": "integer", "description": "The entitlements used in the aggregation period.", "format": "int64" }, "endTime": { "type": "string", "description": "The end time of the aggregation period.", "example": "2019-02-19T00:00:00Z" }, "id": { "type": "string", "description": "The unique UUID for this usage info." }, "startTime": { "type": "string", "description": "The start time of the aggregation period.", "example": "2019-02-19T00:00:00Z" }, "tenantId": { "type": "string", "description": "The unique UUID of the tenant." }, "trial": { "type": "boolean", "description": "Whether the usage is associated to a trial tenant.", "example": true }, "usageType": { "type": "string", "description": "The type of this entitlement.", "example": "USERS", "enum": [ "USERS", "ISSUANCE" ] } }, "description": "Entitlement usage information of a tenant." }, "UsageInfoPage": { "required": [ "results" ], "type": "object", "properties": { "paging": { "$ref": "#/components/schemas/Paging" }, "results": { "type": "array", "description": "A single page with the list of usage info found.", "items": { "$ref": "#/components/schemas/UsageInfo" } } }, "description": "Contains paging information and the results from a tenant usage info search." }, "User": { "type": "object", "properties": { "alternateEmails": { "type": "array", "description": "A list of all the users alternate emails.", "items": { "$ref": "#/components/schemas/UserAlternateEmails" } }, "authenticatorLockoutStatus": { "type": "array", "description": "A list of all authenticators that the user has with their lockout status.", "items": { "$ref": "#/components/schemas/UserAuthenticatorLockoutStatus" } }, "directoryDN": { "type": "string", "description": "The DN of the user in the directory the user was synchronized from." }, "directoryId": { "type": "string", "description": "If the user was synchronized from a directory, the UUID of that directory." }, "directoryName": { "type": "string", "description": "If the user was synchronized from a directory, the name of that directory." }, "directoryObjectGUID": { "type": "string", "description": "The objectGUID of the user in the directory the user was synchronized from." }, "directoryType": { "type": "string", "description": "The type of the directory user was synchronized from.", "enum": [ "ON_PREM", "AZURE", "AD_CONNECTOR" ] }, "email": { "type": "string", "description": "The email address of this user. This value may or may not be required depending on configuration. It must be set to use EMAIL OTP authentication and other features that require an email address." }, "externalId": { "type": "string", "description": "An optional external ID for this user. This value can be used to track the external identity of an Identity as a Service user. ", "example": "John" }, "externalSource": { "type": "string", "description": "An optional value that describes the source when the user is synchronized from an external source." }, "fidoTokens": { "type": "array", "description": "A list of all the FIDO tokens owned by this user.", "items": { "$ref": "#/components/schemas/FIDOToken" } }, "firstName": { "type": "string", "description": "The first name of this user. This value may or may not be required depending on configuration." }, "frozen": { "type": "boolean", "description": "Indicates whether a user is unable to authenticate due to inactivity.", "example": true }, "frozenGracePeriod": { "type": "string", "description": "Indicates a user's frozen grace period.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "grids": { "type": "array", "description": "A list of all the grids owned by this user.", "items": { "$ref": "#/components/schemas/Grid" } }, "groups": { "type": "array", "description": "A list of all groups to which this user belongs.", "items": { "$ref": "#/components/schemas/Group" } }, "id": { "type": "string", "description": "The unique UUID for this user. This value is generated by the service when a user is created." }, "lastAuthTime": { "type": "string", "description": "The last time this user successfully authenticated. Null if the user has never authenticated.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "lastModified": { "type": "string", "description": "When the user was last modified.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "lastName": { "type": "string", "description": "The last name of this user. This value may or may not be required depending on configuration." }, "locale": { "type": "string", "description": "The locale of this user. If not set, the default account locale will be used." }, "locked": { "type": "boolean", "description": "A flag indicating if this user is locked." }, "lockedAuthenticatorTypes": { "type": "array", "description": "The user authenticators that are locked.", "items": { "type": "string", "description": "The user authenticators that are locked.", "enum": [ "MACHINE", "PASSWORD", "EXTERNAL", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "SMARTCREDENTIALPUSH", "PASSWORD_AND_SECONDFACTOR", "SMART_LOGIN", "IDP", "PASSKEY", "IDP_AND_SECONDFACTOR", "USER_CERTIFICATE", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "lockedAuthenticators": { "type": "array", "description": "The user authenticators that are locked. Deprecated: use lockedAuthenticatorTypes", "deprecated": true, "items": { "type": "string", "description": "The user authenticators that are locked. Deprecated: use lockedAuthenticatorTypes", "deprecated": true, "enum": [ "PASSWORD", "KBA", "TEMP_ACCESS_CODE", "GRID", "OTP_EMAIL", "OTP_SMS", "OTP_VOICE", "ENTRUST_SOFT_TOKEN", "ENTRUST_SOFT_TOKEN_PUSH", "GOOGLE_AUTHENTICATOR", "HARDWARE_TOKEN", "FIDO", "SMARTCREDENTIALPUSH", "USER_CERTIFICATE", "MACHINE", "FACE", "PASSTHROUGH", "TOKENCR", "MAGICLINK" ] } }, "lockoutExpiry": { "type": "string", "description": "If the user is locked, this value will specify the time at which the lockout will expire.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "magicLinkEnabled": { "type": "boolean", "description": "Indicates whether Magic Links are enabled for this user.", "example": true }, "migrated": { "type": "boolean", "description": "A flag indicating if this user was migrated from Entrust IdentityGuard." }, "mobile": { "type": "string", "description": "The mobile number of this user. This value may or may not be required depending on configuration. It must be set to use SMS OTP authentication." }, "oauthRoles": { "type": "array", "description": "A list of all oauth roles to which this user belongs.", "items": { "$ref": "#/components/schemas/OAuthRole" } }, "organizations": { "type": "array", "description": "A list of the user organizations.", "items": { "$ref": "#/components/schemas/Organization" } }, "otpCreateTime": { "type": "string", "description": "If the user has an OTP, this attribute specifies when the user's OTP was created.", "format": "date-time", "example": "2019-02-11T11:45:27Z" }, "passwordCompromised": { "type": "boolean", "description": "A flag indicating if the user password is compromised." }, "passwordExpirationTime": { "type": "string", "description": "The password expiration time.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "phone": { "type": "string", "description": "The phone number of this user. This value may or may not be required depending on configuration. It must be set to use VOICE OTP authentication." }, "preferredOtpDelivery": { "type": "string", "description": "Preferred OTP delivery type (SMS, EMAIL or VOICE) or SYSTEM to use the system defined default.", "example": "SYSTEM", "enum": [ "EMAIL", "SMS", "VOICE", "SYSTEM" ] }, "preferredOtpDeliveryContactAttributes": { "type": "object", "additionalProperties": { "type": "string", "description": "Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type).", "example": "{\"OTP_EMAIL\":\"Email\",\"OTP_SMS\":\"Personal Mobile\",\"OTP_VOICE\":\"default\"}" }, "description": "Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type).", "example": { "OTP_EMAIL": "Email", "OTP_SMS": "Personal Mobile", "OTP_VOICE": "default" } }, "registrationEnabled": { "type": "boolean", "description": "Indicates whether registration is enabled for this user.", "example": true }, "registrationRequired": { "type": "boolean", "description": "Indicates whether self-registration is required. This attribute doesn't apply to administrators.", "example": true }, "securityId": { "type": "string", "description": "The security ID of this user. The security ID is a unique value used to identity the user when performing smart card login to Microsoft Windows.", "example": "8c35d5f2-a18a-11ed-a8fc-0242ac120002" }, "showNotification": { "type": "boolean", "description": "Indicates whether to show notifications to this user.", "example": true }, "smartCredentials": { "type": "array", "description": "A list of all the smart credentials owned by this user.", "items": { "$ref": "#/components/schemas/SmartCredential" } }, "state": { "type": "string", "description": "The state of this user. Only users in the ACTIVE state can perform authentication.", "enum": [ "ACTIVE", "INACTIVE" ] }, "tempAccessCode": { "$ref": "#/components/schemas/TempAccessCode" }, "tokens": { "type": "array", "description": "A list of all the tokens owned by this user.", "items": { "$ref": "#/components/schemas/Token" } }, "type": { "type": "string", "description": "The type of user. A value of LDAP_AD means the user was synchronized from a directory. A value of MGMT_UI means the user was created in Identity as a Service. A value of EXTERNAL means the user was synchronized from an external source.", "enum": [ "LDAP_AD", "MGMT_UI", "EXTERNAL" ] }, "userAliases": { "type": "array", "description": "A list of user aliases for this user.", "items": { "$ref": "#/components/schemas/UserAlias" } }, "userAttributeValues": { "type": "array", "description": "A list of user attribute values for this user.", "items": { "$ref": "#/components/schemas/UserAttributeValue" } }, "userAuthenticatorPreference": { "type": "array", "description": "The user authenticator preference list.", "items": { "type": "string", "description": "The user authenticator preference list.", "enum": [ "MACHINE", "PASSWORD", "EXTERNAL", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "SMARTCREDENTIALPUSH", "PASSWORD_AND_SECONDFACTOR", "SMART_LOGIN", "IDP", "PASSKEY", "IDP_AND_SECONDFACTOR", "USER_CERTIFICATE", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "userCreationTime": { "type": "string", "description": "The time this user was created. ", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "userExtraAttributes": { "type": "array", "description": "A list of extra optional attributes for this user.", "items": { "$ref": "#/components/schemas/UserExtraAttribute" } }, "userId": { "type": "string", "description": "The user ID for this user." }, "userPrincipalName": { "type": "string", "description": "The user principal name of this user. This value may or may not be required depending on configuration." }, "verificationEnabled": { "type": "boolean", "description": "Indicates whether verification is enabled for this user.", "example": true }, "verificationRequired": { "type": "boolean", "description": "Indicates whether verification is required. This attribute doesn't apply to administrators.", "example": true } }, "description": "The values stored for a user. This structure is passed when creating or modifying a user. It is returned when querying a user." }, "UserAlias": { "type": "object", "properties": { "id": { "type": "string", "description": "The UUID of this user alias set when the user alias is created.", "example": "76234da-3cf2-4t6u-8d02-8234fdfc472" }, "type": { "type": "string", "description": "The type of user alias. A value of USERID is used for an alias that will represent the actual user id value. A value of CUSTOM is used for aliases manually created by an administrator. A value of DERIVED is defined for future use and should not be used at this time.", "enum": [ "CUSTOM", "DERIVED", "USERID" ] }, "userId": { "type": "string", "description": "The UUID of the user to which this user alias belongs.", "example": "42133ed4-3cf2-4t6u-8d02-8234fdfc472" }, "value": { "type": "string", "description": "The value for the user alias.", "example": "some-alias" } }, "description": "Specifies an alias for a particular user." }, "UserAlternateEmails": { "type": "object", "properties": { "name": { "type": "string", "description": "Name of the email attribute.", "example": "Secondary email" }, "value": { "type": "string", "description": "Value of the email attribute.", "example": "secondary@mycompany.com" } }, "description": "Specifies alternate emails for a particular user." }, "UserAttribute": { "required": [ "mandatory", "name", "systemDefined", "unique" ], "type": "object", "properties": { "id": { "type": "string", "description": "The UUID for this user attribute. Generated when the user attribute is created." }, "mandatory": { "type": "boolean", "description": "A flag indicating if users must have a value for this user attribute." }, "name": { "type": "string", "description": "The name of this user attribute." }, "systemDefined": { "type": "boolean", "description": "A flag indicating if this user attribute is one of the system defined user attributes." }, "type": { "type": "string", "description": "Type of user attribute. Currently only used to specify the type of contact if the attribute is to be used for OTP delivery.", "example": "OTP_EMAIL", "enum": [ "NONE", "OTP_EMAIL", "OTP_SMS", "OTP_VOICE", "OTP_WECHAT", "OTP_WHATSAPP" ] }, "unique": { "type": "boolean", "description": "A flag indicating if this attribute is intended to be unique." } }, "description": "Information about user attribute definitions." }, "UserAttributeParms": { "type": "object", "properties": { "mandatory": { "type": "boolean", "description": "A flag indicating if users must have a value for this user attribute. If not specified when creating a user attribute if defaults to false." }, "name": { "type": "string", "description": "The name of this user attribute. This must be specified when creating a user attribute." }, "type": { "type": "string", "description": "Type of user attribute.", "example": "OTP_EMAIL", "enum": [ "NONE", "OTP_EMAIL", "OTP_SMS", "OTP_VOICE", "OTP_WECHAT", "OTP_WHATSAPP" ] }, "unique": { "type": "boolean", "description": "A flag indicating if this attribute is intended to be unique. If not specified when creating a user attribute it defaults to false." } }, "description": "The parameters for the new user attribute." }, "UserAttributeValue": { "type": "object", "properties": { "editable": { "type": "boolean", "description": "A flag indicating if this user attribute value can be modified." }, "id": { "type": "string", "description": "The UUID of this user attribute value set when the user attribute value is created.", "example": "76234da-3cf2-4t6u-8d02-8234fdfc472" }, "lastUpdate": { "type": "string", "description": "The last time the attribute value was updated.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "userAttribute": { "$ref": "#/components/schemas/UserAttribute" }, "userAttributeId": { "type": "string", "description": "The UUID of the user attribute that defines this user attribute value. The userAttributeId must be provided when creating or modifying a user attribute value.", "example": "76234da-3cf2-4t6u-8d02-8234fdfc472" }, "userId": { "type": "string", "description": "The UUID of the user to which this user attribute value belongs.", "example": "John" }, "value": { "type": "string", "description": "The value for the user attribute.", "example": "value" } }, "description": "Specifies the value of a user attribute for a particular user." }, "UserAuthenticatorLockoutStatus": { "type": "object", "properties": { "lockoutDate": { "type": "string", "description": "The date the user was locked. Null means the user is not locked.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "lockoutExpiryDate": { "type": "string", "description": "if remainingAuthenticationAttempts is 0 then a lockoutExpiryDate of null means the lockout never expires. Otherwise a value of null means the user isn't locked out.", "format": "date-time", "example": "2019-02-20T13:15:27Z" }, "name": { "type": "string", "description": "The users named password authentication that is locked out." }, "remainingAuthenticationAttempts": { "type": "integer", "description": "The number of authentication attempts remaining before the user is locked out.", "format": "int32" }, "type": { "type": "string", "description": "The type of the authenticator.", "example": "OTP", "enum": [ "MACHINE", "PASSWORD", "EXTERNAL", "KBA", "TEMP_ACCESS_CODE", "OTP", "GRID", "TOKEN", "TOKENCR", "TOKENPUSH", "FIDO", "SMARTCREDENTIALPUSH", "PASSWORD_AND_SECONDFACTOR", "SMART_LOGIN", "IDP", "PASSKEY", "IDP_AND_SECONDFACTOR", "USER_CERTIFICATE", "FACE", "PASSTHROUGH", "MAGICLINK" ] } }, "description": "Detailed lockout information for each authenticator for a particular user." }, "UserChangeStateParms": { "type": "object", "properties": { "state": { "type": "string", "description": "The new state of the user.", "enum": [ "ACTIVE", "INACTIVE" ] } }, "description": "User parameters including the new state of the user." }, "UserEntitlement": { "type": "object", "properties": { "allotment": { "type": "integer", "description": "The number of entitlements allotted to the current account. If the account is an SP then entitlements can be allocated to child accounts. For subscriber accounts, the allotment is always the same as the quantity amount.", "format": "int32", "example": 130 }, "consumed": { "type": "integer", "description": "The used quantity of this entitlement.", "format": "int32", "example": 37 }, "endDate": { "type": "string", "description": "The date when the entitlement ends.", "format": "date-time", "example": "2020-02-18T23:59:59Z" }, "gracePeriodEndDate": { "type": "string", "description": "The date when the grace period for the entitlement will end.", "format": "date-time", "example": "2020-02-19T00:00:00Z" }, "quantity": { "type": "integer", "description": "The quantity of entitlements purchased for the account.", "format": "int32", "example": 200 }, "startDate": { "type": "string", "description": "The date when the entitlement starts.", "format": "date-time", "example": "2019-02-19T00:00:00Z" } }, "description": "User entitlements of a tenant." }, "UserExpectedLocations": { "required": [ "expectedLocations", "maximumExpectedLocations" ], "type": "object", "properties": { "expectedLocations": { "type": "array", "description": "The list of expected locations stored for this user.", "items": { "$ref": "#/components/schemas/ExpectedLocation" } }, "maximumExpectedLocations": { "type": "integer", "description": "The maximum number of expected locations that can be stored for this user.", "format": "int32" } }, "description": "Information about the expected locations stored for a user." }, "UserExtraAttribute": { "type": "object", "properties": { "id": { "type": "string", "description": "The UUID of this extra user attribute.", "readOnly": true, "example": "76234da-3cf2-4t6u-8d02-8234fdfc472" }, "name": { "type": "string", "description": "The name for the extra user attribute.", "example": "some-attr-name" }, "type": { "type": "string", "description": "Type of custom user attribute.", "example": "OTP_SMS", "enum": [ "NONE", "OTP_EMAIL", "OTP_SMS", "OTP_VOICE", "OTP_WECHAT", "OTP_WHATSAPP" ] }, "value": { "type": "string", "description": "The value for the extra user attribute.", "example": "some-value" } }, "description": "Specifies an extra optional attribute for a particular user." }, "UserFaceSettings": { "required": [ "lifetime" ], "type": "object", "properties": { "lifetime": { "type": "integer", "description": "The lifetime of the authenticator in days.", "format": "int32", "example": 180 } }, "description": "User settings for the Face Biometric authenticator." }, "UserGetParms": { "required": [ "userId" ], "type": "object", "properties": { "userId": { "type": "string", "description": "If fetching a user by userId or alias, this value specifies, the userId or user alias of the user to be fetched. If fetching a user by externalId, this value specifies, the externalId of the user to be fetched.", "example": "John" } }, "description": "The user Id or user alias of the user to be fetched." }, "UserLocation": { "required": [ "id", "lastAuthenticationTime", "numberOfAuthentications" ], "type": "object", "properties": { "city": { "type": "string", "description": "The city name--always returned in upper-case." }, "countryCode": { "type": "string", "description": "A two-character (alpha-2) ISO 3166-1 country code." }, "expiryDate": { "type": "string", "description": "The date this user location will expire.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "id": { "type": "string", "description": "The UUID of the user location." }, "ipAddress": { "type": "string", "description": "The IPv4 Address." }, "isp": { "type": "string", "description": " The ISP name--always returned in upper-case." }, "lastAuthenticationTime": { "type": "string", "description": "The time of the last authentication from this location.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "latitude": { "type": "number", "description": "The latitude.", "format": "float" }, "longitude": { "type": "number", "description": "The longitude.", "format": "float" }, "numberOfAuthentications": { "type": "integer", "description": "The number of times this location was used during authentication.", "format": "int32" }, "privateIpAddress": { "type": "boolean", "description": "Whether the IP provided is a private IP Address." } }, "description": "Information stored describing a user location." }, "UserMachineAuthenticator": { "required": [ "id", "label", "registrationTime" ], "type": "object", "properties": { "expiryTime": { "type": "string", "description": "When this machine secret expires in UTC time", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "id": { "type": "string", "description": "Identifies the device/machine" }, "label": { "type": "string", "description": "Identifies the device/machine from the end-user point of view" }, "lastUsedTime": { "type": "string", "description": "When this machine secret was last used", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "registrationTime": { "type": "string", "description": "When this machine secret was created in UTC time", "format": "date-time", "example": "2019-02-19T13:15:27Z" } }, "description": "UserMachineAuthenticator" }, "UserOrganizationParms": { "type": "object", "properties": { "organizations": { "type": "array", "description": "A list of organization UUIDs to be assigned to this user. If specified, these organizations replace existing organizations.", "items": { "type": "string", "description": "A list of organization UUIDs to be assigned to this user. If specified, these organizations replace existing organizations." } } }, "description": "Parameter with a list of organization UUIDs that will be assigned to the user." }, "UserParms": { "type": "object", "properties": { "applyGracePeriod": { "type": "boolean", "description": "Indicates if the user is granted a new frozen grace period. This value is not used when creating a user. If provided, it will be ignored.", "example": true }, "email": { "type": "string", "description": "The email address of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. It must be set to use EMAIL OTP authentication and other features that require an email address. To remove the existing value, set the value to an empty string.", "example": "johnsmith@organization.com" }, "emailVerification": { "type": "boolean", "description": "Indicates if a verification email message should be sent to the user if the user now requires verification. The user's policy requiring user verification must also be enabled for the user. If not set, this value defaults to true.", "example": true }, "externalId": { "type": "string", "description": "An optional external ID for this user. This value can be used to track the external identity of an Identity as a Service user. To unset the external ID, specify an empty string." }, "externalSource": { "type": "string", "description": "An optional value that describes the source when the user is synchronized from an external source. To unset the external source, specify an empty string." }, "firstName": { "type": "string", "description": "The first name of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. To remove the existing value, set the value to an empty string.", "example": "John" }, "groups": { "type": "array", "description": "A list of group UUIDs to be assigned to this user. If specified, these groups replace existing groups.", "items": { "type": "string", "description": "A list of group UUIDs to be assigned to this user. If specified, these groups replace existing groups." } }, "lastName": { "type": "string", "description": "The last name of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. To remove the existing value, set the value to an empty string.", "example": "Smith" }, "locale": { "type": "string", "description": "The locale of this user. If not set, the default account locale will be used. To remove the existing value, set the value to an empty string.", "example": "en", "enum": [ "da", "de", "en", "es", "fr", "it", "ja", "ko", "nl", "nb", "pl", "pt", "ru", "sv", "th", "tr", "zh-cn", "zh-tw" ] }, "lock": { "type": "boolean", "description": "Indicates if all the user's authenticators are locked or not.", "example": true }, "mobile": { "type": "string", "description": "The mobile number of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. It must be set to use SMS OTP authentication. To remove the existing value, set the value to an empty string.", "example": "+16138691234" }, "oauthRoles": { "type": "array", "description": "A list of oauth role UUIDs to be assigned to this user. If specified, these oauth roles replace existing oauth roles.", "items": { "type": "string", "description": "A list of oauth role UUIDs to be assigned to this user. If specified, these oauth roles replace existing oauth roles." } }, "organizations": { "type": "array", "description": "A list of organization UUIDs to be assigned to this user. If specified, these organizations replace existing organizations.", "items": { "type": "string", "description": "A list of organization UUIDs to be assigned to this user. If specified, these organizations replace existing organizations." } }, "phone": { "type": "string", "description": "The phone number of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. It must be set to use VOICE OTP authentication. To remove the existing value, set the value to an empty string.", "example": "+16138691234" }, "preferredOtpDelivery": { "type": "string", "description": "Preferred OTP delivery type (SMS, EMAIL or VOICE) or SYSTEM to use the system defined default.", "example": "SYSTEM", "enum": [ "EMAIL", "SMS", "VOICE", "SYSTEM" ] }, "preferredOtpDeliveryContactAttributes": { "type": "object", "additionalProperties": { "type": "string", "description": "Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type).", "example": "{\"OTP_EMAIL\":\"Email\",\"OTP_SMS\":\"Personal Mobile\",\"OTP_VOICE\":\"default\"}" }, "description": "Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type).", "example": { "OTP_EMAIL": "Email", "OTP_SMS": "Personal Mobile", "OTP_VOICE": "default" } }, "registrationRequired": { "type": "boolean", "description": "Indicates whether self-registration is required. If not set when the user is created, this value defaults to true.", "example": true }, "securityId": { "type": "string", "description": "The security ID of this user. The security ID is a unique value used to identity the user when performing smart card login to Microsoft Windows.", "example": "8c35d5f2-a18a-11ed-a8fc-0242ac120002" }, "state": { "type": "string", "description": "The state of this user. Only users in the ACTIVE state can perform authentication. If not set when the user is created, this value defaults to ACTIVE.", "example": "ACTIVE", "enum": [ "ACTIVE", "INACTIVE" ] }, "userAliases": { "type": "array", "description": "A list of user aliases for this user. Alias values must be unique with respect to the userId and other aliases of this user and other users.", "items": { "$ref": "#/components/schemas/UserAlias" } }, "userAttributeValues": { "type": "array", "description": "A list of user attribute values for this user.", "items": { "$ref": "#/components/schemas/UserAttributeValue" } }, "userExtraAttributes": { "type": "array", "description": "A list of extra optional attributes for this user.", "items": { "$ref": "#/components/schemas/UserExtraAttribute" } }, "userId": { "type": "string", "description": "The user ID for this user. This value is required when creating the user, optional during update. The userId must be unique with respect to aliases of this user and the userId and aliases of all other users.", "example": "jsmith" }, "userPrincipalName": { "type": "string", "description": "The user principal name of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. To remove the existing value, set the value to an empty string.", "example": "johnsmith@organization.com" }, "verificationRequired": { "type": "boolean", "description": "Indicates whether verification is required. If not set when the user is created, this value defaults to true.", "example": true } }, "description": "Attributes for the new user." }, "UserPassword": { "type": "object", "properties": { "compromised": { "type": "boolean", "description": "Indicates if the user's password has been found in a data breach." }, "expiryNotificationDate": { "type": "string", "description": "The date at which the next password expiry notification will be sent.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "expiryTime": { "type": "string", "description": "The date at which the password will expire.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "forceUpdate": { "type": "boolean", "description": "Indicates if the user will be forced to change their password the next time the user authenticates with it." }, "id": { "type": "string", "description": "The ID of the user password." }, "lastChangedTime": { "type": "string", "description": "The last time the password was changed.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "lastCompromisedCheckTime": { "type": "string", "description": "The date and time of the last Have I Been Pwned api call performed on this password.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "namedPasswordId": { "type": "string", "description": "The named password associated to the user." }, "newPassword": { "type": "string", "description": "The value of the new password generated by IDaaS if requested by the client." }, "present": { "type": "boolean", "description": "A flag that indicates if the user has a password." } }, "description": "Information returned when a user password is queried." }, "UserPasswordParms": { "type": "object", "properties": { "clearPasswordHistory": { "type": "boolean", "description": "If set to true, this flag indicates existing password history is cleared before the new password is created." }, "currentPassword": { "type": "string", "description": "A value for the current password when changing the AD-User password. " }, "emailPassword": { "type": "boolean", "description": "A flag indicating whether to email a new password to the user. It defaults to true." }, "expiryTime": { "type": "string", "description": "The date at which the password will expire.", "format": "date-time", "example": "2019-02-19T13:15:27Z" }, "forceUpdate": { "type": "boolean", "description": "If set to true, this value indicates the user will be forced to change their password upon next password authentication." }, "generatePassword": { "type": "boolean", "description": "A flag indicating whether a new random password is generated. It defaults to false." }, "namedPasswordId": { "type": "string", "description": "The ID of the named password." }, "password": { "type": "string", "description": "A value for the new password when setting the user password. This value is ignored if generatePassword is set to true." }, "passwordFormat": { "type": "string", "description": "Define the password format of new password, it's BCRYPT when importing BCrypted password, it's GETACCESS when importing GetAccess password,it defaults to CLEARTEXT if not provided.When passwordFormat is BCRYPT or GETACCESS, the following restrictions must be enforced:
  • 1.the user must be an IDaaS local user.
  • 2.currentPassword must be null.
  • 3.generatePassword must be false.
  • 4.emailPassword must be false.
  • 5.returnPassword must be false.
", "default": "CLEARTEXT", "enum": [ "CLEARTEXT", "BCRYPT", "GETACCESS" ] }, "returnPassword": { "type": "boolean", "description": "A flag indicating if a password generated by IDaaS should be returned to the caller. This flag is ignored if the password is passed from the client. It defaults to false." } }, "description": "Parameters specifying how the password is to be modified. This value may include an actual password or arguments specifying that the service should create a random password." }, "UserPasswordSettings": { "type": "object", "properties": { "adComplexity": { "type": "boolean", "description": "A boolean flag indication if adComplexity is enabled." }, "includeLowercase": { "type": "string", "description": "Specifies if an lowercase character is required, allowed or not allowed in the password.", "enum": [ "REQUIRED", "ALLOWED", "NOT_ALLOWED" ] }, "includeNonalphanumeric": { "type": "string", "description": "Specifies if non-alphanumeric character is required, allowed or not allowed in the password.", "enum": [ "REQUIRED", "ALLOWED", "NOT_ALLOWED" ] }, "includeNumber": { "type": "string", "description": "Specifies if a numeric character is required, allowed or not allowed in the password.", "enum": [ "REQUIRED", "ALLOWED", "NOT_ALLOWED" ] }, "includeUppercase": { "type": "string", "description": "Specifies if an uppercase character is required, allowed or not allowed in the password.", "enum": [ "REQUIRED", "ALLOWED", "NOT_ALLOWED" ] }, "lifetimeDays": { "type": "integer", "description": "The lifetime of the password in days.", "format": "int32" }, "maximumLength": { "type": "integer", "description": "The maximum length of the password.", "format": "int32" }, "maximumRepeated": { "type": "integer", "description": "Maximum number of repeated characters allowed", "format": "int32" }, "minimumLength": { "type": "integer", "description": "The minimum length of the password.", "format": "int32" }, "minimumLifetime": { "type": "integer", "description": "The minimum lifetime of the password restricting how frequently the password can be changed.", "format": "int32" }, "minimumStrength": { "maximum": 4, "minimum": 0, "type": "integer", "description": "Minimum password strength. Password set/update will be rejected, if strength of the password is less than this value. 0: Disabled, 1: Weak protection from throttled online attacks: very guessable, 3: Good protection from offline attacks: safely unguessable, 4: Strong protection from offline attacks: very unguessable", "format": "int32", "example": 3 }, "namedPasswordEnabled": { "type": "boolean", "description": "Indicates whether the named password policy is enabled for the user." }, "namedPasswordId": { "type": "string", "description": "The ID of the named password." }, "numberOfLowercaseRequired": { "type": "integer", "description": "Number of lower case characters required.", "format": "int32" }, "numberOfNonalphanumericRequired": { "type": "integer", "description": "Required number of non alpha numeric characters required.", "format": "int32" }, "numberOfNumericRequired": { "type": "integer", "description": "Number of numeric characters required.", "format": "int32" }, "numberOfUppercaseRequired": { "type": "integer", "description": "Number of upper case characters required.", "format": "int32" }, "passwordHistorySize": { "type": "integer", "description": "Size of password history for a user.", "format": "int32" } }, "description": "UserPasswordSettings" }, "UserPasswordStrength": { "type": "object", "properties": { "score": { "type": "integer", "description": "Evaluated password strength score.

0:very weak | 1:weak | 2:average | 3:good | 4:strong", "format": "int32", "example": 3 }, "suggestions": { "type": "array", "description": "Suggestions on how the password strength can be improved.", "example": "feedback.dictionary.suggestions.allUppercase", "items": { "type": "string", "description": "Suggestions on how the password strength can be improved.", "example": "feedback.dictionary.suggestions.allUppercase" } } }, "description": "UserPasswordStrength" }, "UserPasswordValidationParms": { "type": "object", "properties": { "ignorePasswordHistory": { "type": "boolean", "description": "If set to true, existing password history is ignored." }, "namedPasswordId": { "type": "string", "description": "The ID of the named password." }, "password": { "type": "string", "description": "New password value that needs to be validated. ", "example": "newPassword123!" } }, "description": "UserPasswordValidationParms" }, "UserPasswordValidationResponse": { "type": "object", "properties": { "adComplexity": { "type": "boolean", "description": "True if password meets the active directory complexity requirements." }, "alias": { "type": "boolean", "description": "True if password meets the userId requirements. Password must not contain user alias." }, "alphaNumeric": { "type": "boolean", "description": "True if password meets the alpha numeric requirements." }, "blacklisted": { "type": "boolean", "description": "True if password does not contain a blacklisted password." }, "directoryType": { "type": "string", "description": "Type of the directory the user is associated with, ON_PREM, AZURE or AD Connector.", "enum": [ "ON_PREM", "AZURE", "AD_CONNECTOR" ] }, "fullName": { "type": "boolean", "description": "True if password meets the full name requirements. Full Name must not be in the password." }, "length": { "type": "boolean", "description": "True if password meets the length requirements." }, "lowerCase": { "type": "boolean", "description": "True if password meets the lower case requirements." }, "nondeterministicValidations": { "type": "array", "description": "List of validations that cannot be determined mostly due to user is AD managed.", "items": { "type": "string", "description": "List of validations that cannot be determined mostly due to user is AD managed." } }, "numeric": { "type": "boolean", "description": "True if password meets the numeric requirements." }, "passwordHistory": { "type": "boolean", "description": "True if password does not match the history if enabled." }, "repeatedCharacters": { "type": "boolean", "description": "True if password meets the repeated characters requirements." }, "strength": { "type": "boolean", "description": "True if password meets the minimum strength requirements." }, "upperCase": { "type": "boolean", "description": "True if password meets the upper case requirements." }, "userID": { "type": "boolean", "description": "True if password meets the userId requirements. Password must not contain userId." }, "userPasswordStrength": { "$ref": "#/components/schemas/UserPasswordStrength" } }, "description": "UserPasswordValidationResponse" }, "UserQuestion": { "type": "object", "properties": { "answer": { "type": "string", "description": "The question's answer." }, "id": { "type": "string", "description": "The UUID of the KBA question/answer." }, "question": { "type": "string", "description": "The question." } }, "description": "A KBA question/answer stored for a user." }, "UserRbaSettings": { "type": "object", "properties": { "locationHistoryIpCheckRequired": { "type": "boolean", "description": "A flag indicating if the IP address is considered when checking to see if two locations are the same." }, "maximumLocationHistory": { "type": "integer", "description": "The maximum number of user locations stored in location history.", "format": "int32" }, "velocityCheckRequired": { "type": "boolean", "description": "A flag indicating if a velocity check is performed when checking the current location against location history." } }, "description": "The new RBA settings." }, "UsersPage": { "required": [ "results" ], "type": "object", "properties": { "paging": { "$ref": "#/components/schemas/Paging" }, "results": { "type": "array", "description": "A single page with the list of users found.", "items": { "$ref": "#/components/schemas/User" } } }, "description": "Contains paging information and the results from a user search." }, "Webhook": { "required": [ "callbackUrl", "enabled", "id" ], "type": "object", "properties": { "callbackUrl": { "type": "string", "description": "The callback url of the webhook.", "example": "https://mycompany.com/api" }, "enabled": { "type": "boolean", "description": "A flag indicating if the webhook is enabled.", "example": true }, "events": { "type": "array", "description": "The events of the webhook.", "items": { "$ref": "#/components/schemas/WebhookEvent" } }, "expired": { "type": "boolean", "description": "A flag indicating if the webhook has expired.", "example": false }, "expiryDate": { "type": "string", "description": "The timestamp of when the webhook is set to expire. If no expiry is set, this value will be NULL.", "example": "2019-02-19T13:15:27" }, "id": { "type": "string", "description": "The ID of the webhook. This value is generated when the webhook is created." }, "token": { "type": "string", "description": "The unique webhook token.", "example": "Base64 Encoded String" } }, "description": "Information returned about a webhook." }, "WebhookEvent": { "required": [ "type" ], "type": "object", "properties": { "filter": { "type": "string", "description": "Subset of resource, or group IDs of the webhook event. All resources are selected by default if this parameter is not specified.", "example": "[{\"enrollmentDesignId\":\"fd1d1b86-d258-4332-ad89-ead30d2dae7f\"}]" }, "id": { "type": "string", "description": "The ID of the webhook event. This value is not needed when creating/updating a webhook." }, "type": { "type": "string", "description": "The event type set to trigger the webhook.", "example": "credential.create | credential.update | credential.delete | user.create" } }, "description": "Information returned about the events of a webhook." }, "WebhookParms": { "required": [ "callbackUrl", "events" ], "type": "object", "properties": { "callbackUrl": { "type": "string", "description": "The client callback url for this webhook.", "example": "https://mycompany.com/api" }, "enabled": { "type": "boolean", "description": "A flag indicating if the webhook is enabled.", "example": true, "default": true }, "events": { "type": "array", "description": "The list of webhook events.", "items": { "$ref": "#/components/schemas/WebhookEvent" } }, "expiry": { "maximum": 1000, "minimum": 0, "type": "integer", "description": "How long to keep the webhook alive for (in days). Value of 0 means no expiration. Once a webhook has reached expiry, it will be marked as disabled. This parameter is optional and is not set by default.", "format": "int32", "example": 90 } }, "description": "Parameters including the callback URL and list of events to trigger the webhook." } }, "securitySchemes": { "AdminAPIAuthentication": { "type": "apiKey", "name": "Authorization", "in": "header" } } } }